July 11, 2024

Implementation Guide for SS1/23 (Model Risk Management)

Basel 3.1
Listen to this article

Introduction

The Prudential Regulation Authority (PRA) Supervisory Statement (SS) 1/23 outlines the expectations for model risk management (MRM) in UK-incorporated banks, building societies, and PRA-designated investment firms.

This SS was published on 17 May 2023. Firms should aim to complete the initial self-assessment and develop remediation plans before the policy takes effect on May 17, 2024. Continuous updates and annual reviews of self-assessments and remediation plans are necessary to maintain compliance and address any emerging issues.

This document summarizes the key principles and provides a step-by-step guide to implement SS1/23 effectively.

 

Principles of SS1/23

SS1/23 is built around five high-level principles designed to cover all elements of the model lifecycle. These principles aim to ensure firms have robust policies, procedures, and practices to manage the risks associated with model use.

  1. Model Identification and Classification
  2. Governance
  3. Model Development, Implementation, and Use
  4. Independent Model Validation
  5. Model Risk Mitigants

 

Detailed Steps for Implementation

Step 1: Conduct Initial Self-Assessment

Before the policy comes into effect (on 17 May 2024), firms must conduct an initial self-assessment of their current MRM frameworks against the principles outlined in SS1/23.

  • Review Current Frameworks: Assess existing policies, procedures, and practices related to model risk management.
  • Identify Gaps: Compare current frameworks with SS1/23 requirements to identify gaps and areas for improvement.
  • Prepare Remediation Plans: Develop plans to address identified shortcomings, including timelines and responsible individuals.

Step 2: Establish a Model Definition and Inventory

Create a comprehensive model inventory to track all models, including those under development and decommissioned.

  • Adopt PRA Model Definition: Ensure all models fit within the PRA’s definition, which includes quantitative methods that process input data into output using statistical, economic, financial, or mathematical theories.
  • Maintain Inventory: Capture details such as model purpose, assumptions, limitations, validation findings, and governance details in the inventory.

Step 3: Implement Risk-Based Model Tiering

Prioritize validation and risk controls through a model tiering approach based on model materiality and complexity.

  • Assess Materiality: Consider both quantitative measures (e.g., exposure, market value) and qualitative factors (e.g., model’s importance to business decisions).
  • Evaluate Complexity: Assess risk factors related to input data quality, methodology, implementation, and usage frequency.

Step 4: Strengthen Governance and Accountability

Establish strong governance structures with clear roles and responsibilities.

  • Board Involvement: Ensure the board of directors approves MRM policies and appoints an accountable senior management function (SMF) for MRM.
  • Define Roles: Clearly document the roles and responsibilities for model owners, users, developers, and validators.
  • Internal Audit: Conduct periodic reviews by Internal Audit to ensure the effectiveness of the MRM framework and compliance with policies.

Step 5: Develop Robust Model Development and Use Standards

Create and enforce standards for model development, including design, implementation, and performance measurement.

  • Statement of Purpose: Define clear objectives for each model, ensuring design suitability and alignment with intended use.
  • Data Usage: Verify the suitability, quality, and relevance of data used in model development.
  • Model Testing: Perform regular testing of model data, constructs, assumptions, and outcomes to identify and remediate limitations.

Step 6: Establish Independent Model Validation

Ensure ongoing, independent, and effective challenge to model development and use.

  • Independent Review: Conduct thorough reviews covering model inputs, calculations, outputs, and conceptual soundness.
  • Process Verification: Verify that model processes and systems are operating as intended and meet internal data quality standards.
  • Ongoing Monitoring: Continuously monitor model performance against pre-defined thresholds and conduct periodic revalidations.

Step 7: Apply Model Risk Mitigants

Develop policies and procedures for addressing model limitations and ensuring models remain fit for purpose.

  • Post-Model Adjustments: Implement a consistent process for applying adjustments to models to compensate for limitations and uncertainties.
  • Restrictions on Use: Place restrictions on model use when significant deficiencies or performance issues are identified.
  • Documentation and Reporting: Maintain comprehensive documentation of all adjustments, limitations, and remediation actions, ensuring transparency and accountability.

 

Conclusion

Implementing SS1/23 requires a strategic approach to MRM, focusing on comprehensive governance, rigorous model development and validation processes, and effective risk mitigation strategies. By following these steps, firms can ensure they meet PRA’s expectations and strengthen their model risk management frameworks.