Model risk management (MRM) has become a major regulatory focus in the US. In contrast, it is little discussed in the UK and Europe. This is forecast to change.

Regulators are paying more and more attention to the data systems and processes – and the highly sophisticated financial and economic models – that underpin modern financial institutions and businesses.

In the US in December last year, the regulatory spotlight fell on models once again. A report published by the Office of the Comptroller of the Currency on Dodd-Frank Act-related stress-testing (OCC Reporting Form DFAST-14A) stated specifically that every bank in the US was obliged to provide a comprehensive inventory of models it used in the projection of losses, revenues, expenses, balances and risk-weighted assets or RWAs.

The idea behind risk-weighted assets, according to Investopedia, is to move away from having a static requirement for capital. Instead, it is based on the riskiness of a bank's assets. For example, loans that are secured by a letter of credit should be given a higher risk-weighting than a mortgage loan that is secured with collateral.

Among many references, the OCC report carried new, specific requirements and guidance to do with supporting documentation and supervisory expectations, stressing that:

• the documents should map the specific model/methodology to a product or line item in the DFAST-14A schedules very clearly;

• the inventory should identify, at a minimum, the name of the model, the model owner, the model's output and intended use (i.e., 'model purpose'), and dates of completed or planned validation activities; and

• the model inventory also should include significant end-user computing (EUC) applications that support projections of losses, revenues, expenses, balances, and RWAs. EUCs include spreadsheets, databases, and desktop applications (e.g., queries/scripts).

'Model risk,' then, continues to be a key issue in the US. Meanwhile, programmes such as Solvency II in Europe – which is focused largely on the use of highly complex models and databases – have ensured that it will become more of a concern for regulators and compliance folk on the other side of the Atlantic. The Prudential Regulatory Authority in the UK has already referred to the need for data validation checks with regards to Solvency II, and the use of spreadsheets and other applications in holding 'business-critical' data.

One of the most important problems that Anglo-American regulators are encountering is the fact that the resources required to run a model usually involve many technological components and manual processes that extend far beyond the model core or 'kernel'. These components often include end-user computing such as spreadsheets. The resulting complexity and dependence on manual labour increases the risk of errors. Common risks include errors in the model design; errors in running the model; weaknesses in the methods being used to update model inventories; an absence of developmental evidence to substantiate assumptions about models or changes to them; and a failure to maintain comprehensive and up-to-date model-related documents.

As a firm that helps financial institutions manage their complete model infrastructures effectively – including the use of spreadsheets and the validation of data – ClusterSeven believes that model risk management will escalate as a key business and compliance issue. We see this through the work we carry out but also from market feedback.

For instance, a recent piece of research on our part found that senior financial service-providers were worried about the risks surrounding the industry's increasing use of and reliance on financial and economic models. Four-fifths (79%) of respondents said that a high dependency on models posed a 'significant' business risk to financial institutions, with a similar number (83%) saying that model risk management was a 'significant industry challenge.'

However, only a fifth (23%) of respondents said that they were confident of the control/oversight process regarding data input and manipulation at their own firms. Only 14% thought that financial institutions in general were 'effective' at managing model risks. Despite these worries, however, only 29% reported that model risk management was a vital priority for financial institutions.

Financial models have grown in number and complexity, covering a very wide number of business requirements and processes such as securitisation, operational risk and financial reporting. In this context, it is very worrying in my view to see that only around a quarter of the people who were surveyed believed that model risk management was a priority for financial institutions.

With a growing regulatory burden, coupled with demands from others such as auditors who are constantly asking for more 'transparency' – and internal demands for firms to maximise business opportunities – model usage has become a significant focal point for a large number of people. It will be important for people whose jobs involve the management of models to get a firm grasp on these fast-growing challenges.

When asked whether they thought regulators were going to focus more and more on model risk management when assessing financial institutions' integrity, 68% of respondents to our recent survey said 'yes'.

* Ralph Baxter is available at rbaxter@clusterseven.com or on +44 20 7148 6270.