Model risk management requires a high level of responsibility and stepped-up efforts concerning model governance and model approval, model documentation and testing, ongoing performance monitoring, and proper management of the changes that occur in the model to complete the entire process of the model lifecycle.
Model risk in financial institutions should be managed throughout the model lifecycle. This process is made by the three lines of defence: the first line of defence (Model Developers, Model Owners, Model Users and Model Landscape Architects), the second line of defence (Model Validation and Model Governance), and the third line of defence (Internal Audit).
A typical model lifecycle consists of seven stages:
01 Model proposal:
The first line of defence needs to understand what are the business requirements to implement. Afterwards, the second line of defence identifies any potential risks in introducing this new model.
02 Model development:
In this stage, the first line of defence starts gathering data, formatting and cleaning the data. Afterwards, different modelling approaches are tried and based on the results, the final model is selected. Lastly, the methodology of calibrating or training the algorithm needs to be defined and implemented.
03 Pre-validation:
The model needs to be tested rigorously by the first line of defence and the results must be documented.
04 Independent review:
At this stage, the second line of defence analyzes all documentation that has been submitted until this moment. If the independent review is successful, the model life cycle process moves to stage 5 – Approval. If issues are detected, the process is moved back to the first line of defence where additional information needs to be generated.
05 Approval:
Approvals are gathered by all stakeholders.
06 Implementation:
A technical team implements the model into the production systems.
07 Validation & Reporting:
In this last step, the second line of defence performs a final review of the model as it has been implemented in the production system to see if the model works as expected. If the model passes the validation, then it goes into production. Once the model is run in production, it will be monitored (which is typically a first line of defence responsibility).
Finally, whenever improvements or modifications are necessary for an already productionized model, the model enters the same lifecycle process again.