Model Validation Mitigating Financial Model Risk: The Financial Crisis Has Revealed That Models Used to Measure Risk Often Are Unintended Sources of Risk. Regular Model Review Using a Formal Validation Process Can Restore Confidence in These Vital Business Tools
Conover, Michael, The RMA Journal
As the current financial crisis continues to unfold, questions have been raised about the use of financial models. Many now realize--albeit too late--that without periodic validation and proper oversight, the tools used to measure risk may themselves become an unintended source of risk. Fortunately, executives can take steps to monitor and mitigate model risk to ensure that their models remain a competitive advantage for their organizations.
With a Model Comes Model Risk
For years, organizations across industries have used models in key decision making, in risk management, and for financial and accounting purposes. No longer used only by large organizations, models have become indispensable and practical necessities in a complex marketplace.
Organizations build reputations on their ability to make better decisions than their competitors. One poor decision can result in lost confidence among stakeholders and a blow to a company's reputation. Model risk is defined as the adverse financial impact caused by mis-specifying, misapplying, or improperly implementing a model or spreadsheet. Today's increasingly complex and rapidly changing business environment has only increased an organization's exposure to model risk.
Recent market events have raised awareness of model risk, particularly among regulators, auditors, and boards. These bodies expect organizations to conduct periodic, objective model validations to confirm model accuracy. In fact, recent market turbulence, increased model risk, and the increased prevalence of fair-value measurements (SFAS No. 157) in financial statements have placed a regulatory magnifying glass on the model validation process itself.
Because all models have limitations and are subject to the validity of their underlying theory and assumptions, decision makers must understand the inherent limitations in the models they use, although such information is rarely communicated in policies and reporting. Senior managers at many organizations are still not fully aware of how many models they have in place, whether they remain valid, or if they are being used appropriately.
Creating Model Validation Procedures
Model validation--the practice of confirming the assumptions, theories, and data used by models, as well as the processing, output, and reporting--is one of the key ways to manage, mitigate, and control model risk. By reviewing and evaluating model assumptions and limitations, ongoing model validation can help ensure that a company's models reflect current market developments, industry trends, and internal strategic objectives.
Before beginning model validation, managers already should have completed an initial phase of model risk management to:
* Define what a model is and is not.
* Produce an inventory of all models used in the business.
* Categorize the models into usage classes.
* Rank the models according to risk, using criteria such as financial impact, existing controls, robustness, cost/ benefit, consistency, and input reliability.
The second phase of model risk management focuses on definition and application components for specific models. This includes defining the model policy, descriptions, and processes designed to minimize model risk, as well as model validation and testing. Robust model validation demands a comprehensive review of four key components of the model: information, data and assumptions, processing, and reporting.
The information component of a model validation process includes a review of documentation, policies, procedures, and governance--any information that can be used to describe the model. Policy and governance constitute an overarching view of how organizations should design, use, assign ownership to, and oversee models. Organizations often place less importance than needed on model governance, while management provides inadequate direction regarding approach, strategy, policies, and procedures. …