WIXLIB

Model Risk ManagementDriving the value in modellingApril 2017, Risk Advisory

CONTEXTMRMCONTENTSDELOITTEMRM OFFERCREDENTIALSCONTACTSAPPENDIXAgenda 2017 Deloitte ConseilCONTEXT1APPENDIX62

CONTEXTMRMCONTENTSDELOITTEMRM OFFERCREDENTIALSCONTACTSAPPENDIXPart 1Context 2017 Deloitte Conseil3

CONTEXTMRMCONTENTSDELOITTEMRM OFFERCREDENTIALSCONTACTSAPPENDIXHow important is model risk ?Model risk may be particularly high, especially under stressed conditionsor combined with other interrelated trigger events.LTCM – Arbitrage investment strategiesJP Morgan – The London WhaleImpacts: the hedge fund lostdepleting almost its entire capital 4.4bnin1998,Impacts: the bank made losses of 6bn and was fined What happened ? The hedge fund was established by 1bnrenowned bond traders and the main shareholdersWhat happened ? The bank’s Chief Investment included Nobel prize-winning economists (MyronOfficer was responsible for investing excess bank Scholes and Robert Merton). Investors consisted indeposits in a low-risk manner. To hedge against high net worth individuals and in financial institutions.possible downturns in the economy, the CIO bought The fund had followed an arbitrage investment strategysynthetic CDS derivatives. Initially intended as an on bonds, involving hedging against a range ofhedging strategy, this portfolio became a speculative volatility in foreign currencies and bonds, based onsource of profit and increased from 4bn in 2010 to complex models. 157bn in early 2012. However, the internal risk How is model risk involved? Arbitrage margins arecontrollers duly reported those trades as being too small and the fund took on leveraged positions torisky.maintain or increase profits. At one point, the notionalHow is model risk involved? Instead of scaling back value of the derivative position was 1.25tn. When thethe risk, the bank changed its VaR metric in early Russian crisis kicked off in 1998, European and US2012. But there was an error in the spreadsheet used markets fell drastically and LTCM was badly hit throughfor that purpose and the risk was understated by 50%. market losses and fire sales.This error enabled the portfolio to continue growing,but the bank was then hit by the European sovereigndebt crisis.Market risk regulatory pre-crisis modelsImpacts: the VaR metrics used before the outburst of the financial crisis did not adequately capturetail-risk events, credit risk events as well as market illiquidity.What happened ? When the financial crisis arose, essentially driven by credit risk events, a largenumber of banks posted daily trading losses many times greater than their VaR estimates and quitefrequently during that period, in a context where some financial markets became largely illiquid.CDO / MBS – 2007 subprime mortgagecrisisImpacts: one of the main cause and source of losses inthe 2007 financial crisis. As-of Sept. 2008, bank writedowns and losses totaled 523bn.What happened ? Rating agencies had provided a AAArating to a significant portion of securities backed bypools of loans including a significant proportion of loansto homebuyers with bad credit and undocumentedincomes (subprime mortgage loans)How is model risk involved? Between 2002 and 2007,the mortgage underwriting standards had significantlydeteriorated. However those loans bundled into MBS andCDO with high ratings which were believed justified bycredit enhancement techniques. Investors relied on ratingagencies, blindly in many cases. However, a significantportion of AAA CDO and MBS tranches were finallydowngraded to junk in 2007 and early 2008, once thehousing bubble burst in the 2006 H2.The US Financial Crisis Inquiry Commission found thatagencies' credit ratings were influenced by "flawedcomputer models, the pressure from financial firms thatpaid for the ratings, the relentless drive for market share,the lack of resources to do the job despite record profits,and the absence of meaningful public oversight”.How is model risk involved? The market risk model was build upon assumptions that were notreflective of the real world in stressed financial markets (assuming market liquidity and largediversification effects across asset classes, etc.). In addition, tail credit risk events were notadequately modelled, hence underestimating possible losses in stressed conditions. 2017 Deloitte Conseil4

MRMCONTENTSCONTEXTDELOITTEMRM OFFERCREDENTIALSCONTACTSAPPENDIXMain regulatory references on MRMOCC 2000-16First Definitionof models andmodel riskBCBS 2010-112006 CEBS GL 10New ValidationRequirementsIntroduction of aLeverage Ratio asa safeguardagainst Model RiskCRD IV/CRR2013 – 36Bank IT CircularRecommendation285/2013WManagement BodyTechnical criteriamust understand allconcerning theon Model Riskorganisation and of the business risks, management in bankstreatment of risks including model risk TRIMGuideFeb-2017What aboutthe futureregulatoryframework?BCBS 2004-06Valuationadjustments [ ]where appropriate,model Risk.Bank of Spain2008-14Banks need toconsider valuationadjustments forModel RiskOCC-Fed2011-12SR - 11 - 7First SupervisoryGuidance on MRMEBA RTS 2013on PrudentValuationValuationadjustments onMR QuantificationEBA SREPCP/2014/14Integration ofModel Risk aspart of Pillar IITRIMPRARTS/2016/03Stress Test ModelManagementPrinciplesStructure of 3lines of defenceSSM, EBA, ECB to focus their regulatory efforts on Model RiskManagement framework. 2017 Deloitte Conseil5

CONTEXTMRMCONTENTSDELOITTEMRM OFFERCREDENTIALSCONTACTSAPPENDIXRegulatory references in the EUCRD IV / CRRDefines Model Risk (Art. 3.1.11) and the process by which the Competent Authorities shouldassess how the institutions manage and implement policies and processes to evaluatethe exposure to Model Risk as part of the Operational Risk (Art. 85).Guidelines onSREPThe ‘Guidelines on common procedures and methodologies for the supervisory review andevaluation process’ define the main activities that the Competent Authorities shouldassess in the institution’s exposure to model risk arising from the use of internalmodels in its main business areas and operations. In particular, the Competent Authoritiesshould consider to what extent, and for which purposes, the institution uses models to makedecisions and its level of awareness (Management Body and Senior Management) of andhow it manages model risk.According to SREP Guidelines, the model risk can be split into two distinctforms of risk with two different impacts risk profiles.Form of risks1"Risk relating to the underestimation of own fundsrequirements by regulatory approved models(e.g. internal ratings-based (IRB) models for creditrisk)”2“Risk of losses relating to the development,implementation or improper use of any othermodels by the institution for decision-making(e.g. product pricing, evaluation of financialinstruments, monitoring of risk limits, etc.)” 2017 Deloitte ConseilRisk profile“Competent authorities should consider the modelrisk as part of the assessment of specific risks tocapital (e.g. IRB model deficiency is considered aspart of the credit risk assessment) and for thecapital adequacy assessment”“Competent authorities should consider the risk aspart of the assessment of operational risk” and itshould be evaluated within this perimeter6

CONTEXTMRMCONTENTSDELOITTEMRM OFFERCREDENTIALSCONTACTSAPPENDIXRegulatory references in the USThe Federal Reserve and the Office of the Comptroller of the Currency (OCC) collaborated inpublishing the Supervisory Guidance on Model Risk Management (OCC 2011-12/SR11-7),which has emerged as the key regulatory guidance for model risk management andvalidation in the US and lays out the basic principles for model risk management:Governance, Policies andControls PolicyModel DefinitionInventoryControlsRoles & ResponsibilitiesDocumentationModel Risk RatingModel Risk AggregationChange Control ProcessEffective ChallengeUse of VendorsStakeholder CredentialsLife-Cycle ProcessesRegulatory Interpretation 2017 Deloitte ConseilDevelopment,Implementation and Use Design ProcessData AssessmentModel TestingDocumentationModel LimitsModel Risk RatingUse vs. IntentionProcess for ProgrammingIncorporating in NetworkDesigning ControlsTesting ImplementationDocumentationModel Error ProcessModel Validation Process Validation ProceduresDocumentationFindings ResolutionNature of MonitoringExtent of MonitoringFrequency of MonitoringRecalculation proceduresConceptual soundnessOutcomes analysisSensitivity analysisDocumentationModel Error Process7

MRMCONTENTSCONTEXTDELOITTEMRM OFFERCREDENTIALSCONTACTSAPPENDIXImpact of the New Regulations and Standards Impact FRTBThe FRTB includes updates to both the advanced andstandardized models as well as stricter disclosurerequirements and validation standards. Impact IRBEBA Guidelines on PD, LGD estimation and treatment ofdefaulted asset as well as new default definition, conservatismmargins, NPL assessment, rating process. Impact of Stress tenMoreAuditabilityGovernanceand ControlsMore InternalCooperationMoreImpairmentsMore FinancialImpactMore ComplexCalculationsNew stress testing methodology and principles defined by thePRA and EBA. Impact of IFRS9The introduction of the IFRS 9 Impairments standard isdemanding that banks use a new set of credit risk models;these models must be developed, deployed and maintained,which will literally double the number of Risk parametersmodels to manage. ECB TRIM GuideThe MRM framework should include:(a) A model inventory that allows a holisticunderstanding of their application andusage;(b) Guidelines on identifying and mitigatingtheareaswheremeasurementuncertainty and model deficiencies areknown;(c) Definitions of roles and responsibilities; 2017 Deloitte Conseil(d) Definitionofpolicies,measurementprocedures and reporting.8