Site Map | Text Size:
|Home||About the OCC||News and Issuances||Publications||Tools and Forms||Topics|
OCC BULLETIN 2011-12
Subject: Sound Practices for Model Risk Management
Date: April 4, 2011
To: Chief Executive Officers of All National Banks, Department and Division Heads, and All Examining Personnel
Description: Supervisory Guidance on Model Risk Management
As of January 12, 2012, this guidance applies to federal savings associations in addition to national banks.*
The Office of the Comptroller of the Currency (OCC) has adopted the attached Supervisory Guidance on Model Risk Management. This guidance, developed jointly with the Board of Governors of the Federal Reserve System, articulates the elements of a sound program for effective management of risks that arise when using quantitative models in bank decision making. It also provides guidance to OCC examining personnel and national banks on prudent model risk management policies, procedures, practices, and standards.
This new supervisory guidance replaces Bulletin OCC 2000-16, “Model Validation,”dated May 30, 2000. While the elements of OCC 2000-16 are fully consistent with this guidance, the new guidance incorporates the accumulated lessons of supervisory experience and industry practice over the past decade. Model validation remains at the core of the new guidance, but the broader scope of model risk management encompasses model development, implementation, and use, as well as governance and controls related to models.
Banks routinely use models for a broad range of activities, including underwriting credit; valuing exposures, instruments, and positions; measuring risk; managing and safeguarding client assets; and determining capital and reserve adequacy. In recent years, banks have applied models to more complex products and with more ambitious scope, such as enterprise-wide risk measurement. Changes in regulation, particularly the new regulatory capital rules based on the framework developed by the Basel Committee on Banking Supervision, have spurred some of the recent developments.
Models can improve business decisions, but they also impose costs, including the potential for adverse consequences from decisions based on models that are either incorrect or misused. The potential for poor business and strategic decisions, financial losses, or damage to a bank’s reputation when models play a material role is the essence of “model risk”.
Model risk should be managed like other types of risk: Banks should identify the sources of that risk, assess its magnitude, and establish a framework for managing the risk. The extent and nature of the risk varies across models and banks; risk management should be commensurate with the nature and scope of the risk. Model risk management should include disciplined and knowledgeable development and implementation processes that are consistent with the context and goals of model use and with bank policies.
Banks should objectively assess model risk using a sound model validation process, including evaluation of conceptual soundness, ongoing monitoring, and outcomes analysis. Model usage provides opportunities to test whether a model is functioning effectively and assess its performance over time. A central principle for managing model risk is the need for “effective challenge” of models: critical analysis by objective, informed parties who can identify model limitations and assumptions and produce appropriate change. Effective challenge depends on a combination of incentives, competence, and influence.
Model risk can be diminished but not eliminated, so other tools should be used to manage model risk effectively. Among these are establishing limits on model use, monitoring model performance, and supplementing model results with other analysis and information. A strong governance framework around model development, implementation, and use provides explicit support and structure to risk management functions through allocation of resources, policies that define relevant risk management activities, procedures that implement those policies, and compliance mechanisms. Internal audit staff play a key role in verifying that acceptable policies are in place and are followed. Comprehensive documentation helps make model risk assessment and management effective and promotes continuity of operations, compliance with policy, and tracking of recommendations, responses, and exceptions.
National banks should ensure that their model risk management policies, procedures, and practices are consistent with this supervisory guidance. Practical application of this guidance should be commensurate with a bank’s risk exposures and business activities, and with the extent and complexity of model use.
For further information, contact Market Risk (202) 649-6360.
*References in this guidance to national banks or banks generally should be read to include federal savings associations (FSA). If statutes, regulations, or other OCC guidance is referenced herein, please consult those sources to determine applicability to FSAs. If you have questions about how to apply this guidance, please contact your OCC supervisory office.