Author: Adrian Maconick, Director of UK Sales and Marketing

The Prudential Regulatory Authority (PRA) has issued a new supervisory statement (SS) – “Model risk management principles for banks” in May 2023. It sets out the PRA’s expectations for banks model risk management (MRM) and is effective from 17 May 2024. Banks will need to move quicky to have revised MRM processes in place by then.

The SS applies to all regulated UK-incorporated banks, building societies, and PRA-designated investment firms.

Although most banks have MRM processes in place this is the first time that the PRA has provided detailed mandatory requirements for MRM. Even sophisticated banks will need to make changes to ensure their MRM process is consistent with the SS.

This blog entry summarizes the SS and suggests next steps for implementing SS1/23.

The document provides a discussion of key model risk ideas such as the definition of a model and model risk. It then details five core principles that banks need to follow.

In the background section, the following items are discussed:

  • Use of models
  • The relationship between quantitative methods and models
  • The nature and consequences of Model risk
  • MRM and the model lifecycle
  • Organisational structures validation and control functions.

Core principles

The core principles are:

Principle 1 - Model identification & model risk classification

Firms should have a formal definition of a model and maintain a detailed inventory of models. This should include risk assessment and detailed documentation such as the purpose of the model, its assumptions, validation documentation and who is responsible for the model.

Pinciple 2 - Governance

MRM is the responsibility of the board and they must promote understanding of model risk, set the risk appetite, receive and challenge regular reports on model risk. The principles clarify the roles of SMFs who will be closely involved.

There should be detailed policies and procedures and the SS provides a list of the key ones. Roles and responsibilities must be defined covering the entire modeling lifecycle.

There are also detailed requirements for internal audit and management of outsourced models.

Principle 3 - Model development, implementation and use

Principle 3 provides detailed guidance on the development of models including design, use of data such market data, the development process, model development testing e.g. back testing and model development documentation. It also defines requirements for model adjustments especially where expert judgement is required.

Principle 4 - Independent model validation

Firms are required to have an independent validation process responsible for independent review and revalidation of models. This includes process verification and model performance monitoring.

Principle 5 - Model risk mitigants

Where models may be under-performing there should be appropriate policies and procedures. The document sets out detailed requirements for post-model adjustments. Where appropriate firms should place restrictions on models that have deficiencies. There should also be an escalation process to ensure that stakeholders are aware of issues.

Next steps

Most banks affected by the SS will already have in place a MRM process. However, they need to make sure that their processes are fully aligned with the statement.

The PRA expects banks to conduct an initial self-assessment of their current MRM frameworks so this is a logical place to start. In upcoming blog posts, we will look at the implementation challenges in more detail.