[Ankush and Gargi are students at National Law University Odisha.]
It was 2007 when the Lehman Brothers, a titan of the banking industry, filed for the largest bankruptcy in the history of the USA. The reason for the biggest corporate disaster was concluded to be the complex credit models that were used by the firm to manage their portfolio risk. These credit risk models inaccurately underestimated the probability of mortgage defaults in such a manner that it not only led to the bankruptcy of Lehman brothers but also brought a wave of a global financial crisis leading to the worst widespread economic hardship of the era. In the context of financial services, model risk is termed as a risk of loss which results from using inaccurate models which are used by many people especially in valuing financial securities. Model risk management is essential for supervision of risks from the future unfortunate consequences of certain decisions that are based on incorrect models.
On 5 August 2024, the Reserve Bank of India (RBI) made a regulatory update that will echo throughout every financial institution in the country. This new daft circular lays down explicit and comprehensive guidelines for the management of model risk in credit. With credit decisions being made in an environment increasingly dominated by complex algorithms and data-driven models, the RBI’s directions assume primal significance for entailing robust risk management frameworks to ultimately salvage stability and integrity within the financial system. This article delves into the key aspects of these new regulatory guidelines, their implications, and offers insights into how financial institutions can effectively navigate these changes.
Credit Risk Models: Necessary Compliance
Data drives the credit risk models. These include regulatory compliance, vulnerability discovery tools and model accuracy. There have been new ways of doing things such as data science and big data that lenders have started using in credit portfolio management and risk modeling. Due to the exponential growth of data, this has made many lenders think about other sources apart from credit reports. Nonetheless, this is still necessary for risk evaluation and modeling purposes.
Besides social media, cell phones, digital platforms and open banking are also underpinning this transition since they provide more information. The most recent Machine learning and Artificial approaches enable analysts and modelers to get deeper insights from this data. Today, core credit file data is used for risk modeling as a usual practice. By leveraging this huge collection of information to develop credit models, the lenders can assess default risks thus providing accurate portfolio management outcomes as well as adjudication results. “Banks should use measurement techniques that are appropriate to the complexity and level of the risks involved in their activities, based on robust data, and subject to periodic validation,” states Basel Committee on Banking Supervision’s set of guidelines for credit risk management.
Impact on Regulated Entities: Opportunities and Challenges
This urgency of these new regulations is driven by the growing use of complicated credit decision making AI models. These models improve efficiency and accuracy, but also create great risks unless they are properly managed. A number of underperforming models along with their financial consequences have highlighted the need for increased regulatory oversight. The RBI intends to protect the banking system from possible model-specific weakness with these guidelines.
For banks and similar institutions, the new rules create opportunities as well as challenges. On one hand, embracing them enhances model reliability, risk management and adherence to regulatory norms which, in turn; helps build a strong brand name and secure stability for any institution. Nonetheless, other stumbling blocks exist such as: higher operating costs incurred by Regulated Entities (RE) due to specialized skills needed; time spent in overhauling existing frameworks of models developed over time among others. Nevertheless, it is expected that in spite of some initial implementation hitches, long term benefits outweigh first installation problems inherent in building sound model risk processes.
Third-Party Models: Ensuring Accountability
Through the draft circular, REs have been given the dual option of either developing the risk model internally or source it from external third-party suppliers. In situations where the REs opt for sourcing the model externally, they are bound to ensure that the approach regarding adoption and usage of the third party model is covered by the board approved policy. The introduction of board approved policy is done with the intention to keep a check on whether the REs are carrying out the necessary assessments such as validation to assess the robustness of the third party model as ultimately the REs would be responsible and accountable for the integrity and outcomes derived from the model. The accountability associated with the power to regulate the use of risk models essentially balances interest as it is likely to subject REs to more careful scrutiny in cases of risk model failure.
The accountability in the process of outsourcing third party models has further been strengthened by the requirement of contractual agreement with the third parties which would ensure that the REs have access to minimal technical documentation with regard to the design, configuration or operation of the model to provide them with reasonable understanding of the model. The reasonable understanding of the model derived through the documentation would assist the REs in comprehensively detecting the failure and further act accordingly to overcome the failure or error in the risk model. Additionally, the RBI has mandated the requirement of supervisory evaluation in instances of sourcing from third parties which can be carried out by the RBI officials or externals engaged for the purpose of the same.
Model Validation Framework: Building Trust and Confidence
The Introduction of Model Validation Framework seeks to ensure that the trust and confidence is built with respect to the usage of risk models. Through this framework an independent validation process would be put in place to assess the robustness of the model which would ensure that only reliable models are validated so that the integrity associated with the validation process is not compromised. The possible objective behind the introduction of the validation process is to ensure that ‘models are performing as expected, in line with their design objectives and business uses.’ The validation process is effectively segregated into three stages of pre-deployment, post-deployment and periodic review, further these stages are independent of the model development process. The validation results derived from these stages are reported to the Board's Risk Management Committee for ongoing oversight. The introduction of the Risk Management Committee of the Board (RMCB) is a welcome development from the previous guidance note (2002) since it has effectively come up with a nodal committee in place of multiple committees that previously were recommended to oversee the model validation process. The RMCB shall compare the result of the validated outcomes with the benchmark prescribed in the policy to assess the limitations and weaknesses of the model and to look for a measure to mitigate the same. The Indian and Banking Finance Report (2022) had previously prescribed certain prerequisites to make the validation process more effective. Firstly, the presence of an “unique” owner, carrying out the validation process independently from model development or by involving external validators to have an unbiased opinion which is an essential component of trust. Secondly, the report emphasizes the need of a meaningful validation to ensure that there is improvement in the robustness of the model over time.
RBI’s Watchful Eye and the Path Towards Compliance
The RBI has been entrusted with the responsibility of ensuring that the financial stability and efficiency of the Indian financial system is maintained. The RBI, by virtue of its supervisory review, has the responsibility of reviewing various credit risk models deployed by REs and thus is a vital limb of the validation process. In the context of model review, the RBI has to ensure that these models are robust and reliable, and they comply with the existing regulatory standards. The supervisory role of RBI is not just limited to the pre-deployment stage of the model but further extends to the responsibility of periodic reviews which shall be carried out at least on a yearly basis. There may be certain instances where the REs can deploy external experts for the purpose of validating the model, these situations are more likely to occur when there is a heightened supervisory risk perception such as economic condition and specific concerns with respect to robustness and reliability of the model. The draft circular with the intention of promoting integrity and to potentially mitigate conflict of interest has provided RBI with the option to consult external experts to validate or review the models which are developed or used by the REs. The participation of external experts in the model validation framework will allow for a thorough review of the model which would further ensure objective validation and credibility of the model.
Comments