By: Joel Pruis
When the OCC put forth the supervisory guidance on model risk governance the big focus in the industry was around the larger financial institutions that had created their own risk models. The overall intent to make sure that the larger financial institutions were properly managing the risk they were assuming through the use of the custom risk models they had developed. While we can’t say that this model risk governance was a significant issue, the guidance provided by the OCC is intended to provide financial institutions with the minimum requirements for model risk governance.
Now that the OCC and the Federal Reserve have gone through the model risk governance reviews for the largest financial institutions in the US, their attention has turned to the rest of the group. While you may not have developed your own custom scorecard model, you may be using a generic scorecard model to support your credit decisions either for loan origination and/or portfolio management. As a result of the use of even generic scorecards and models, you do have obligations for model risk governance as stated in the guidance. While you may not be basing any decisions strictly on a score alone, the questions you have to asking yourself are:
- Does my credit policy or underwriting guidelines reference the use of a score in my decision process?
- While I may not be doing any type of auto-decision, do I restrict any credit authority based upon a score?
- Do I adjust any thresholds/underwriting guidelines based upon a score that is returned? For example, do I allow a higher debt to income if the score is above a certain level?
- How long have you been using a score in your decision processes that may have become a significant influence on how you decision credit?
As you can see from the questions above, the guidance covers a significant population of the financial institutions in the US. As a result, some of the basic components that your financial institution must demonstrate it has done (or will do) are:
- Recent validation of the scorecard against your portfolio performance
- Demonstration of appropriate policy governing the use of credit risk models per the regulation
- Independence around the authority and review of the model risk governance and validations
- Proper support and documentation from your generic scorecard provider per the guidance.
If you would like to learn more on this topic, please join me at the upcoming RMA Annual Risk Management Conference where I will be speaking on Model Validation for Community Banks on Monday, Oct. 27, 9:30 a.m. – 10:30 a.m. or 11 a.m. – 12 p.m. Also, if you are interested in gaining deeper insight on regulations affecting financial institutions and how to prepare your business, download Experian’s Compliance as a Differentiator perspective paper.