In our risk management assessment study, 100% of the CROs we surveyed agreed that increased regulations are a key issue for risk management in financial services. Data management, data governance, and data quality—especially when related to risk reporting—are very topical. Fraud is another area seeing a lot of focus, especially in the area of operations risk, where it becomes much more difficult to quantify and manage as banks move to online channels.
Essentially, what this means is that, while obligations to comply with regulations are increasing, the banks' book size is not following at the same pace—hence the costs to manage these are putting pressure on the banks. Data quality, inefficient reporting, and fragmented systems add to the difficulty, not just from a compliance perspective but also from a business perspective. Because of a lack of proactive risk management, resources and spend get diverted to regulatory compliance. For most banks, the cost of managing risk has increased by 25% in the last three years. And while costs increase, significant time is spent on non-strategic activities—22% of risk managers' time is spent on data management, cleansing, and reconciliation, and another 22% is spent on risk reporting for internal use. There is, therefore, a need for banks to think of alternative ways to manage their spend and increase efficiency in order to keep pace with regulatory compliance issues.
As a function, model risk management is deeply affected by the above-mentioned challenges. There is now deeper scrutiny on work that is done—e.g., model documentation, model validation, relevance in the model, data in the model—which leads to increased MRAs (matters requiring attention) and MRIAs (matters requiring increased attention). For an MRIA, typically we need to remediate processes, models, and documentation within 12 months; for an MRA, no later than 18 months. One of the main challenges here is the need to reconcile finance, risk, and treasury data, which is usually not available within banks at the same level of aggregation. Once this is integrated, there is a need to maintain standards of data—the processes need to be documented and the output of data monitoring needs to be tracked. There is a need to document all the technical decisions made: Why was one particular method chose instead of another? How is the model appropriate for the portfolio? Technical documentation has expanded to include far more than the model and its output. All of the above has led to increased demands for resource allocation to regulatory activities. Regulations such as CCAR and SR – 11 bring with them specific needs requiring greater expertise, data, time, resources, and transparency of modeling processes.
Meeting these challenges means having core, niche expertise as well as an understanding of the tools and processes to assess risk. "Readymade" software brings a certain black box approach that limits the scope of model validation— one needs to balance this approach. There is a need not only to understand alternative methods and choices in model design, but also to understand and work with data.
You can view our webinar on this topic here to understand this in greater detail. We give you detailed examples on how the solutions above have generated impact for our clients.