THE BANGKO SENTRAL ng Pilipinas (BSP) plans to put in place guidelines to manage potential risks from financial institutions’ use of models for their business decisions or analysis.
“The BSP recognizes the increasing reliance on models for quantitative analysis and critical business decisions within BSP-supervised financial institutions (BSFIs). The growing adoption of sophisticated models amplifies model risk, which can stem from flaws or limitations in the design, development, implementation, or use of models,” the central bank said in a draft circular posted on its website.
“The proposed policy emphasizes the importance of effective model risk management to mitigate potential adverse outcomes, such as financial losses, suboptimal strategies, and reputational damage — all of which can result from model-related risks.”
The proposed Model Risk Management (MRM) guidelines, if approved, will become part of rules on operational risk management and resilience that cover both banks and nonbank financial institutions.
The central bank said BSFIs that use models must have “sound and comprehensive” MRM frameworks that are appropriate for their size, operational complexity, risk profile, and extent of model usage.
“Overall, the MRM guidelines aim to strengthen the operational resilience and risk management practices of BSFIs, aligning with international standards and domestic practices to mitigate potential adverse outcomes associated with model use.”
The draft defines a model as a “quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions, including artificial intelligence and machine learning, to process input data into output.”
It is made up of input, processing, and output components, which involve the use of data, assumptions and scenarios to make forecasts or predictions that financial institutions can use for their business decisions.
“Models are essential instruments underpinning critical functions, including risk and capital assessment, pricing strategies, and regulatory compliance. The inherent limitations of models and the potential for error or misuse give rise to model risk, which, if unmanaged, can lead to significant financial losses, undermine strategic decision-making, and damage reputation,” the central bank said.
Models should have clear objectives and should only be used for their intended purpose, it said.
BSFIs must put in place measures to identify, measure, and control model risks, it said. Such risks refer to potential adverse outcomes from decisions based on “compromised” models, which could be due to errors like flawed designs, assumptions, or methodologies.
Their MRM frameworks should cover the management of model risks throughout their entire lifecycle, including model governance, development, validation, implementation, use, and ongoing monitoring, the BSP said.
These should also include mechanisms for the identification, measurement, mitigation, monitoring, as well as reporting of model risks at both the BSFI and banking group or conglomerate levels.
“Larger and more complex BSFIs that rely on sophisticated models are expected to implement a more comprehensive MRM framework. The principle of proportionality should guide the selection criteria for model tiering, governance, and activities related to model development, validation, implementation/use, and monitoring,” the BSP said.
BSFIs must have a model governance structure covering management oversight; policies and procedures; roles and responsibilities of model owners or sponsors, users, developers, and validators; and internal controls, including risk and control, compliance, and independent review functions.
Institutions using vendor-provided models or third-party products for any model component should also have controls in place to manage potential risks.
They should also maintain an inventory of all their models. Banks should also categorize models in their inventory based on their corresponding risk exposures. “This categorization… enables the prioritization of model risk management procedures and the allocation of resources to models posing higher risk and impact.”
“Model validation should be performed prior to model implementation and periodically thereafter through ongoing monitoring. Initial model validation confirms conceptual soundness and adherence to required standards, while post-implementation validation focuses on continuous monitoring and performance assessment in the operational environment,” the BSP added.
“High-risk models should be validated at least annually, and more frequently if warranted by changes in business strategies, the BSFI’s risk profile, or the external environment, upon material model changes or modifications, and when new data or modeling approaches become available. Triggers should be established to identify the need for more in-depth review outside the regular cycle.”
Monitoring is necessary to ensure that models remain appropriate for their intended purpose, the central bank added.
“BSFIs should conduct ongoing model monitoring to assess the model’s validity and the necessity for adjustment, redevelopment, decommissioning, or replacement… This stage should include analysis of overrides, which indicate model limitations or unintended performance. BSFIs should evaluate, track, and analyze the reasons for overrides. A high override rate or consistent performance improvement through overrides often indicates the need for model revision, enhancement, or redevelopment.”
As for risk mitigation strategies, financial institutions should ensure that models operate within their risk appetite and should include short- and long-term action plans, including restrictions or limits on model use or adjustments in the models themselves, the BSP said.
The central bank will review BSFI’s MRM frameworks and how effectively they are able to manage the risks that come from the use of models.
The proposal provides a two-year transitory period. “Within the first year, BSFIs are expected to develop an implementation program, which includes a detailed plan of action with specific timelines and the status of initiatives undertaken to develop their respective MRM framework,” the BSP said. — BVR
