As the financial landscape continues to evolve, institutions face an increasing reliance on models for risk management and stress testing. However, the use of models inherently carries a risk of error and potential loss. To address this concern, the Office of the Superintendent of Financial Institutions (OSFI) has released a draft Enterprise-Wide Model Risk Management Guideline, commonly known as Guideline E-23. This blog post aims to provide model risk managers and chief risk officers with a clear understanding of Guideline E-23 and its implications for their organizations.
Understanding Guideline E-23
Guideline E-23 establishes a standardized approach to enterprise-wide model risk management, ensuring that institutions of all sizes, complexities, and risk profiles have a baseline understanding of the minimum expectations for their use of models. It applies to banks, foreign bank branches, bank holding companies, federally regulated trust and loan companies, and cooperative retail associations.
Scope and Applicability
An enterprise-wide view of risk implies that modeling is used across an institution for various applications such as regulatory capital models, internal risk management models, valuation/pricing models, and business decision-making models. Guideline E-23 applies to all models that have a material impact on an institution’s risk profile.
Prudent Practices and Responsibilities
Guideline E-23 outlines minimum prudent practices for model development, review, approval, use, and modification. Institutions are responsible for developing a consistent set of policies and procedures to identify, assess, manage, and control the risks associated with modeling based on the principles outlined in the guideline. The guideline acknowledges the specific challenges faced by small and medium-sized institutions and distinguishes between institutions approved to use internal models for regulatory capital purposes (IMAIs) and those that are not (SIs).
Key Characteristics of an Enterprise-Wide Model Risk Management Framework
To align with Guideline E-23, institutions should establish the following key characteristics within their model risk management framework:
- Appropriate governance systems over model usage;
- Model materiality classifications and limitations;
- Policies and processes for model selection and development;
- Independent vetting and ongoing validation/review processes;
- Change control processes governing the model’s life cycle;
- Internal audit functions to assess model risk management;
- A model inventory to catalog the type, classification, and performance of all models.
International Standards and Best Practices
Other major jurisdictions have already implemented standards and best practices for managing and controlling the use of models. As the banking market evolves and internal models become more prevalent, the codification of these standards becomes increasingly important.
Integration with Corporate Governance
Institutions are expected to integrate the governance and implementation of Guideline E-23 into their overall governance framework established under OSFI’s Corporate Governance Guideline, taking into account the institution’s size, complexity, and risk profile.
Guideline E-23 serves as a comprehensive framework for model risk management, providing institutions with a common standard to mitigate the inherent risks associated with modeling. By aligning their practices with Guideline E-23, model risk managers and chief risk officers can enhance their institution’s risk management capabilities and ensure compliance with regulatory expectations. As the financial landscape evolves, embracing Guideline E-23 becomes essential to foster a resilient and robust risk management culture within organizations.
How We Can Help
Model Risk Management on Connected Risk is a robust platform that allows you to manage and meet all of the obligations set within Guideline E-23 from the OSFI. If you’re looking to meet regulatory requirements and obligations, our solution is the standard for your financial institution. Get started today using the form below, or learn more on our Guideline E-23 information page.