How to Comply with SR 11-7: Guidance on Model Risk Management

December 14, 2022

About SR 11-7: Guidance on Model Risk Management 

SR 11-7: Guidance on Model Risk Management is a document issued by the Federal Reserve Board that provides guidance and regulatory expectations related to model risk management. The guidance defines model risk as the risk of incorrect or inappropriate model usage, incorrect model outputs, or model implementation errors. It outlines how financial institutions should design, implement, and maintain a comprehensive model risk management (MRM) framework. The framework should include a set of model risk management policies and procedures that cover all aspects of model development and usage. It should also include an independent model risk oversight process, model validation and review process, model risk reporting, and monitoring processes. The guidance also provides expectations on model governance, data quality, model development processes, model validation, model risk management policies and procedures, model risk oversight, and model risk reporting. The guidance emphasizes that the MRM framework should be consistent with an institution’s risk management culture and be tailored to the institution’s business strategy, products, services, and risk profile. 

What constitutes a model? 

A model, as defined by SR 11-7: Guidance on Model Risk Management1, is a set of software tools and techniques used to generate outputs based on certain inputs. This definition covers a wide range of models including those created in MS Excel and AI/ML models. The three phase process described in SR 11-7—building, validating, and governing—provides a systematic way for organizations to structure their model risk management practices. The guidance set forth in SR 11-7 is especially important when dealing with AI/ML models due to the black box nature of these models and their potential for introducing significant risks. By following SR 11-7, organizations can ensure they are properly managing their model risk. 

Why complying with SR 11-7 is important 

SR 11-7 is important because it provides guidance and regulatory expectations related to model risk management. Financial institutions need to have a comprehensive MRM framework2 in place to ensure that models are developed and used appropriately, and that model outputs are accurate and reliable. The guidance outlines what should be included in the framework and emphasizes the importance of having an independent model risk oversight process, model validation and review process, model risk reporting, and monitoring processes. These processes are essential for ensuring that models are properly developed, validated, and monitored, and that model risk is managed effectively. By guiding model risk management, SR 11-7 enables financial institutions to better manage their model risk and ensure that their models are producing accurate and reliable outputs. 

Who should comply with SR 11-7 

SR 11-7 should be paid attention to by financial institutions that use models to make decisions or manage risk. The guidance provides expectations and guidance related to model risk management, which is essential for ensuring that models are being developed and used appropriately, and that model outputs are accurate and reliable. All financial institutions that use models should ensure that they have a comprehensive MRM framework in place that meets the expectations outlined in SR 11-7. This includes having an independent model risk oversight process, model validation and review process, model risk reporting, and monitoring processes. By paying attention to SR 11-7, financial institutions can ensure that their models are being developed and used appropriately, and that model risk is being managed effectively. 

What are the penalties for violating
SR 11-7

Violations of SR 11-7 can lead to regulatory penalties for financial institutions. The Federal Reserve Board or other financial regulatory bodies may impose civil money penalties, issue cease-and-desist orders, or take other enforcement actions against institutions that fail to comply with the guidance. These actions may include ordering the institution to make improvements to its model risk management framework or requiring the institution to pay fines or penalties. Additionally, failure to comply with SR 11-7 may lead to reputational damage, as well as potential losses due to inaccurate or unreliable model outputs. Therefore, financial institutions need to take SR 11-7 seriously and ensure that they have a comprehensive MRM framework in place that meets the expectations outlined in the guidance. 

Developing an MRM Framework 

In order to comply with SR 11-7, financial institutions must develop a comprehensive Model Risk Management (MRM) framework. This framework should be tailored to the institution’s business strategy, products, services, and risk profile. It should also include an independent model risk oversight process, model validation and review process, model risk reporting, and monitoring processes. 

The model risk oversight process should be designed to ensure that the institution’s models are developed and used appropriately and that model outputs are accurate and reliable. This process should involve both internal staff with appropriate technical expertise as well as independent third parties with subject matter expertise. The model validation and review process should include verifying the accuracy and completeness of model development, testing the models against historical data, assessing the performance and accuracy of model outputs, and monitoring changes in model parameters. 

Model risk reporting should provide timely information regarding the risk profile of the institution’s models and should be tailored to meet the needs of various stakeholders including senior management, regulators, business units, and other internal and external parties. Finally, the institution should have a monitoring process to ensure that any changes in the model parameters are tracked and reported. This should include regular testing of the models against new data sets as well as ongoing assessments of model performance and accuracy.  

By having a comprehensive MRM framework in place that meets the expectations outlined in SR 11-7, financial institutions can ensure that their models are being developed and used appropriately and that model risk is being managed effectively.  

How automation platforms like Krista build MRM frameworks 

Automation platforms can help financial institutions comply with SR 11-7 by automating various model risk management processes. These platforms can help automate model validation, model risk oversight, model risk reporting, and monitoring processes, as well as other activities such as model development and data quality. Automation platforms can also provide analytics and dashboards to help institutions identify, analyze, and monitor model risks. By leveraging automation platforms, financial institutions can ensure that their MRM framework meets the expectations outlined in SR 11-7 and that they are properly managing model risk.

Sources:

  1. SR 11-7: Guidance on Model Risk Management, US Federal Reserve System
  2. Model Risk Management (MRM), Deloitte
Close Bitnami banner
Bitnami