Model Risk Governance Practices
Model Risk Governance Practices
Model risk governance ensures that derivative pricing models are developed, validated, and monitored according to regulatory expectations and internal standards. The framework covers model inventory, validation cadence, change management, and escalation procedures.
Policies and Framework
The model risk policy establishes:
Scope: All models used for pricing, valuation, risk measurement, or regulatory capital. This includes option pricing models, volatility surfaces, yield curves, and scenario generators.
Ownership: Each model has a designated business owner responsible for intended use and a model developer responsible for implementation. An independent validation function reviews all models before production use.
Documentation requirements: Every model must have a model specification document covering methodology, assumptions, inputs, limitations, and intended use. Updates require version control and approval.
Tiering framework:
| Tier | Criteria | Validation Frequency | Documentation |
|---|---|---|---|
| 1 (Critical) | P/L impact >$10M, regulatory capital | Annual full validation | Full model spec |
| 2 (Material) | P/L impact $1-10M | Biennial validation | Standard spec |
| 3 (Routine) | P/L impact <$1M | Triennial or trigger-based | Light spec |
Critical models receive the most scrutiny. New products or material changes trigger out-of-cycle review.
Control Framework
Controls operate at multiple levels:
Development controls:
- Code review before production deployment
- Unit testing with known benchmarks
- Regression testing against prior version
- Sign-off from development lead
Validation controls:
- Independent replication of key calculations
- Benchmark comparison (QuantLib, published papers)
- Sensitivity and stress testing
- Conceptual review of methodology
Ongoing monitoring controls:
- Daily pricing exception reports
- Monthly calibration performance review
- Quarterly backtesting against realized outcomes
- Annual full validation refresh
Change management: All model changes flow through a formal process:
- Change request submitted with rationale
- Impact assessment (pricing, risk, capital)
- Validation review if material
- Testing in non-production environment
- Approval from model governance committee
- Deployment with rollback plan
- Post-implementation monitoring
Escalation and Remediation
Finding severity levels:
| Severity | Definition | Remediation SLA |
|---|---|---|
| Critical | Material pricing error, regulatory breach | 5 business days |
| High | Significant model limitation, large unexplained P/L | 30 days |
| Medium | Model performance degradation, documentation gap | 60 days |
| Low | Minor enhancement, best practice recommendation | 90 days |
Escalation path:
- Finding identified by validation or monitoring
- Documented in findings tracker with severity classification
- Business owner notified within 24 hours for High/Critical
- Model governance committee briefed at next meeting
- Remediation plan agreed and tracked
- Closure requires validation sign-off
Timeline enforcement: Findings not remediated within SLA are escalated to senior management. Repeated breaches affect performance evaluations and may result in model suspension.
Audit Readiness
Regulatory examiners and internal audit expect:
Model inventory:
- Complete list of all models in use
- Tier classification and validation status
- Ownership and contact information
- Last validation date and next scheduled
Documentation package:
- Current model specification
- Validation report
- Findings log with status
- Change history
- Performance monitoring reports
Evidence of governance:
- Meeting minutes from model governance committee
- Attestation from senior management
- Training records for model users
- Exception approvals with rationale
Examination preparation: Before regulatory exam, assemble:
- Model inventory summary
- High/Critical findings summary and remediation status
- Sample of recent validation reports
- Governance committee presentations
Action Checklist for Model Risk Managers
- Maintain current inventory: Update within 5 days of new model deployment
- Track validation schedules: Alert 90 days before validation due
- Monitor findings SLAs: Weekly review of open items
- Document governance decisions: Minutes within 5 days of committee meeting
- Report to senior management: Quarterly summary of model risk posture
Example Model Inventory Entry
| Field | Value |
|---|---|
| Model ID | EQ-OPT-001 |
| Model Name | Equity Options Pricer (Heston) |
| Tier | 1 (Critical) |
| Business Owner | Equity Derivatives Desk Head |
| Model Developer | Quant Development Team |
| Production Since | 2019-03-15 |
| Last Validation | 2024-02-20 |
| Next Validation | 2025-02-20 |
| Open Findings | 1 Medium (documentation update) |
| Status | Active - Compliant |
Sample Validation Timeline
| Month | Activity |
|---|---|
| Month 1 | Kick-off, scope agreement |
| Month 2 | Independent replication, benchmark testing |
| Month 3 | Stress testing, sensitivity analysis |
| Month 4 | Report drafting, finding discussion |
| Month 5 | Final report, management response |
| Month 6 | Committee presentation, closure |
Annual validation for Tier 1 models typically requires 4-6 months from kick-off to completion.
Next Steps
For calibration workflow details, see Model Calibration and Validation.
For backtesting model accuracy, review Backtesting Pricing Models Against Market Data.