Model Governance and Controls Requirements

intermediatePublished: 2026-01-01

Model Governance and Controls Requirements

Model governance establishes the framework for developing, validating, and monitoring quantitative models used in derivatives pricing, risk measurement, and valuation. Regulatory guidance, particularly SR 11-7 and OCC 2011-12, requires financial institutions to manage model risk through robust governance, independent validation, and ongoing monitoring.

Definition and Key Concepts

Model Risk Management

Model risk: The potential for adverse consequences from decisions based on incorrect or misused model outputs.

Risk TypeDescription
Model errorIncorrect specification or implementation
Input errorInaccurate or inappropriate data
MisuseApplying model outside intended scope
Limitation riskFailure to understand model constraints

Governance Framework

ComponentDescription
Model inventoryCatalog of all models in use
Model ownersDesignated accountability
ValidationIndependent review and testing
DocumentationTechnical specifications, assumptions
Change controlProcess for model modifications
MonitoringOngoing performance tracking

Model Tiers

TierCriteriaValidation Frequency
Tier 1 (High)Material financial impact, regulatory capitalAnnual full validation
Tier 2 (Medium)Moderate impact, internal riskEvery 2 years
Tier 3 (Low)Limited impact, operationalEvery 3 years

How It Works in Practice

Model Development Standards

Development lifecycle:

PhaseActivities
ConceptualDefine scope, select methodology
DevelopmentImplement, code, test
ValidationIndependent review
ImplementationDeploy to production
MonitoringOngoing performance tracking

Documentation requirements:

DocumentContent
Model specificationMathematical framework, assumptions
Development reportImplementation details, testing results
User guideOperating procedures, inputs/outputs
Validation reportIndependent assessment, findings
Monitoring planMetrics, thresholds, escalation

Validation Process

Validation scope:

AreaActivities
Conceptual soundnessReview theory, assumptions
Implementation testingCode review, unit tests
Outcomes analysisBacktesting, benchmarking
Sensitivity analysisParameter stress testing
Limitation assessmentIdentify constraints, document risks

Independence requirements:

Validation TypeWho Performs
Tier 1 modelsIndependent model validation group
Tier 2 modelsQualified independent party
Tier 3 modelsSelf-validation with oversight

Model Inventory

Required fields:

FieldDescription
Model IDUnique identifier
Model nameDescriptive name
Model ownerResponsible individual
Business usePricing, risk, capital
Tier classificationHigh, medium, low
Last validationDate of most recent review
Next validation dueScheduled date
StatusActive, development, retired

Worked Example

Validating an Options Pricing Model

Model details:

  • Model: Black-Scholes for European equity options
  • Use: Pricing and risk management
  • Tier: Tier 1 (material valuation impact)
  • Owner: Derivatives Trading Desk

Validation scope:

Validation AreaScope
Conceptual soundnessBSM assumptions appropriateness
ImplementationCode review, numerical accuracy
Outcomes analysisComparison to market prices
SensitivityGreeks accuracy
LimitationsVolatility smile not captured

Step 1: Conceptual Review

AssumptionAssessment
Constant volatilityLimitation: vol smile not modeled
No dividendsAdjustment needed for dividend stocks
European exerciseAppropriate for index options
Log-normal returnsStandard market convention

Finding: Model appropriate for liquid, short-dated options; limited for long-dated or exotic products.

Step 2: Implementation Testing

TestMethodResult
Unit testCompare to analytic solutionsPass
Boundary testTest at extreme parametersPass
Numerical precisionVerify to 8 decimal placesPass
Greeks calculationCompare to finite differencePass

Step 3: Outcomes Analysis

MetricBenchmarkResult
Average pricing error<0.5%0.3%
Max pricing error<2%1.8%
Delta accuracy<1%0.5%
Vega accuracy<2%1.2%

Backtesting results:

PeriodTradesWithin ToleranceException Rate
Q1 202415,00014,8501.0%
Q2 202416,20016,0381.0%
Q3 202414,80014,6521.0%

Step 4: Validation Conclusion

CategoryRating
Conceptual soundnessSatisfactory
ImplementationSatisfactory
OutcomesSatisfactory
OverallApproved with conditions

Conditions:

  1. Document limitation for volatility smile
  2. Implement quarterly backtesting
  3. Review for long-dated option use

Risks, Limitations, and Tradeoffs

Model Risk Categories

RiskDescriptionMitigation
Specification errorWrong model for productCareful model selection
Calibration errorIncorrect parameter estimationIndependent calibration review
Implementation bugCoding errorsCode review, testing
Data qualityBad inputs produce bad outputsData validation
MisapplicationUsing model outside scopeClear use guidelines

Governance Failures

FailureConsequence
Missing validationRegulatory finding, capital add-on
Inadequate documentationUnable to explain model
No monitoringDegradation goes undetected
Weak oversightModel errors persist

Common Pitfalls

PitfallDescriptionPrevention
Stale validationValidation not currentEnforce schedule
Scope creepModel used beyond intentClear use restrictions
Over-relianceModel treated as truthAcknowledge limitations
Undocumented changesModifications not recordedChange control process
Insufficient testingLimited test casesComprehensive test plan

Regulatory Expectations

SR 11-7 / OCC 2011-12 Requirements

RequirementDescription
Board oversightSenior management accountability
Model inventoryComplete catalog of models
ValidationIndependent, qualified review
DocumentationComprehensive specifications
Ongoing monitoringPerformance tracking
Internal auditPeriodic framework review

Examination Focus

AreaExaminer Questions
GovernanceIs there board-level oversight?
InventoryAre all models cataloged?
ValidationIs validation independent and qualified?
DocumentationAre specifications complete?
MonitoringIs performance tracked?
FindingsAre issues addressed timely?

Checklist and Next Steps

Model development checklist:

  • Define model scope and use
  • Document theoretical framework
  • Implement with quality controls
  • Conduct developer testing
  • Prepare validation package
  • Submit for independent validation

Validation checklist:

  • Review conceptual soundness
  • Test implementation accuracy
  • Conduct outcomes analysis
  • Perform sensitivity testing
  • Document limitations
  • Issue validation opinion

Ongoing monitoring checklist:

  • Track model performance metrics
  • Compare outputs to benchmarks
  • Review exception reports
  • Assess model usage patterns
  • Escalate material issues
  • Update validation as needed

Governance checklist:

  • Maintain complete model inventory
  • Assign model owners
  • Enforce validation schedule
  • Review findings and remediation
  • Report to senior management
  • Conduct periodic framework review

Related articles:

Related Articles

Training Programs for Derivative Users

intermediate

Third-Party Vendor Management

intermediate

Swap Execution Facilities and Designated Contract Markets

intermediate