With the adoption of the existing Supervisory Guidance on Model Risk Management by the Federal Deposit Insurance Corporation (FDIC) in 2017, banks with assets greater than $1 billion are expected to have a model risk framework commensurate with their relative complexity, sophistication of business activities and overall organizational structure to ensure the bank meets supervisory requirements and addresses model risk effectively.
Initially, the Board of Governors of the Federal Reserve System (FRB) and Office of the Comptroller of the Currency (OCC) issued the Supervisory Guidance on Model Risk Management in 2011 with supervisory letter SR 11-7 (FRB) and Bulletin OCC 2011-12 (OCC). The guidance was subsequently adopted by the FDIC with Financial Institution Letter FIL-22-2017, which brings the guidance downstream to all FDIC regulated institutions with assets of $1 billion and greater.
The FDIC’s updated guidance highlights the need for disciplined, knowledgeable development of models that is well documented and conceptually sound, controls to ensure proper implementation, processes to ensure correct and appropriate use, effective validation processes, and strong governance, policies and controls. The guidance also underpinned the importance of incorporating the use of vendor and other third-party models into the model risk management framework.
Some community bank organizations (CBOs), including banks below $10 billion in assets, have made progress in implementing a model risk framework that incorporates the traditional Committee of Sponsoring Organizations of the Treadway Commission (COSO) Three Lines of Defense risk management operating model. However, many CBOs still have substantial work to do from a design, implementation and sustainability perspective.