Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank

Financial Institution Letters

FIL-22-2017
June 7, 2017

Adoption of Supervisory Guidance on Model Risk Management

Printable Format:

FIL-22-2017 - PDF (PDF Help)

Summary:

The FDIC is adopting the Supervisory Guidance on Model Risk Management previously issued by the Board of Governors of the Federal Reserve System ("FRB") (SR 11-7) and the Office of the Comptroller of the Currency ("OCC") (OCC Bulletin 2011-12), with technical conforming changes, thereby making the guidance applicable to certain FDIC-supervised institutions. The guidance addresses supervisory expectations for model risk management, including: model development, implementation, and use; model validation; and governance, policies, and controls. The FDIC is adopting this guidance to facilitate consistent model risk-management expectations across the banking agencies and industry.

Statement of Applicability to Institutions under $1 Billion in Total Assets: It is not expected that this guidance will pertain to FDIC-supervised institutions with under $1 billion in total assets unless the institution's model use is significant, complex, or poses elevated risk to the institution.

Highlights:

Continuation of FIL-22-2017

Distribution:

Suggested Routing:

Related Topics:

Attachment:

Contact:

Note:

FDIC financial institution letters (FILs) may be accessed from the FDIC's Web site at https://www.fdic.gov/news/news/financial/

To receive FILs electronically, please visit https://service.govdelivery.com/accounts/USFDIC/subscriber/new.

Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).

Financial Institution Letters
FIL-22-2017
June 7, 2017

Adoption of Supervisory Guidance on Model Risk Management

The FDIC is adopting the Supervisory Guidance on Model Risk Management (Guidance) that was issued by the OCC and FRB in 2011,1 with technical conforming changes as outlined in the Highlights section of the cover page. In recent years, many FDIC-supervised institutions have increased their reliance on models. The FDIC is adopting this Guidance to facilitate consistent model risk management expectations across the banking agencies and industry.

The FDIC recognizes that for institutions with under $1 billion in total assets, model use is typically not complex or significant, and generally does not pose elevated risk to these institutions. In addition, models used by such institutions are typically models that have been subject to longstanding supervisory guidance, such as asset liability management models that are subject to the interagency guidance on interest rate risk.2

Accordingly, it is not expected that this Guidance will pertain to FDIC-supervised institutions with under $1 billion in total assets unless the institution's model use is significant, complex, or poses elevated risk to the institution.3 In addition, Appendix A to Part 364 has long-established standards for safety and soundness for all FDIC-supervised institutions in the areas of internal controls and information systems; internal audit systems; loan documentation; credit underwriting; interest rate exposure; asset quality; earnings; and compensation, fees, and benefits. To the extent that models are used in these major operating areas of the institution, model use should be consistent with the safety and soundness standards.4

The Guidance defines models as "a quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates." Tools used for simple mathematical calculations are not models covered by this Guidance, but should nonetheless be subject to a reasonable control process. It is important to note that certain qualitative approaches are considered models under the Guidance. FDIC-supervised financial institutions should establish practices to identify models used across the organization and ensure that model risk management practices are commensurate with the institution's risk exposure and the complexity and extent of model use.

The Guidance addresses the concept of "effective challenge" as a guiding principle for managing model risk and essential to effective model risk management. Effective challenge is "critical analysis by objective, informed parties who can identify model limitations and assumptions and produce appropriate changes." Effective challenge refers to a combination of incentives, competence, and influence, as outlined in the Guidance. It is expected to be senior management's responsibility to ensure effective challenge takes place, and internal audit should ensure that appropriate effective challenge is being carried out.

The FDIC recognizes that many supervised institutions rely on models provided by vendors. The Guidance addresses the incorporation of vendor products into the institution's model risk management framework following the same principles as in-house models. Although much of the vendor product discussion in the Guidance is addressed under the Model Validation section, model risk management practices should not be limited to validation. Expectations for model risk management of vendor products are also addressed in the discussion of the model risk management process under the Model Development, Implementation, and Use section, as well as the Governance, Policies, and Controls section.

Finally, institutions should be mindful of consumer compliance and fair lending requirements when using models. For example, banks should evaluate the variables used in a model to determine whether they present or increase consumer compliance or fair lending risk.

1 See Board of Governors of the Federal Reserve System Supervisory Letter 11-7 and Office of the Comptroller of the Currency Bulletin 2011-12.

2 See Joint Agency Policy Statement on Interest Rate Risk (FIL-52-96), FFIEC Advisory on Interest Rate Risk Management (FIL-2-2010), and Interagency Advisory on Interest Rate Risk Management Frequently Asked Questions (FIL-2-2012).

3 Total asset applicability threshold applies to FDIC-supervised institutions that have reported total assets of $1 billion or more in the four most recent consecutive Call Reports.

4 Appendix A to Part 364 of the FDIC Rules and Regulations - Interagency Guidelines Establishing Standards for Safety and Soundness. https://www.fdic.gov/regulations/laws/rules/2000-8630.html#fdic2000appendixatopart364.

Skip Footer back to content