65. Model risk management

Model risk is the risk of incurring negative financial or reputation effects as a result of making incorrect business decisions on the basis of the models operating within the Bank. Within the Group, model risk is managed both on the part of a given Group entity (an owner of a model) and at the level of the Bank as a parent company of the Group.

The objective of models management and model risk management is to mitigate the level of model risk in the Group. Companies in which model risk is considered to be material, after consulting the Bank, introduce appropriate internal regulations governing the model risk management policies and process. In the Group, the solutions functioning in the Bank are used, with the possibility of tailoring them individually to the specific nature of each Company.

In 2014, in line with the amended model risk management regulations, the range of models subject to the process of independent validation was expanded. The Bank’s validation unit commenced the process of giving opinions on the models used by other Group entities, which were considered to be models material to the Group.

Within the Group, model risk is managed both on the part of a given Company (an owner of a model) and at the level of the Bank.

65.1. Identification and assessment of model risk

Identification of model risk mainly consists of:

  • gathering information on existing, built and planned to be build models,
  • cyclical determining the relevance of models,
  • determining potential threats that may occur during the life cycle of the model.

Ratings are particularly aggregated at the level of the Bank, the Company or the Group.

Ratings may be aggregated mainly at the level of the Bank or the Company, particular risk types or classes of models, particular processes of model life-cycle. The model risk assessment is performed at least once a year and at the moment of appearing of new models, change the scale or business profile of the Bank or the Company.

65.2. Model risk monitoring and reporting

The purpose of model risk monitoring is to control model risk and diagnose areas for management actions. Model risk monitoring process contains, in particular: the update of level of model risk, the verification of status of implementation of the planned recommendations and the valuation of effectiveness of implementation of the recommendations on mitigation of model risk. Monitoring results are periodically presented in the reports addressed to the RC, the Management Board and include a complex model risk assessment, in particular:

  • information on the level of model risk (in the standalone and consolidated perspective),
  • model risk map,
  • information on the validation process and the status of implementation of the recommendations after validation,
  • evaluation of effectiveness of the recommendations made to reduce the model risk level,
  • potential proposed new management actions reducing the model risk.

65.3. Management actions concerning model risk

The purpose of management actions is to form a model risk management process and a level of this risk in the Bank.

Management actions in particular consist of:

  • issuing internal regulations,
  • determining acceptable levels of risk,
  • issuing recommendations,
  • making decisions about the use of tools supporting model risk management.