THE CHANGING FACE OF COMPLIANCE RISK MANAGEMENT: REGULATORY REQUIREMENTS FOR INDEPENDENT MODEL VALIDATION
The application of data science and analytics technologies to deliver operational effectiveness and efficiencies in compliance risk management is not a new phenomenon. Although, the use of these technologies is accelerating due to the increasing availability of data and advances in analytical techniques.
In the 1990s, financial services firms began to adopt more sophisticated risk management techniques, including the use of quantitative models to measure and manage risks. These models relied on large amounts of data and sophisticated analytical techniques, such as Monte Carlo simulations and value-at-risk (VaR) analysis, to estimate the likelihood and potential impact of various risks.
As technology continued to advance in the 2000s, financial services firms began to collect even more data and apply more advanced analytical techniques. This led to the development of new tools and platforms for compliance risk management, such as anti-money laundering (AML) and know-your-customer (KYC) systems that use machine learning algorithms to detect suspicious transactions and identify potential fraud.
Today, however, financial services firms are increasingly using big data and artificial intelligence (AI) to improve compliance risk management. They are leveraging vast amounts of structured and unstructured data from a variety of sources, including social media and other external sources, to identify potential risks and trends. They are also using AI to automate and streamline compliance processes, such as regulatory reporting and document review, improve customer experience and deliver better returns internally.
However, what is perhaps a greater challenge to financial institutions embracing the digital and data-led era, is keeping up with governing bodies and the regulator who bring about new waves of important regulation impinging the application of these technologies within compliance risk.
We have long seen the impact of stringent regulation within credit risk and market risk that dictates the implementation of models across processes, however more recently this increased due diligence is being highlighted and more broadly implemented in the world of compliance risk. In order for financial institutions to maintain a competitive edge and avoid being penalised by the regulator, they must have effective procedures in place to quantitively and qualitatively prove the soundness and robustness of their models, be able to tune models appropriately, monitor and act on model failures in a timely manner and independently, without bias, validate their models to prove they are fit for the intended purpose.
In 2017 Riksdag and Finansinspektionen in Sweden published new and more explicit regulation on the procedures of model risk management in relation to anti-money laundering and counter terrorist financing - one of the first European countries to publish such regulation in this field.
Over the last five years we’ve seen its extensive use across compliance regulation in Europe, and the ongoing pressure this has put on institutions to ensure they have the procedures in place to meet the requirements, as evidenced by the transaction monitoring thematic reviews of Denmark 2019/20. Evidence therefore demonstrates that any banks that don’t include compliance models under their risk management frameworks will need to do so or face the consequences.
There is a strong indication that the review of models within compliance risk is changing and is being taken more seriously and, with the same due diligence as within market risk and credit risk, models must be validated to be fit for their intended purpose both before they are put into production and regularly thereafter.
This change in regulatory focus will require financial institutions to find and accept specialist support and technical expertise, to ensure that they’re meeting the changing needs of the regulator and to be able to independently and unbiasedly demonstrate, with supporting documentation, that they’re compliant.
The reality for banks and financial institutions is that regulators across all jurisdictions will need to follow in Swedish footsteps, to ensure that their regulated entities are operating effectively and efficiently.
Challenges of model adoption
Whilst the reality for financial institutions to embrace model review and validation is clear, it still poses the question as to whether businesses understand how to achieve this effectively. Independent model validation in compliance, is still not covered extensively in the scientific press and with little guidance on best practises to meet requirements the challenge remains for companies to ensure they are independently validating their models without bias.
While independent model validation remains critical to ensure they’re fit for intended purpose, in addition to resource and skill requirements, institutions will face additional challenges posed by the vendor. The vendors’ methodology around model parameters is bound by intellectual property and thus, implementing the indicative solutions to ensure the level of risk is within acceptable limits cannot be determined subjectively. To apply appropriate and objective solutions, institutions need to be able to take a quantitative approach to reverse engineer the model parameters and minimise model risk.
Furthermore, with independently validated models certified fit for intended purpose, institutions will need sound documentation of model risk management to ensure complete governance, and evidence that change and incident management procedures are in place. This requires a specialist skillset of quantitative expertise with advisory support and a broad understanding of the regulatory requirements of the jurisdiction to ensure all needs are met.
Evolving compliance risk management
beat the curve To perform compliant risk management internally without bias, would be impossible for financial institutions, so it’s essential for businesses to embrace collaborative and independent partners to support in independent model validation. Those preparing models, systems and processes ahead of the impending regulatory reviews will have an overall advantage in effectiveness and efficiency while minimising the need for regulatory action to be taken and negating the risk of reputational damage.