RBI Notification

RBI’s New Guidelines for Management of Model Risks in Credit

The Reserve Bank of India published a draft circular titled “Regulatory Principles for Model Risks in Credit” on August 5, 2024. This circular purpose is to set out certain guidelines to help mitigate risks related to credit risk models used by regulated entities (REs) across India.

Public comments are being solicited for this purpose, and September 4, 2024, is the last day for submitting them.

Understanding Model Risk in Credit Risk Models

Model risk is the potential risk associated with using flawed or inadequate models in decision-making within financial institutions. Then, when it comes to credit management, the model plays a crucial role in anticipation of financial risks. It is a tool to predict borrower behaviour, estimate default probabilities, determine loan pricing, and assess overall portfolio risk.

It helps the whole network of banking systems to mitigate risks and saves the overall financial system from collapsing. However, certain uncertainties still lie in these models, primarily because they rely on assumptions that may not always hold true in real-world scenarios.

The definition of the Credit Risk Model, as given in the draft circular, is “any quantitative method that applies statistical, economic, financial, or mathematical principles and assumptions to process data into an output to be used for credit decisions.”

How to Address Model Risk in Credit Risk Models?

In recent years, complex quantitative models have been adopted in the financial system that involve advanced data analytics and machine learning. Although these models bring their own advantages, like efficiency and accuracy, they also have their own drawbacks. Various model risks are manifested because of this in various ways, like underestimating credit losses, mispricing loans, or failing to identify potential defaults, all of which can have severe implications for a financial institution’s stability and profitability.

In the past, the model risks have contributed to several financial failures. One of such is the 2007-08 global crisis that originated in the US. It exposed the financial risks involved in the credit risk models used then. There were several limitations to it that led to widespread losses and systemic instability. Thus, there has been growing awareness worldwide of constructing credit risk models that anticipate future risks. Focus on the governance and oversight of model risk has increased as its critical role in maintaining financial stability has been recognised.

RBI’s draft circular is part of the same regulatory trend. It is a step to ensure that the REs in India adopt a robust framework for managing model risks. The RBI has provided clear guidelines on governance, model development, validation, and the use of third-party models. Through this, the RBI seeks to mitigate the potential adverse effects of model risk on the Indian financial system.

Enforcement of Regulatory Principles for Credit Model Risks

The circular shall come into force within 3 months from its issuance date, 5 August 2024. The new models from herein should be in accordance with these guidelines, and the old models should be validated as per these guidelines within 6 months of the circular issuance date.

What are the Key Provisions of the Draft Circular?

The draft circular released by the RBI is a set of regulatory principles covering the entire credit risk model lifecycle, from development to deployment and validation. These principles are designed to ensure that the models adopted by the REs are robust, accurate, and capable of producing reliable outcomes, minimising the risk of errors that could impact decision-making processes.

1. Governance and Oversight

The guidelines require the REs to put in place a detailed policy that the Board has approved with regard to the model risk management framework for all models deployed. It should cover the entire model life cycle. The draft circular enlists a group of things that the policy should cover. They are as follows:

• Details of governance and oversights aspects commensurate with model materiality
• Processes around model development or selection
• Documentation for models deployed
• Independent vetting/ongoing validation or review processes
• Monitoring and reporting framework, including the role of internal audit function.
• Approach with regard to the adoption and usage of third-party models.

The REs are required to maintain a model inventory with critical information, whether in-house or outsourced. The approval of the Risk Management Committee of the Board (RMCB) or any other Sub-Committee is mandatory for the deployment of individual credit models adopted under the policy or any subsequent changes in their inputs or assumptions.

2. Model Development and Deployment

Considering the risks in the development and deployment of credit risk models, the RBI has issued guidelines for this stage to minimise the risks. These highlights of the guidelines are as follows:

A. Pillars of model development

The RBI requires setting up the model’s objectives, problem statements, and desired solutions to provide proper direction for its development. These are called the pillars of model development.

B. Adequate Inputs

The inputs used should be adequate and accurate to ensure accurate model outcomes. Data is the most essential element when developing a model, and the input of accurate and adequate data increases the reliability of the model.

C. Use of Robust Assumptions

The assumptions should be realistic and consistently address the model’s intended objective. This helps the model work under changed circumstances and mitigate risks.

D. Documentation of the Model

The documentation for each model should be detailed and simple to understand. It should include details of the sensitivity of the outputs to the assumptions and inputs to provide insight into the model’s workability.

E. Scalability and flexibility

The model should be developed to meet the needs of dynamic business conditions and work in them. It should be flexible enough to work in different conditions and should have scalability to provide quantitative insight into the inherent risks.

F.  Integration with Core Systems

The RBI requires the model to be at par with the core banking system, liquidity management, asset liability management (ALM), or any other system constructed for risk management in the REs. The model integrated with these core systems may be developed to enable real-time data exchange and automated decision-making processes.

G. Genuine Outcomes

The outcomes of the developed model should be consistent in similar circumstances, unbiased, explainable and verifiable, which increases the model’s credibility.

H. Subjective Factors

When subjective factors are used to override the mechanised models, they should be in accordance with the policy and the circular’s intention to mitigate credit risks. The deviations made from the model’s output for subjective factors should be formally documented in an auditable format.

I. Outsourced Models

If any models are outsourced from third parties, they shall also fall under the mandates stated in the circular. The models should be outsourced by minimum sharing of documents that barely allow the business adopting them to know their design. Even though a model is outsourced, the business shall remain fully accountable.

3. Model Validation Framework

Model validation is a critical step in the model lifecycle, serving as a check on the model’s accuracy and reliability. Under the circular, the RBI requires the REs to set up a model vetting or validation process, ensuring that models are thoroughly tested before and after deployment.

I. Who will Validate?

The RBI requires the model to be validated by an independent entity that is not involved in its development or selection process. This ensures an unbiased, critical assessment of the model.

The model will be frequently validated, once before its deployment, then after the subsequent amendments or after the occurrence of any material events. The basic idea is that periodic validations should be done so the model meets the needs of the changed circumstances.

II. What should be Considered while Validating?

The following things should be considered while validating the model as per the circular:

• Assumptions underlying the model
• Verification of the accuracy of the data used in the model and reliability of data resources
• Whether the model is complying with the extant regulatory or statutory instructions
• The documentation of the model to ensure that it is complete and accurate
• The efficacy of the model outcomes through back-testing. The back-testing is applying the model to the historical data to see whether its predictions match the actual outcomes.
• All the limitations and weaknesses in the models, which include biases or discrimination, if any, present in the same.

III. Regarding the Validation Outcome

The validation outcome is supposed to be presented simply and understandably. It should have ex-ante parameters. It has to be compared with the benchmarks prescribed in the policy framework. The outcome has to be presented before the Risk Management Committee or the designated sub-committee of the Board.

 IV. Supervisory Review

The model deployed will be reviewed either by the RBI or the experts appointed by the RBI for this purpose. The deployed model also includes the external models deployed for credit management.

Guidelines to Mitigate Risk in Accordance with Global Trends

The RBI’s guidelines are in accordance with global trends that endeavour to mitigate risks in credit management. As mentioned earlier, the 2008 crisis was a lesson that drew attention to the need for such guidelines. Taking a lesson from the same, the US came up with the Dodd-Frank Act, which aims to mitigate such systemic failures in the future. Subprime mortgages were the main culprits in the collapse of the economy.

Similar guidelines have been issued on the same note in several countries, like the US Federal Reserve Supervisory Letter 11-7, issued in 2011, providing guidelines for Model Risk Management, the UK’s Prudential Regulation Authority, which issued a Supervisory Statement SS3/18 on Model Risk Management that particularly emphasizes stress testing, etc.

Impact of the Circular on the REs

The REs would have to form a Risk management committee or any other subcommittee of the Board for this purpose if it did not exist before. They will have to either formulate or reassess their models for credit risk management as per these guidelines.

The new compliances might bring some changes in their operational management, but these will protect them from the model risks that can collapse their businesses. 

Conclusion

The RBI’s draft guidelines on model risk management represent a significant step forward for the Indian financial sector. By setting clear expectations for governance, validation, and oversight, the RBI is helping to ensure that credit risk models used by REs are robust, reliable, and capable of withstand the stress.

While the new guidelines will present challenges for REs, particularly regarding compliance and operational adjustments, they also offer opportunities for innovation and enhanced risk management. By adopting the RBI’s recommended practices, REs can improve the accuracy and reliability of their credit risk models, leading to better decision-making and greater financial stability.

Are you a financial institution navigating the complexities of RBI’s new guidelines on model risk management? Visit our website www.enterslice.com today to learn more about managing model risks effectively.

FAQ’s