• Report
  • Prudential Regulation Authority
  • Insurance
  • Banks
  • European Union
  • Pensions
May 08, 2020

Model risk management 20 years in the making

Tracing two decades


Many events have shaped model-risk management (MRM) as we know it today.


The Gramm-Leach-Bliley Act of 1999 broke down the wall separating commercial and investment banking, giving the US banks greater autonomy. Another key event with wider repercussions was the crisis after the dotcom bubble, which marked the start of a strategic shift towards solid risk management practices, particularly with the growth of more complex financial models and systems.


This separation of commercial and investment banking created a period where the Financial Stability Board (FSB), the European Central Bank (ECB), the US Federal Reserve (Fed), the UK Prudential Regulation Authority (PRA) and other regulators were focused on establishing a new stability-focused monetary policy strategy and a broad operational framework.


A key trigger for the change was the US Office of the Comptroller of the Currency (OCC) Bulletin 2000-161 that provided guidance to mitigate ‘model risk’. The focus of banks started to shift to model risk. The information revolution was followed by years of profits and prosperity for banks. Bank profits were strong for more than a decade with no bank failure until 2007. However, various warning signs started appearing in 2007, culminating in the 2008 global financial crisis. By 2009, G20 leaders had decided to fix the financial system. They tasked the Financial Stability Board (FSB) with addressing the challenges of ‘too big to fail’ companies (banks or insurers) and building a more integrated financial system worldwide.


Such events have transformed the way regulators and financial institutions in various countries deal with risk, particularly in the MRM area.


In the US, some insurers, especially the big ones, had adopted MRM practices by 2012, due to the pressure from the Federal Reserve in SR 11-7 (Figure 1). In 2014, the regulator classified some insurers as systemically important financial institutions (SIFIs). The same year the FSB introduced its own classification of global systemically important insurers (G-SIIs). While the SIFI insurance designation for insurers was diluted, the focus on MRM compliance and additional reporting remains.


In Europe, MRM adoption in 2015 was mostly influenced by the expected Solvency II directive that took effect in 2016. By 2016, the demarcation between SIFIs and G-SIIs had appeared to be diluted, but MRM practices gained traction.


While banks and insurers have adopted MRM at varying speeds, insurers accelerated their adoption of industry practices in 2016. Some of them were influenced by the actuarial practice and learning from banks in MRM. In Europe, insurers started to foresee the implications of risk management practices with the introduction of Solvency II by the European Insurance and Occupational Pensions Authority (EIOPA). The regulation aimed to review the prudential regime for insurance and reinsurance undertakings in the European Union. In particular, the Pillar II of Solvency II focused on governance and risk management, including internal-model development and validation requirements.


1Office of the Comptroller of the Currency’s (OCC) on risk modeling: https://ithandbook.ffiec.gov/media/resources/3676/occ-bl2000-16_risk_model_validation.pdf