Very good questions. I’ve come across this as well on operational resilience and
cyber, where the challenges are similar

Some thoughts on this (also with the ex-regulator hat on):

Management bodies should acknowledge the challenge and be thoughtful around
how to address this, e.g. through training; reporting; succession planning
etc. We recently heard from a regulator that they were worried that sometimes
these topics are ‘outsourced’ to one person on the exec/ Board who
understands it, whereas they are looking for broader skills and knowledge in
the group. Again I think this is important to acknowledge, including the fact
that building those muscles take time In terms of ‘evidencing’ appropriate oversight and challenge by the Board,
when supervisors look at meeting minutes they would expect to see critical
questions being asked and a level of discussion (rather than the Board just
‘noting’ things) The quality of the materials and reports being presented to the Board is very
important, both data, but also someone bringing out the ‘so what’ and in
particular where there are areas of judgement and uncertainty, and where
there are trade-offs

I have seen the following:

Percentage of the Business/Institutional portfolio in high transition risk sectors Proportion of the mortgage portfolio exposed to high physical risks (by 2050 under a 4-degree warming scenario is one specific example). Believe this is based on property level assessment and then some % increase in PD. Some reputational ones around ESG scores

However, I don’t believe anyone would set the thresholds at a level that would likely be binding. So skeptically, I think this is just for reporting and transparency at the moment – which is probably right given the limitations of climate risk modeling

We’ve seen a variant of this issue in US/Canada, with the large Canadian Banks generally having IRB approval at the Group level (including for their main US loan books) and their US subsidiaries being on standardized

In this case, there is no incentive for the US entity to seek IRB approval - but US regulators do care about the risk rating systems from a bank supervision perspective, which has raised some of the same questions about whether group models are suitable. Those banks have generally taken a view aligned to a previous poster, i.e., using local models for middle market and below, and trying to align to group models for larger companies and FI's

On the last point, I'll say that we've seen US regulators challenge the support for those decisions heavily, but at least in some cases it seems to have stood up to that challenge.  In one case where the bank's prior analysis and documentation didn't provide great support, they are being pushed to redevelop those as well, though they are trying to do so in a way that they can ultimately extend back to group as well, for a C&I model that was getting a bit long in the tooth anyway

I'll just flag that a Canadian bank who had decided to extend several of their existing "global" models to their US subsidiary based on similar logic, and while the logic makes sense broadly, they ran into significant issues with their US subsidiary’s regulator about the way they did it

I would primarily attribute the root causes of those issues to:

Operating model for how those decisions were taken and where they were reviewed and challenged – the Group development and validation teams led the substantive assessment of “fit-for-use”, and while there were some US stakeholders involved, the ones most involved were not very senior in stature, and often deferred to the expertise of Group.  But those US stakeholders then couldn’t / didn’t do a good job of credibly defending those decisions to their regulators, leading the regulators to question if US senior management had been sufficiently involved in determining that these models were appropriate for the US portfolio

The documentation they produced justifying and validating the use of these models in the US was a narrow “fit for use assessment”, which taken as a standalone artifact fell far short of the comprehensive model documentation and validation expectations of SR 11-7.  This led regulators to question the “effective challenge” provided by US model risk management and more broadly by US senior management

The short answer is yes they should definitely be included. The group risk report is the bare minimum that should be included for a GSIB in terms of internal reports and you can go from there

Will to share some pages on the latest interpretation of the scope of BCBS239 by the ECB. A bit more expansive that the traditional industry approach but that is really going to be the new bar. We also have a full BCBS239 benchmarking database that covers 20+ banks (including most European GSIBs) and all dimensions of BCBS239 so maybe your client wants to participate in it

There is certainly precedent for this in loss forecasting, given various companies that need to follow both IFRS9 and CECL at different legal entity levels, and/or to follow different stress testing guidance for different regulators.   I can’t think of a case where I’ve seen it for the primary credit risk rating models however (at least not for literally the same exposures receiving two different ratings)

Thanks a lot, this was very helpful!

Very interesting point. Would be great to know OW's experience with feedback from other players.

There are two steps:

(1) raw social data collection; and (2) analysis with NLP or GenAI

(1) is the difficult part. You would need to know where the discussions are happening for your client or its industry – is it in the news, Facebook, Instagram, a forum? Once you identified the data source, you would need to find a way to collect the data, and the legal and cost question comes in to play.

I recommend you to buy data from a third party (there are many of them). They can either provide you only the raw data feed (e.g. give me all the Facebook discussions about my brand), or they can provide you with a dashboard with standard analytics. If you only need one off data analysis for maybe a proposal, getting raw data and crunch it yourself is a cheaper, better way forward

+1 for the Amazon model. Driving adoption is tough. Predicated on the issue that almost nobody reads slides before the meeting. Building in 5-7 minutes for content review while in the meeting can be effective even if it isn’t the rigid memo format at Amazon. For example, you can summarize key decision points up top, then a cascade of a few pages for all to review. Instead of driving to ideation this drives to outcomes