We’ve seen a variant of this issue in US/Canada, with the large Canadian Banks generally having IRB approval at the Group level (including for their main US loan books) and their US subsidiaries being on standardized

In this case, there is no incentive for the US entity to seek IRB approval - but US regulators do care about the risk rating systems from a bank supervision perspective, which has raised some of the same questions about whether group models are suitable. Those banks have generally taken a view aligned to a previous poster, i.e., using local models for middle market and below, and trying to align to group models for larger companies and FI's

On the last point, I'll say that we've seen US regulators challenge the support for those decisions heavily, but at least in some cases it seems to have stood up to that challenge.  In one case where the bank's prior analysis and documentation didn't provide great support, they are being pushed to redevelop those as well, though they are trying to do so in a way that they can ultimately extend back to group as well, for a C&I model that was getting a bit long in the tooth anyway

I'll just flag that a Canadian bank who had decided to extend several of their existing "global" models to their US subsidiary based on similar logic, and while the logic makes sense broadly, they ran into significant issues with their US subsidiary’s regulator about the way they did it

I would primarily attribute the root causes of those issues to:

Operating model for how those decisions were taken and where they were reviewed and challenged – the Group development and validation teams led the substantive assessment of “fit-for-use”, and while there were some US stakeholders involved, the ones most involved were not very senior in stature, and often deferred to the expertise of Group.  But those US stakeholders then couldn’t / didn’t do a good job of credibly defending those decisions to their regulators, leading the regulators to question if US senior management had been sufficiently involved in determining that these models were appropriate for the US portfolio

The documentation they produced justifying and validating the use of these models in the US was a narrow “fit for use assessment”, which taken as a standalone artifact fell far short of the comprehensive model documentation and validation expectations of SR 11-7.  This led regulators to question the “effective challenge” provided by US model risk management and more broadly by US senior management

The short answer is yes they should definitely be included. The group risk report is the bare minimum that should be included for a GSIB in terms of internal reports and you can go from there

Will to share some pages on the latest interpretation of the scope of BCBS239 by the ECB. A bit more expansive that the traditional industry approach but that is really going to be the new bar. We also have a full BCBS239 benchmarking database that covers 20+ banks (including most European GSIBs) and all dimensions of BCBS239 so maybe your client wants to participate in it

There is certainly precedent for this in loss forecasting, given various companies that need to follow both IFRS9 and CECL at different legal entity levels, and/or to follow different stress testing guidance for different regulators.   I can’t think of a case where I’ve seen it for the primary credit risk rating models however (at least not for literally the same exposures receiving two different ratings)

Thanks a lot, this was very helpful!

Very interesting point. Would be great to know OW's experience with feedback from other players.

+1 for the Amazon model. Driving adoption is tough. Predicated on the issue that almost nobody reads slides before the meeting. Building in 5-7 minutes for content review while in the meeting can be effective even if it isn’t the rigid memo format at Amazon. For example, you can summarize key decision points up top, then a cascade of a few pages for all to review. Instead of driving to ideation this drives to outcomes

I agree, but wonder if there is something more here.

I have also seen such “findings” and in the two cases I saw, they were politically/ career minded where once the MRM team was fighting a past battle (comments on how the bank uses resources, and ones they didn’t get) and once where the MRM team lead wanted the lead modeler’s job (and was trying to make a point about how they would use resources). In neither case were such “resource” use findings actually anchored in trying to do MRM work…

I think most have been said already, but just for the record I have also seen a PD master scale being validated by MRM (US).

I’d say as mentioned, the guiding principle should be how you derive the scale. If it involves mathematical and statistical methods, assumptions etc. then it most likely falls under the “model” definition and should be validated. I would tie it to how you define a model internally and what the MRM policy says about it

For Canada specifically, please refer to the latest Draft Guideline E-23 on model risk management by OSFI (our banking and insurance regulator).

To capture the risk posed by AI, the Draft Guideline modernizes the definition of “model” in the original 2017 Guideline to explicitly include AI and machine learning methods. Basically the AI-based solutions are considered “models” and are subject to model risk management requirements. Detailed requirements can be found in the guideline

I suspect the answer will depend on what regulators require – for example the PRA expects all FIRB firms to use effective maturity (there’s currently a carve-out for SMEs, but they want to remove that too under Basel 3.1 – see below)

I have to admit, I cannot recollect what ECB/ EBA has had to say about this, but I think it would be pretty hard to justify using it in most places but not some – would very much feel like a bank would be open to challenge around whether it was cherry-picking

PRA CP16/22 proposal around Effective Maturity

4.305 The PRA currently specifies within IRB permissions that firms using the
FIRB approach must calculate effective maturity rather than apply fixed
parameters. This is because the PRA considers that calculation of effective
maturity is a more risk-sensitive approach, which better reflects the economic
substance of the exposures, and thus enhances the safety and soundness of firms.
Furthermore, using effective maturity facilitates effective competition because
firms using the AIRB approach are also required to apply the effective maturity
approach.

4.306 The PRA proposes to maintain the substance of its existing approach and
that firms using  the FIRB approach would continue to be required to apply the
effective maturity approach. The PRA proposes to include this provision in its
rules as it considers this would be more appropriate than applying the
requirement on a firm-by-firm basis as is currently the case.

4.307 The PRA considers that the proposed approach is in line with the Basel 3.1
standards as these include a discretion for national supervisors to require
firms using the FIRB approach to calculate effective maturity for all exposures.

4.308 Similarly, to improve risk-sensitivity, the PRA proposes to remove the
option currently setout in the CRR that allows firms that are otherwise
calculating maturity to instead apply fixed maturity values for exposures to
small UK corporates.