Greg Wiltshire is a Director in Oliver Wyman's Risk Delivery Team. Greg brings over 15 years of risk modelling and analytics experience, specialising in risk and technology transformations.

Matias Coggiola is a Manager at Oliver Wyman and specialises in Credit Risk modelling methodology and regulatory compliance. He curates the monthly Risky Business series.

Developing a CRDIV model is like hosting a dazzling party*. The development phase buzzes with excitement—teams collaborating, ideas flowing, and progress celebrated. Each milestone feels like a defining moment in the revelry, driving the project forward. But then comes the inevitable hangover and clean up - implementation. With the party over and the lights back on, reality sets in as the hard work begins; rolling out the model, building data pipelines, and fine-tuning monitoring and compliance. It’s less glamorous and more gruelling - but equally critical.

Banks face several challenges in implementing their CRDIV approaches. Not leaning into these can create operational drag, where tactical compromises stack on top of each other, disproportionally sucking up resources and eroding the space and potential to break free and redefine ways of working. A red flag we see across the industry is a lack of planning for the implementation phase, with some banks expecting to rely on their development data and code for the foreseeable future.

Some key post approval challenges include:

Productionising the model

Change management: Introducing new models requires process and workflow changes. Banks need to see implementation as inseparable from development, keeping pace and pushing through the required change.

Integration with legacy systems: Many banks operate on legacy systems that may not be compatible with new modelling techniques or technologies. If the model was developed in python, are you really going to implement in SAS even if that’s where the other prudential models are, or are you going to invest in a python-based production capability?

Resource constraints: Implementing new models often requires specialized skills and expertise. After regulatory approval it’s natural for large development teams to move onto new projects, but retaining expertise is critical to ensure successful implementation and avoid code rot.

Maintaining the code

Reusability: The development code is a hugely valuable asset, but lack of clear ownership can limit the ability to reuse and repurpose code. This can lead to duplicated effort and wasted resource, as teams reinvent the wheel instead of leveraging an existing codebase.

Inconsistency in code quality: Banks often lack clear coding standard. So as their codebase evolves, different teams may use various libraries or approaches, leading to inconsistencies in code quality and functionality, and giving rise to bugs and errors that are difficult to find and fix.

Monitoring

Planning for model drift: New models start out accurate. But over time, they become less accurate as new data is available and credit policies change. Detecting and addressing model drift not only requires ongoing monitoring and validation but also planning for possible responses.

Data quality and availability: Effective model monitoring relies on high-quality data. Banks often struggle to build monitoring on top of their production data, instead preferring to maintain offline copies. As a result, monitoring can be inconsistent, incomplete and out of date, all of which can hinder accurate model assessment.

The implication is clear, banks who have successfully been through CRDIV approval have overcome a significant hurdle, but it’s only a single step and not the time to let up. There’s an opportunity to use CRDIV to transform the wider risk management, especially for banks who invested in technology as part of their journey - modern infrastructure not only supports modelling but also integration, consistency and efficiency across the model lifecycle.

So, let’s get the black bin bags out from under the kitchen sink and have a bit of a tidy up.

*Please note that individual experience may vary

Reach out to greg.wiltshire@oliverwyman.com to hear more about how Oliver Wyman can support your IRB model implementation

Dear reader, welcome back to Risky Business. This time around we have a guest writer, Greg Wiltshire, Director, who poses a very interesting question, can your amazing next party turn out akin to an IRB model implementation? Or will the next IRB implementation you undertake like a true party?
Will the party be a success? Or the implementation a failure? Hopefully the other way around!

I hope you enjoy the insights from the below as much as I did.

Matias Coggiola

Basel 3.1 implementation in UK delayed… once again
Basel 3.1 represents the final set of international banking reforms in response to the Global Financial Crisis. The reforms aim to enhance banks' risk measurement and capital requirement calculations, striving to make capital ratios more consistent and comparable across institutions.

But in consultation with HM Treasury, the PRA has decided to delay the implementation of Basel 3.1 in the UK by one year, to 1st January 2027. This adjustment was proposed to allow the regulator for additional time to observe the rollout of the reforms in the United States.

The delay appears to stem primarily from the potential impact on proposed reforms of the Fundamental Review of the Trading Book (FRTB) front, which includes revised boundaries between trading and banking books, a more sensitive standardised approach for Market Risk, and the introduction of the Non-Modellable Risk Factors charge. Whilst this affects primarily banks with significant trading or investment banking activities, the regulator has chosen to take a comprehensive pause of the entire Basel 3.1 regulation to reassess the entire suite of reforms.

But the reaction from more traditional banks in the UK with significant Credit Risk exposure is mixed. In our latest European IRB survey, clients reported that the new set of rules could lead to potential capital release for some of the Standardized Approach (SA) and Foundation Internal Ratings-Based (FIRB) portfolios. Conversely, firms with significant Advanced Internal Ratings-Based (AIRB) portfolios have deemed the approach conservative and have welcomed the delay.

On the other hand, our belief is that the PRA will be less lenient regarding day-one compliance, as the regulatory text has been available in draft form since 2022. It is also notable that the model output floors have remained unchanged. This means that once the rules come into effect in 2027, banks will need to achieve the required levels of capital by 2030, effectively shortening the transition period to two years.

Another greatly understated driver of the delay might stem from concerns about stifling the British economy, which has struggled to regain its footing post-COVID, with more stringent prudential regulation.

This push ‘from within’ has been already observed elsewhere: Across the pond, Jay Powell, Chair of the Fed, commented back in 2024 that ‘broad and material changes’ were coming to the proposed Basel Endgame framework. Republican lawmakers have consistently expressed scepticism about the reform and have repeatedly called for the program to be scrapped.

The ‘Endgame’ is set to become effective on 1st July, 2025. However, the new administration holds the future of the American banking regulatory landscape in its hands: Trump might push to simplify the reform or scrap the framework completely.

Many domestic banks, lacking international operations, may advocate for abandoning current proposals in favour of frameworks that better suit the American context. On the contrary, recent bank failures have cast doubt on the resilience of smaller regional firms in the US, potentially strengthening the argument for a stricter framework aligned with international practices.

Closer to home, Continental Europe seems to be taking the middle ground, as the Basel 3.1 rules became effective, with some modifications, in January 2025. But the most interesting point is that the FRTB part of the regulation has been pushed back 1 January 2026.

On the Credit Risk front, a 2023 ECB survey determined that corporate-oriented financial institutions would be the worst hit by the reforms. While some capital release is expected from the model outputs, the output floor means that the overall benefit is negated in full.

This puts the EU on an alternative, steadier path compared to the uncertain US and hesitant UK approaches.

This disparity of rules require transcontinental banking institutions to dedicate increased resources to ensure compliance in the US, the UK, and Europe. Future-proofing activities and ensuring that the ability to act quickly remains in place in case new short-term steer emerges from the regulators will be fundamental to ensure risk transformation projects remain compliant once implemented.

Some questions remain unanswered: will the US scrap the FRTB reforms completely? will the PRA modify the ‘near final’ regulatory text to align with the Fed? will Europe continue in its sure path towards complete Basel IV adoption?

For now, we’ll just have to wait and see…

Co-authored with Cian Mellett
 
 
 
Matias Coggiola is a Manager at Oliver Wyman and specialises in Credit Risk modelling methodology and regulatory compliance. Prior to consulting, Matias spent several years as an industry practitioner working within a range of financial institutions across three continents. Matias joined Oliver Wyman in 2024 to help expand the Risk Delivery capability.

Cian Mellett is a Manager at Oliver Wyman and specialises in the development of Credit Risk models. Prior to joining Oliver Wyman, Cian worked for an Irish consultancy delivering a suite of credit risk models for Irish Pillar Banks across multi-year programs. Cian joined Oliver Wyman's Risk Delivery Team in 2024.

Foreword
Hello! And welcome to this exciting new bulletin, offering a curated selection of articles dealing with current affairs in the world of risk management

This first edition’s topic relates to the recent delay in Basel 3.1 implementation in the UK, and has been co-written by me and Cian Mellet. Keep an eye out for future editions featuring guest writers that have a lot to say about IRB modelling, AI adoption in banking, climate risk, and much more!

Matias

Hi RisbOWl community.

I have been thinking lately about the dynamics of the working relationship with 2nd and 3 LOD from a 1LoD perspective.

While there is much talk about these dynamics from a high-level, ERM or governance perspective, those of us who are in involved more on the day to day interactions need to make sure we 'walk the talk'.

While clear, continued communication is key, I have found the use of shared resources (such as evidence repositories, plans, collaborative query logs, etc) have really made a difference in the relationship we have built with our validators in the second line of defence.

What does the community think about common techniques for increasing cross-line of defence productivity.

Thank you in advance.

It has been a year after the PRA issued their Supervisory Statement on Model Risk Management principles for banks (https://www.bankofengland.co.uk/prudential-regulation/publication/2023/may/model-risk-management-principles-for-banks-ss). This statement is effective starting tomorrow.

Model risk teams all over the UK have reviewed their approach to MRM to be aligned with the 5 principles. As model risk is a risk discipline on its own right, institutions have had to (re-)develop tools, approaches and procedures, and boost their MRM capabilities to better manage their modelling suites.