Models are fundamental to financial institutions. From evaluating an asset’s performance to forecasting the future value of investments, models act as a guiding light to sound business decisions. However, the increasing volume and complexity of transactions, coupled with the adoption of AI and ML for advanced analytics, has significantly increased the risk of these models producing unreliable and inaccurate outputs.
And what is the cost of these erroneous models? Ask JP Morgan’s Central Investment Office (CIO), and they’ll tell you about the $6.2 billion in trading losses from a flawed Value at Risk (VaR) model and a further $900 million in regulatory fines. It is therefore vital for organizations to assess and manage model risk using a combination of comprehensive testing, robust governance policies, and independent reviews. One of the risk mitigation frameworks that blends all these strategies together is the 3 Lines of Defense (3LoD) Framework.
In this blog, we first learn what the 3LoD framework is and then apply it to model risk management, diving deeper into the roles and responsibilities of each line of defense.
The 3 Lines of Defense (3LoD) Framework
The 3 Lines of Defense (3LoD) framework is an overarching risk governance framework that spreads out the responsibilities for operational risk management across 3 different functions. With clear roles and responsibilities assigned to each of these functions or “lines of defense,” organizations can ensure that they are well prepared to identify and address any dangers before they hamper operations. Let’s now look at what constitutes each line of defense for any organization:
First Line of Defense
Who?
Model owners and model development teams form the first line of defense. They are generally domain experts with strong mathematical, statistical and programming knowledge (e.g., quants and data scientists) whose daily work includes preparing data, building and training models, as well as documenting development evidence.
Responsibilities
The first line of defense needs to ensure that appropriate risk controls are in place for model development and used to prevent and identify model risk at an early stage. These risk controls include:
Second Line of Defense
Who?
Model validation and model governance teams form the second line of defense and complement the first line in risk management.
Responsibilities
While the second line of defense can have certain overlaps in responsibilities with the first line as in model monitoring, some of the main tasks that the second line is uniquely responsible for are:
Third Line of Defense
Who?
Internal auditors form the third line of defense. They generally perform model risk audits on a particular line of defense or type of model.
Responsibilities
Model risk internal auditors provide independent assurance on the functioning of the first two lines of defense to an organization’s governing body like its board of directors. They objectively assess the risk controls in place on models and check whether the compliance measures in place are being adhered to. The third line of defense serves as a support function to the governing body with impartial insights and helps in ironing out any inefficiencies in the end-to-end management of the model lifecycle.
Holistic Model Risk Management with Yields
Yields is an award-winning and adaptable technology that manages your end-to-end model lifecycle effectively. Its solution is pre-configured based on model risk management standards such as SR 11-7 and SS1/23, and can be further customized by business users to align with their internal model risk policies and procedures. It does not depend on internal IT teams for making changes.
A key benefit of the technology solution is that it facilitates collaboration across the 3 lines of defense. For instance, Yields offers automated model documentation capabilities, ensuring standardized documentation across your organization for streamlined model maintenance, governance, and robust validation processes. Furthermore, models can be tested at scale through standardized reusable routines with full reproducibility of results, improving the reliability and efficiency of your models.
If you’re interested in learning more about the Yields Model Risk Management platform while incorporating a 3 Lines of Defense framework for your organization, book a demo today!