Checkbox Compliance

Why Model Risk Management (MRM) is a superior approach

A more effective alternative is to borrow principles from Model Risk Management (MRM), an established framework used by financial institutions to manage and govern complex models. MRM is not just about ticking boxes but focuses on increasing the understanding of models through rigorous processes, policies, and standards. Here’s why an MRM-based approach is better suited to AI governance:

• Deep understanding of models: MRM frameworks emphasize the need to understand model behavior in-depth, which is critical for AI systems that are inherently complex. By focusing on model validation, stress-testing, and performance monitoring, MRM ensures that risks such as bias, drift, and ethical issues are continuously assessed and addressed.
• Built-in regulatory compliance: Just as in finance, where following a well-designed MRM framework ensures compliance with regulations like Basel II or III, an MRM-based AI governance framework can be structured to ensure regulatory compliance as a byproduct. By embedding regulatory standards into governance policies and processes, compliance becomes automatic rather than a separate exercise.
• Proactive risk management: While checkbox compliance is reactive, MRM encourages organizations to proactively manage risks by continuously monitoring and auditing models. This approach helps identify issues early, reducing the likelihood of model failures or regulatory breaches.
• Adaptability to evolving risks: AI regulations are still evolving. An MRM-based framework is adaptable by design, meaning organizations can easily update their policies and procedures to stay compliant with new regulations. This flexibility is crucial as the AI regulatory landscape continues to mature.

Addressing technological hurdles: Observability over interpretability

One common criticism of applying MRM principles to AI governance is the challenge of model interpretability. Many AI systems, especially deep learning models, function as “black boxes,” making it difficult to apply traditional interpretability methods required by regulations. However, MRM frameworks already deal with opaque vendor models in finance, and similar principles can be applied to AI governance by focusing on observability.

• Observability: Instead of trying to interpret every aspect of a black-box model, observability focuses on monitoring the model’s outputs, performance metrics, and behavior in real time. By closely tracking the inputs and outputs, organizations can detect anomalies, bias, or drift without needing to fully understand the inner workings of the model.
• Enhanced monitoring and validation: MRM frameworks emphasize stringent monitoring, especially when models are non-interpretable. Combining observability with advanced monitoring tools and automated validation processes can mitigate risks in AI systems, ensuring compliance without sacrificing the benefits of complex models.

Challenges and hybrid solutions

While MRM-based governance has clear advantages, it’s not without challenges. Implementing this framework requires more resources, both in terms of human expertise and technical infrastructure, than a simple checkbox compliance tool. Smaller organizations or those without deep AI expertise may find it difficult to scale this approach.

However, the long-term benefits, reduced model risk, better compliance, and improved model performance, justify the investment. Additionally, hybrid approaches, where observability complements interpretability, can provide a balanced solution for organizations struggling to explain complex models while still managing risk.