Draft Circular - Regulatory Principles for Management of Model Risks in Credit

We have analysed the regulation and have provided a detailed summary of the key points and changes. You may avoid reading the whole regulation if you have read this.

This draft circular from the Reserve Bank of India (RBI) provides comprehensive regulatory principles for managing model risk in credit. It applies to all Commercial Banks, Cooperative Banks, Non-Banking Financial Companies (NBFCs), and All-India Financial Institutions. The circular addresses the increasing complexity and reliance on models in credit management, emphasizing the need for robust governance, validation, and oversight.

WHAT

• This draft circular outlines regulatory principles for managing model risk in credit for regulated entities (REs) like banks, NBFCs, and financial institutions. It covers the entire lifecycle of credit risk models, from development to validation, and includes governance, documentation, and oversight.

WHY

• The use of credit risk models is increasing due to advancements in technology and the complexity of financial products. However, these models carry inherent risks due to assumptions and data dependencies. Proper management of these risks is crucial to ensure that credit decisions are sound, compliant, and do not expose institutions to excessive risk or reputational damage.

HOW

The circular prescribes:

• Governance: REs must have a Board-approved policy for managing model risks.
• Model Development and Deployment: Guidelines for creating, validating, and updating models, whether developed in-house or outsourced.
• Validation: Independent validation of models before and after deployment, with regular reviews.
• Supervisory Review: RBI’s role in overseeing and potentially validating these models.

WHO IS IT IMPORTANT FOR

• Banks: Particularly those heavily reliant on quantitative models for credit decisions.
• NBFCs and Financial Institutions: Need to manage model risks in their credit processes.
• Fintechs and Tech Startups: Especially those offering credit scoring, lending, or financial risk assessment services, as they rely heavily on data-driven models.
• Regulators: To ensure financial stability and compliance in the use of credit risk models.

WHAT THEY NEED/NEED NOT DO

• They need to:
  • Develop and enforce robust policies for model risk management.
  • Ensure that models are properly validated and that their outputs are unbiased and reliable.
  • Maintain a comprehensive model inventory and ensure transparency in model usage.
  • Be prepared for RBI's supervisory reviews, including potential external validation.
• They need not:
  • Rely solely on outsourced models without ensuring proper understanding and control.
  • Overlook the need for regular updates and validation of models, especially after significant market changes.
  • Allow subjective overrides of model outputs without proper documentation and justification.

Key Sections

1. Definition

• Credit Risk Model: Any quantitative method using statistical, economic, financial, or mathematical principles to process data for credit decisions, such as credit scoring, loan pricing, risk analysis, loan loss provisions, and economic capital estimation.

2. Governance and Oversight

• Board-Approved Policy: REs (Regulated Entities) must have a Board-approved policy covering the entire lifecycle of models, including governance, model development, validation, change control, and documentation.
• Model Inventory: REs are required to maintain a comprehensive inventory of all models, whether insourced or outsourced, with critical information.
• Approval Process: Deployment of models and subsequent changes require approval from the Risk Management Committee of the Board (RMCB) or a designated Sub-Committee.

3. Model Development and Deployment

• Principles for Model Development:
  • Clear objectives and problem statements.
  • Robust inputs and assumptions to address model objectives.
  • Detailed documentation including sensitivity analysis.
  • Scalability and flexibility to adapt to dynamic conditions.
  • Integration with core banking and risk management systems.
  • Consistency, transparency, and verifiability of outcomes.
• Outsourced Models: Must adhere to the same principles. REs are responsible for ensuring the integrity and outcomes of these models, and agreements must allow REs access to technical documentation.

4. Model Validation Framework

• Independent Validation: Models must undergo an independent validation process before deployment, after material changes, and at least annually. External experts may be engaged for validation.
• Validation Criteria:
  • Review of assumptions for validity.
  • Verification of data accuracy and source reliability.
  • Compliance with regulatory/statutory instructions.
  • Assessment of model efficacy through back-testing.
  • Identification and correction of model limitations, biases, or discrimination.
• Reporting: Validation outcomes should be documented in understandable terms and compared against policy benchmarks. Results must be reviewed by the RMCB or the designated Sub-Committee.

5. Supervisory Review

• Supervisory Oversight: The RBI reserves the right to review and validate models, including those outsourced, through its officials or external experts. REs must ensure their contracts with third-party model providers allow for this supervisory evaluation.

6. Implementation Timeline

• New Models: Must comply with these guidelines within three months from the issuance of the circular.
• Existing Models: Must be validated according to the new guidelines within six months from the issuance date.

7. Repealed Instructions

• The circular repeals the "Guidance Note on Credit Risk Management" issued on October 12, 2002, specifically Chapter 3 related to Credit Risk Models.