Model Risk Management in central counterparties (CCPs) is a topic that you probably will not see on the front page of risk magazines. It isn’t being discussed in the cafes in Brussels, or attracting large audiences to industry workshops in London. However, its importance to the risk management of CCPs, and financial market infrastructures (FMIs) more broadly, should not be underestimated. As the challenges faced by banks during 2007 and 2008 illustrate, if model governance practices are ill-designed or not followed, incentives to enhance the robustness of risk systems can be reduced, at the same time that additional and detrimental regulatory trade-offs could emerge across jurisdictions.
Earlier this year the European Association of CCP Clearing Houses (EACH) published a technical working paper drawing attention to the theme, and I want to highlight some of the important ideas laid out in the note. On 12 December 2019, amendments to the European Market Infrastructure Regulations (EMIR), also referred as EMIR 2.2, were published in the Official Journal of the European Union. These amendments introduced a number of important alterations to EMIR, including some that have already entered into force, and others that are yet to come. Requirements concerning the governance of models and parameters in CCPs, present in the alterations, ignited a discussion amongst CCP risk managers, ideas summarised in the EACH note.
Model governance broadly refer to the set rules, policies and procedures designed to manage the life-cycle of models and their parameters. These rules govern, for instance, the model change proposals, alterations of parameters and independent validations, amongst many other aspects. The practices of managing model risk are certainly not new to financial institutions, but it was the under-performance of some bank risk models during the 2007-2008 crisis that triggered a revamp of the existing governance procedures. Following the milestone publication of SR 11-7 by the FED and OCC in early 2011, a number of important developments followed in both the internal practices of institutions and the legal framework of various jurisdictions.
In the world of FMIs, this pattern was similar. In 2012 CPSS and IOSCO published the Principles for Financial Market Infrastructures, setting out at global level minimum regulatory standards for risk management of FMIs. Accountability for adequate model governance is set at the board level, and the need for model risk management and independent validations are present in various parts of the 24 principles. While the initial impetus was understandable, questions about how to best achieve the desired degree of model resilience have arisen over the years. Fast forwarding to today, there seems to be a need for reflection on the trajectory of the reform.
The theory of public policy has devoted substantial efforts to establish the principles of a “good” regulation and, appropriately, the necessary processes in its development. Similarly to other normative fields, the key element in this process is the structure of incentives of policy-makers. Naturally, under the mandate of reducing model risk at FMIs, regulators have increasingly defined prescriptive requirements on how such institutions should govern their models and parameters. If accountability exists, it is better to be safe than sorry by setting detailed and objective requirements.
Increasing regulatory involvement
In this new world every decision related to models, their inputs, parameters, or the framework created to test them has to be submitted to a regulator. When a CCP wants to expand the period used to estimate the volatility of its margin model from one year to two years, for instance, a regulatory request has to be issued. If new stress shocks, such as those observed during the Covid-19 pandemic, are to be included in the stress testing framework, another regulatory submission is required. And with models typically described in technical specifications, and their governance established in policies and procedures, another set of approval requests may be triggered to reflect any alterations to those documents.
The level of prescription on the oversight and supervision performed by regulators is certainly not unique to one jurisdiction. Most likely different CCPs will have distinct obligations from the illustrative ones highlighted above. However, what is common across all of them is the increasing level of involvement of regulators in the model governance of CCPs. In Europe this trend is perceptible under the provisions of the well-known EMIR Article 49 and the forthcoming changes brought by EMIR 2.2. In such a realm, model and parameter changes that are deemed significant according to the regulation have to go through additional layers of governance, including independent validation, ESMA sign-off, and EMIR college approval.
The challenges engendered by such regulatory architecture have multiple facets. The experience of CCPs shows that an EMIR Article 49 approval can be prolonged. Divergent interpretations of testing set and coordination, amongst other factors, can make the external regulatory process last for almost a year. If internal governance is to be considered, where independent validation, consultation with clearing members and Board approval are necessary, a timeframe close to a year and a half might be optimistic. This scenario would be adequate if thresholds for deeming a change significant were high enough that they would only be triggered under special circumstances. However, this might not be the case, and a simple implementation of a new stress scenario may be sufficient to ignite the process according to an ESMA opinion published in 2016, and consultation currently underway.
The elongated and complex model governance procedures designed by regulators might by now have started producing contradictory outcomes to those initially intended. The cost-benefit assessment of maintaining the modelling framework at the state-of-the-art, and keeping parameters up-to-date for prevailing market conditions, are not so simple any more. And because these governance procedures are not homogeneous across different jurisdictions, relevant regulatory trade-offs are starting to emerge, worsening the structure of incentives faced by CCPs.
The argument here, and in the original EACH paper, is not that CCPs should be exempt from the model risk governance performed by regulators. On the contrary, CCPs are risk managers by nature, and the quality of the modelling used on those activities goes hand-to-hand with the governance supporting it. However, accountability and responsibility should not be confused. CCPs are responsible for the day-to-day management of their models. Complementarily, regulators have the important role of overseeing those practices, using legislation to establish the boundaries of appropriate action. But if constraints are so narrow and time-consuming to navigate that the allocation of responsibility becomes unclear, then there is a problem.
It should not be a surprise that when incentives faced by policy-makers point in the direction of more prescription, very little is to be expected for a change of course. However, reflections over the consequences of co-mingling accountability and responsibility could act as a counterbalance, and hopefully CCPs and regulators can together build a stronger and safer industry in the years to come.