Model risk management

A prudent blueprint outside of financial services

What is Model Risk?

Risk, Regulatory and Compliance

Model risk refers to the potential for adverse outcomes stemming from models producing incorrect or misleading results. This risk originates not only from design flaws, data inaccuracies, or implementation errors but also significantly from the misuse of models. Misuse can occur when models are applied in contexts for which they were not designed, or when model outputs are interpreted incorrectly or manipulated. In the context of artificial intelligence (AI) and machine learning (ML), model risk encompasses the inaccuracies and uncertainties inherent in models that process and analyze vast datasets to make predictions, decisions, or recommendations. This risk is amplified by the complexity, opacity, and dynamic nature of AI/ML models, making it challenging to predict and quantify the ramifications of model failures accurately.

Why Does Model Risk Matter?

The impact of Model Risk can extend far beyond mere financial losses, touching on ethical, societal, and safety issues. To pull on an example many are likely familiar with at this point, in the field of automotive engineering, AI and ML models play a central role in the development of autonomous vehicles. These models must accurately interpret sensor data to make split-second decisions regarding vehicle navigation and safety. A failure in these models, such as misinterpreting a stop sign as a yield sign due to flawed training data, could lead to severe accidents, endangering passengers and pedestrians alike.

This sort of example, which can be made for many engineering problems and increasingly in the realm of healthcare, underscore the importance of managing model risk not only to prevent economic losses but also to protect public trust and ensure the ethical and safe application of AI/ML technologies.

What is Model Risk Management (“MRM”)?

MRM is a structured, iterative approach to identifying, assessing, mitigating, and monitoring the risks associated with the use of models. It involves a set of practices designed to ensure models are developed, implemented, and used appropriately, especially in relation to their potential impact on decision-making processes. KPMG outlines a model risk management lifecycle that encompasses six key stages:

  1. Model Planning: This initial phase involves defining the scope, objectives, and design of the model. It includes identifying the decisions the model will inform and the potential risks associated with its application, laying the groundwork for a risk-aware development process.
  2. Model Development: In this stage, models are built according to the specifications established in the planning phase. This includes selecting appropriate data, methodologies, and algorithms. Documentation of the development process is an expected output from this stage to facilitate both transparency to independent parties and subsequent validation efforts.
  3. Model Validation: The process that evaluates a model's theoretical framework, data input, output, and underlying assumptions to confirm its appropriateness for the intended purpose(s). It involves both quantitative and qualitative assessments to identify any issues in the model's design, data quality, or operational functionality. Validation is an ongoing necessity, extending beyond initial deployment to address any changes in model use, data, or surrounding circumstances that could affect performance.
  4. Model Implementation: Once validated, the model is deployed within its operational environment. This stage requires integration into existing systems and processes, ensuring that the model operates as intended in real-world conditions.
  5. Model Use and Monitoring: Models should be monitored on an ongoing basis to ensure that they continue to perform as expected over time. This includes tracking the model's output, assessing its impact on decision-making, and identifying any drift in performance or changes in the underlying assumptions that may necessitate adjustments.
  6. Model Changes and Adjustments: The lifecycle is iterative, and models may require adjustments in response to performance issues, changes in the operational environment, or shifts in the model's objectives. This stage involves reviewing and implementing necessary changes to the model, followed by re-validation to ensure continued accuracy and reliability.

Benefits of Establishing a Model Risk Program

  • Enhanced Model Accuracy and Reliability: A structured model risk program involves validation and testing of models before their deployment and during their operational life. This process helps in identifying and correcting errors, enhancing the models' accuracy and reliability.
  • Stakeholder Confidence: Transparent model risk management practices, including comprehensive documentation and clear communication of model functionalities and limitations, build stakeholder confidence.
  • Liability Mitigation: In the event of legal action, being able to demonstrate that the company had a comprehensive risk management process in place can be a powerful defense. It shows diligence in attempting to prevent harm or loss, which can mitigate liability or reduce the severity of judgments against the company.

Foundational Elements of a Model Risk Management Program

  • Governance Structure: A well-defined governance framework ensures accountability and facilitates coordinated action in managing model risks. This structure should define the roles and responsibilities of individuals involved in the model's lifecycle, from development and validation to deployment and ongoing monitoring.
  • Model Inventory: Keeping a detailed inventory of all models, including their development history, purpose, relatively risk, etc., serves as the foundation for managing model risk. The inventory serves as the central system of record, enabling tracking of governance adherence, model performance, and the firm’s outstanding model risk.
  • Validation and Testing Protocols: Independent validation and testing protocols are at the heart of a model risk management program. These protocols should include components such as performance, stability, sensitivity, and explainability testing. The goal is to ensure that models are robust, perform as expected under a wide range of conditions, and do not introduce unintended biases.
  • Documentation and Transparency: Detailed documentation for each model, including its design, development processes, and performance metrics, supports transparency and independent model validation.
  • Ongoing Monitoring and Review: Models must be regularly reviewed and monitored for performance against real-world outcomes. This ongoing process helps identify when models deviate from expected behaviors, allowing for timely adjustments or model recalibration to address emerging risks.

What Should You Do Now?

Companies outside the financial sector using AI and ML should consider the following:

  • Conduct a thorough risk assessment to understand the extent of their model risk exposure and ensure it is within your firm’s risk appetite.
  • Develop a model risk management framework based on the foundational elements discussed above.
  • Cultivate or acquire expertise in AI/ML and risk management.
  • Promote a culture of risk awareness and ethical considerations in AI/ML development and application.
  • Engaging in collaborative efforts to stay abreast of best practices and innovations in model risk management.

Broadening the application of model risk management practices is increasingly important in today's technology-driven landscape. By proactively addressing model risk, companies across various industries can enhance the accuracy, reliability, and safety of their AI/ML applications, fostering public trust and ensuring the ethical use of these transformative technologies.

Dive into our thinking:

Model risk management

A prudent blueprint outside of financial services

Download PDF

Explore more

Meet our team

Image of Benjamin Harden
Benjamin Harden
Advisory Managing Director, KPMG
Image of Kevin M Lowery
Kevin M Lowery
Director, Advisory, Regulatory & Compliance, KPMG US

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP\'s . Privacy Statement

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Headline