FirstRand needed to gain a single view of model risk across various franchises, segments and geographies, while meeting compliance obligations.Using SAS Model Risk Management it was able to get a full inventory of credit models, gain an epectation to meet all regulatory deadlines, and improved Group communication and model ownership.The FirstRand Group is unlike any financial institution in South Africa. Rather than having just one risk management team to oversee, the Group Credit Risk Management Department looks after FNB (retail and commercial banking), WesBank (vehicle and asset finance) and RMB (corporate banking).At any given time, the group manages more than 400 model risk instances across various franchises and segments, in a number of geographies.As the custodian of credit risk management, the department is responsible for:* Setting minimum requirements for how credit risk is managed* Reviewing and challenging credit risk profiles across the group* Managing risk associated with credit risk models* Consolidating and submitting group credit regulatory returns”As soon as we lend money to a customer, there’s a risk that the customer will not pay their instalments,” says Engelbert Meyer, head of group credit risk management at FirstRand.”When managing this risk, we need appropriate tools that allow us to approve or decline applications, ensure appropriate risk-based pricing, and ensure that we have sufficient reserves and capital to cover expected and unexpected losses.”
ChallengeStatistical models are increasingly being used to inform credit risk management-related decisions.Until recently, FirstRand used a manual solution that relied on individuals maintaining model inventories and related metadata on spreadsheets.”This approach was inadequate, inefficient and introduced continuity and accountability issues, especially when people left or moved within the organisation,” says Meyer.A manual approach also introduced governance risk, including missed deadlines or inaccurate data.”With risk management models becoming more complex, we could no longer rely on a manual process and spreadsheets. If we wanted to effectively manage risk, we needed sophisticated statistical models and a framework that set minimum requirements for how credit risk models should be governed within the Group,” says Meyer.The only way to effectively execute this framework, Meyer believed, was to implement a robust infrastructure with tailored automated process flows that applied consistent governance requirements.
SolutionFirstRand knew what it needed in a model risk management solution:* Automated process flows that could be tailored in-house* Robust access control* Documentation inventory and change control* The ability to define and allocate model roles* Dashboarding capabilities* Improved communication and accountability within teams* Ongoing vendor supportAfter a rigorous RFP process, FirstRand selected SAS’ Model Risk Management solution, which provides enterprise-level oversight throughout the model lifecycle. Through centralised model information management, risk teams and regulators get greater insight into model risk concentrations and can keep pace with changing risk policies and regulations.”SAS was already widely used across the Group for credit risk models, so we identified an initial integration benefit and simpler change management requirements as a result,” says Meyer. “The MRM solution was clearly advanced and we felt that it was designed from a technical credit risk modelling point of view, rather than a compliance or audit one.”The benefit of transitioning from a manual to an automated solution was that it could be implemented in parallel with minimal disruption. FirstRand opted for a staggered implementation approach, which Meyer believes minimised implementation challenges.
ImplementationImplementation in the development environment began in May 2016 and was completed in October. The solution went live in February 2017, after all historical data was uploaded.”SAS assisted with the initial training. Even though we had to play around with the solution to get a full understanding of it, we were confident that SAS understood our requirements and provided valuable advice along the way,” says Meyer. “We had become used to complexity but SAS reined us in so that we didn’t over-complicate the process.”Because of the complexity of our environment, and because we deal with multiple stakeholders, we didn’t believe that the standard solution would help us to meet our regulatory and compliance obligations. But we were able to localise the solution and adapt it to our governance needs — with less complexity than we expected or were used to.”It was the first time that the SAS Model Risk Management solution had been implemented locally. Ralf Mason, one of the project managers for the roll-out, said, based on FirstRand’s specific requirements and the Reserve Bank’s reporting requirements, it quickly became apparent that the out-of-the-box solution was not going to help the bank meet its goals.”Fortunately, the MRM solution is highly customisable, robust and flexible, so we were able to write custom functions and tailor workflows to FirstRand’s specific business processes. We were also able to produce custom reports for reporting requirements. This meant that the roll-out took longer than originally planned but this enabled us to optimise business processes,” says Mason.”The team at FirstRand were really invested in this process and demonstrated considerable in-house SAS expertise. This meant we could quickly engage on any issues that arose and could rapidly find a solution in most cases. The project reiterated for SAS that successful implementation requires a highly flexible, adaptable and iterative approach, with close collaboration between the solution partner and the client — and I think SAS and FirstRand got it right,” says Mason.FirstRand was able to develop a bespoke IFRS9 process flow, which Meyer expects will substantially streamline the external audit process related to IFRS9 models.
BenefitsIt’s still early days but FirstRand now has a full inventory of all credit models used for regulatory capital purposes — with associated metadata and model roles defined and assigned consistently. This has already assisted with audit and regulatory engagements.”Guided off this base, we expect that we will meet all regulatory timelines as there aren’t any gaps in metadata or communication. We also expect improved model ownership; simplified audits through a single point of contact and full audit trail; and consistent application of our risk-based model governance requirements,” says Meyer.”The South African banking industry is one of the most complex and highly scrutinised in the world. Any change in an existing model, or the creation of a new one, has to be approved by the regulator.Because these models are so complex, the associated risk needs to be managed effectively. For FirstRand, that warranted a need for a single, holistic, automated infrastructure to govern models across the lifecycle. Based on the feedback from users, SAS has given us that flexibility and security.”