Protiviti helps bank respond to regulatory action by performing independent BSA /AML model validation
Comply with the regulatory MRA notice; Identify areas where model controls and processes could be enhanced; Develop client’s competency
Provided specific analytic testing and recommendations for validation components.
Helped management understand the value and limitations of their models to make confident business decisions.
A regional bank with approximately $20 billion in assets engaged Protiviti to validate its Bank Secrecy Act (BSA)/anti-money laundering (AML) and fraud monitoring models as part of its newly developed model validation plan and to comply with regulatory requirements. Our client had not performed model validations before and did not have the subject-matter expertise required to validate its models. In addition, our client was under a Matter Requiring Attention (MRA) from a regulatory body, which required an independent validation of all critical BSA/AML models.
The bank selected Protiviti based on our experience validating BSA/AML models at other financial services institutions, and specifically because of our detailed approach using both quantitative and qualitative tools, which we use to perform independent model validations across our client base.
The Protiviti team was tasked with a three-fold project:
- Help our client comply with the regulatory MRA notice.
- Identify areas where model controls and processes could be enhanced.
- Help develop our client’s competency and subject-matter expertise around model validation.
Our Model Validation experts reviewed client documentation and provided specific analytic testing and recommendations for the following model validation components:
- Model governance and change controls – We assessed the adequacy of governance and change control processes, roles and responsibilities; adequacy of model ownership; and performance monitoring of models.
- Documentation – We reviewed the model validation framework, policies, procedures and standards.
- Data integrity controls – We assessed controls around information transfer to/from all relevant data sources to the models.
- Watch list and name matching validation – We assessed the watch list filtering system validation approach and methodology, as well as the filters utilised to screen the U.S. customer base.
- Scenario validation – We assessed the scenario validation approach, including the creation of a validation methodology; created scenario validation scripts to generate alerts or risk ratings; and validated the threshold values.
- Threshold validation – We assessed the threshold-setting process and methodology, tested the stability of current thresholds, and validated the threshold values.
At the completion of the project, we provided our client with a detailed report for each model, which included our understanding of the data inputs, data processing, controls and associated reporting, as well as a determination of whether each model uses reasonable assumptions, has controls that are appropriate in the current environment and is performing as expected. We discussed our findings with management, offered recommendations to improve model governance and performance, and proposed associated action plans and time frames for completion.
The client shared this information with the bank’s regulators as evidence that it had completed a thorough and independent validation of its critical BSA/AML models, providing the requested response to the MRA notice. In addition, our work helped our client develop a better grasp of models and model validation, which gave it confidence in its discussions with the regulatory body.
Protiviti’s Model Risk professionals help management and boards of directors understand the value – and limitations – of their models so they can make confident business decisions, advance business strategies and maintain regulatory compliance.
Models are simplified and idealised representations of the real world and are prone to errors in some cases. Further, because models are driven by assumptions and finite data inputs and then interpreted by people, model risk is inescapable. As a result, regulators and other stakeholders, such as auditors, investors and rating agencies, are demanding improved governance over the ever-expanding inventory of quantitative models.
Our independent, holistic validation process helps companies control model risk, prevents losses associated with model risk and enhances key stakeholders’ understanding of models. We also help organisations manage their portfolios of model risks by assessing, designing and implementing model governance programs.