Ask any risk professional about model validation and expect to hear about the “independent challenge” of the math used to calculate the capital. But is it really? Is the second line really challenging the model or simply ensuring the business continues to meet the model approval “conditions”. I believe it to be the later.
To explore this further, let’s split model validation into two steps, model approval and model maintenance.
Model approval is a negotiation between the regulated firm and the regulators. A regulated firm argues for the parameters that give it the most favourable capital requirements so they can deliver shareholder value. While regulators look to ensure that the capital is sufficiently prudent to allow policyholder protection.
The CRO office (2nd line) facilitates this negotiation, helping to find the middle ground between commercial and social objectives of the business (1st line) and the regulators respectively. In my opinion, it is naive to think that the 2nd line has any influence over the parameterisation of the model.
Once the model is approved, the role of validation changes. The model validation post-approval is about ensuring that the terms of the agreement [model approval] are adhered to by the business. This does not mean challenging the math, rather ensuring a robust controls environment is in place that evidences that the business continues to honour the model approval terms.
Model validation is about enhancing the controls environment
I am often surprised by how many of the risk teams have overcomplicated the validation process, particularly in the Lloyd’s market. In many cases, these teams and individuals have created unnecessary operational overhead & reporting for themselves, the business and their Boards.
For me model validation is about two things:
- Having clear and accessible documentation which captures the terms of the model approval agreement. Once in place, I don’t expect this “agreement” to change much unless the business operations materially change; and
- Having an evidence-based control environment that identifies a dozen controls the Board can reference to get comfortable that the business continues to honour the terms of the model approval.
Anything else is an operational overhead that adds no value to the business.
If this is something that resonates with you, get in touch to learn more about how CoVi Analytics is making compliance simple.