How to comply with the OSFI Model Risk Management Guidelines

In brief

• The increasing reliance on models in the insurance sector has improved pricing and reporting capabilities but has also introduced significant model risks that could impact financial stability and reputation.
• The Office of the Superintendent of Financial Institutions (OSFI) has released a draft guideline emphasizing strong governance and controls throughout the model lifecycle, which includes seven key principles.
• The EY organization offers innovative tools to help organizations comply with OSFI’s draft principles, including the EY LIDA model validation solution and the EY Model Management Platform (MMP).

Understanding the critical role of model validation

In recent years, the increased use of and reliance on models for pricing and reporting has enhanced insurers’ modelling and computational performance. While this is a significant advancement, it has drastically changed processes and introduced several model risks, posing significant financial and reputational threats.

To address these risks, the Office of the Superintendent of Financial Institutions (OSFI) issued a draft revised principles-based guideline on model risk management, emphasizing the need for robust governance and controls.

Here, we offer a high-level interpretation of the draft OSFI Guideline on Model Risk Management (MRM) and explore how EY services can help facilitate adherence to the draft guideline principles.

By offering a robust cloud-based model inventory, rigorous validation of inputs and assumptions, along with independent recalculations and model analysis, our approach promotes an independent and transparent MRM process that enables insurers of all sizes to comply with OSFI’s draft principles and mitigate potential financial or reputational losses.

Key takeaways from the upcoming Model Validation Standards

The draft guideline reinforces the concept of a model lifecycle, encompassing the stages from raw inputs to deployment, validation, ongoing monitoring, modification and eventual decommissioning. The following image illustrates the process: 

Figure 1. Model lifecycle – Draft E-23 Guideline. Office of the Superintendent of Financial Institutions, 2023.

According to OSFI’s draft guideline, an MRM framework must be integrated into the model lifecycle and must follow seven principles, which can be summarized as follows: 

• Principle 1: Integration – Processes and controls implemented at each phase of the model lifecycle. 

• Principle 2: Scalability – Processes and controls should be proportionate to the organization’s size and complexity. 

• Principle 3: Holistic – The MRM framework should provide an enterprise-wide view of model risk exposure. 

• Principle 4: Centralization – A centralized and robust model inventory should be implemented as an authoritative record of all models currently in use and recently decommissioned. 

• Principle 5: Relevance – Processes and controls should be proportionate to the model’s importance and complexity. 

• Principle 6: Interdependence – The model should recognize the interdependence between data and model risk with adequate data governance policies. 

• Principle 7: Dual assessment – A model risk rating should be implemented based on qualitative and quantitative criteria. 

We’ve developed an offering to help insurers in their journey to implement MRM with a tool that integrates with their existing actuarial models. These tools include: 

• EY LIDA: Life Insurance Digital Analytics 

• EY MMP: Model Management Platform  

• EY Policy Formulation 

Navigating challenges: how to address key issues with EY LIDA

EY LIDA is a model validation offering designed to work with your existing actuarial modelling tools such as AXIS, Atlas, PathWise, Slope, Prophet and other actuarial software. Its primary purpose is to enable users to thoroughly review and validate model inputs and assumptions, as well as to perform independent liability recalculations.

LIDA performs robust validations from the data stage to the validation stage. It also facilitates subsequent phases by providing a transparent and efficient dashboard view of model components and outputs, giving senior executives continuous visibility and enabling them to perform reasonability checks.

Data validation: LIDA conducts extensive checks on data, including financial and nonfinancial assumptions, identifying missing data, errors and problematic cohorts to enhance accuracy, completeness and fitness for use. It also helps identify the most material areas to test, performing verifications on the tables and assumptions that are the most significant and relevant to the model’s purpose.

LIDA further enhances data traceability and compliance with OSFI principles by clearly linking model inputs and assumptions to their authoritative sources. This enhanced focus on the interdependence between data quality and model risk aligns directly with OSFI’s draft guideline Principle 6. Without LIDA, independent reviewers would need to spend considerable time understanding the model, often resulting in incomplete or biased validations.

Development validation: LIDA provides the modeller with suitable data that has been independently reviewed and controlled during the data validation stage, with additional data cleansing if needed. This process enhances confidence in the selection of inputs and the soundness of assumptions used in the model.

Subsequently, LIDA independently recalculates millions of policies in minutes. Following recalculation, it aggregates results, validating and comparing liability calculations and CSM roll-forwards with the reviewed model results.

Through interactive, high-level or granular visualizations, LIDA links inputs to outputs, verifies model calculations and facilitates the assessment of result reasonableness. As a result of the controls, independent calculations and aggregated visualizations LIDA performs, model approval can be completed with greater confidence. This process can be adapted to the importance and complexity of the models, with greater focus on more influential models, enabling adherence to Principle 5 of the guideline.

LIDA also assists during the deployment stage by independently testing model outputs post-deployment to deliver a sound final model. Additionally, LIDA can perform ongoing independent checks and recalculations to continually monitor the model or validate modifications, such as changes in financial and nonfinancial assumptions or other model changes. This is directly related to Principle 1 of the Guideline, so that processes and controls are implemented at each of the lifecycle components.

EY MMP

The EY Model Management Platform (MMP) is a broad solution designed to enhance model risk management through a suite of accelerators, all integrated into a single platform. MMP provides a robust model risk management framework to help your organization properly comply with OSFI’s draft guideline. This flexible and configurable model governance tool encompasses data, technology and regulatory aspects, streamlining processes and fostering a culture of smart working.

Key features include:

Model inventory management, providing a catalog that categorizes all models within an organization by their names, IDs, risk ratings, validation dates and families. It also links user access to certain model families to provide restricted and controlled access and proper governance.

Model lifecycle management, allowing users to track each model through its eight lifecycle stages, with the ability to add comments and attachments at each stage, facilitating thorough documentation and oversight.

Model risk rating, allowing users to assess and categorize models based on their risk ratings. Models of lower importance have simpler profile configurations, while more significant models are accompanied by more comprehensive profile configurations.

Model documentation, allowing users to provide insights, findings and comments, and including attachments, resulting in a detailed audit trail.

Detailed reports and visual analytics, allowing senior management to make informed decisions based on aggregate model risk exposure, model risk ratings, validation findings and the overall status of model reviews.

MMP supports your organization’s compliance with OSFI’s draft guideline MRM Principles 4, 5 and 7 by promoting accountability, up-to-date documentation, model risk rating and continuous monitoring.

EY policy formulation

The successful use of EY LIDA on existing actuarial models and EY MMP really hinges on having strong policies and guidelines in place for MRM. With a large global network of actuaries and risk professionals, EY is well equipped to craft detailed policies and guidelines that cover model risk governance and classification, development, validation, output, maintenance and model change management.

EY teams have deep knowledge and experience helping organizations adhere to Principles 1, 2, 5 and 6, which highlight the importance of establishing effective and robust policies and processes.

We not only provide you with a service; we strive to be trusted professionals in writing policies to help you navigate the complexities of model risk management with confidence.

Conclusion

In conclusion, the increasing reliance on models has undoubtedly enhanced insurers’ capabilities in pricing and reporting. However, it has also introduced significant model risks that require a structured approach to risk management. The draft OSFI guideline provide a comprehensive framework for addressing these risks through robust governance and controls throughout the model lifecycle.