Establishing Model Risk Management
http://ccro.org © Copyright 2025, CCRO. All rights reserved. 12
5. Model Risk Management Framework
5.1. Introduction
Basic Framework
An effective MRM program should enable a company to manage model-related risks and drive
value across the organization. This starts with a framework that includes provisions for people,
processes, technology, and data embedded in its core components. In addition, the framework
should have a strong organizational structure, a clear plan for delivery, a transparent model
inventory, and effective model data and security management.
It is the Working Group’s assertion that the MRM framework should be thoughtfully
considered to each company’s activities, exposure, and stakeholder expectations.
Principles of Effective Challenge
Organizations should address model risk at both the individual model and the aggregate level
using the guiding principle of “effective challenge.” Although it is not a regulatory requirement
for most energy market participants, SR 11-7 provides a useful definition of effective challenge:
“critical analysis by objective, informed parties that can identify model limitations and produce
appropriate changes.” Effective challenge should involve a combination of incentives,
competence, and influence across the model life cycle.
5.2. Framework Components
When designing an MRM framework, the company should consider organizational capabilities,
model prevalence and complexity, and enterprise risk tolerance. The MRM framework
typically should include the following.
• Governing Documents: An MRM Policy, controls, procedures, and other documents as
needed to ensure effective model risk governance.
• Committee Oversight: Either a Model Risk Oversight Committee or a standing agenda
item in Risk or Audit Committee meetings.
• Dedicated Modelers: A model development team or Subject Matter Expert (“SME”)
roles with specific modeling competencies.
• Independent Challenge: A model validation function or SME roles that report
independently of the model developers.
• Model Documentation: Requirements and document templates for models, model
testing, validations, and ongoing monitoring.
• Inventory: Model inventories with model owners, risk tiering, approved uses and users,
testing results, validation status, and supporting technologies.
• Reporting: Regular reporting for model development and validation status, policy
violations, and model risk estimates.
Recommendations:
http://ccro.org © Copyright 2025, CCRO. All rights reserved. 12
5. Model Risk Management Framework
5.1. Introduction
Basic Framework
An effective MRM program should enable a company to manage model-related risks and drive
value across the organization. This starts with a framework that includes provisions for people,
processes, technology, and data embedded in its core components. In addition, the framework
should have a strong organizational structure, a clear plan for delivery, a transparent model
inventory, and effective model data and security management.
It is the Working Group’s assertion that the MRM framework should be thoughtfully
considered to each company’s activities, exposure, and stakeholder expectations.
Principles of Effective Challenge
Organizations should address model risk at both the individual model and the aggregate level
using the guiding principle of “effective challenge.” Although it is not a regulatory requirement
for most energy market participants, SR 11-7 provides a useful definition of effective challenge:
“critical analysis by objective, informed parties that can identify model limitations and produce
appropriate changes.” Effective challenge should involve a combination of incentives,
competence, and influence across the model life cycle.
5.2. Framework Components
When designing an MRM framework, the company should consider organizational capabilities,
model prevalence and complexity, and enterprise risk tolerance. The MRM framework
typically should include the following.
• Governing Documents: An MRM Policy, controls, procedures, and other documents as
needed to ensure effective model risk governance.
• Committee Oversight: Either a Model Risk Oversight Committee or a standing agenda
item in Risk or Audit Committee meetings.
• Dedicated Modelers: A model development team or Subject Matter Expert (“SME”)
roles with specific modeling competencies.
• Independent Challenge: A model validation function or SME roles that report
independently of the model developers.
• Model Documentation: Requirements and document templates for models, model
testing, validations, and ongoing monitoring.
• Inventory: Model inventories with model owners, risk tiering, approved uses and users,
testing results, validation status, and supporting technologies.
• Reporting: Regular reporting for model development and validation status, policy
violations, and model risk estimates.
Recommendations: