On June 7, the FDIC issued Financial Institution Letter FIL-22-2017 announcing that, in order to provide consistency across institutions and agencies, it is adopting the 2011 model risk management supervisory guidance that was issued by the Federal Reserve (SR 11-7 ) and the OCC (OCC Bulletin 2011-12) thereby making the guidance applicable to certain FDIC-supervised institutions, namely those with $1 billion or more in total assets. The FDIC guidance defines the term “model” as “a quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates.” The FDIC indicated that banks’ heavy reliance on models in financial decision-making can come with costs, especially when the decisions are “based on models that are incorrect or misused.”

According to the FIL, the guidance contains “technical conforming changes” that make it relevant to institutions that are regulated by the FDIC, such as a “revised definition of 'banks' to reflect the FDIC's supervisory authority.”

Among other things, the FIL highlights that an effective model risk management framework should include the following:

  • “disciplined and knowledgeable development that is well documented and conceptually sound”;
  • “controls to ensure proper implementation”;
  • “processes to ensure correct and appropriate use”;
  • “effective validation processes”; and
  • “strong governance, policies, and controls.”

For institutions with assets totaling less than $1 billion, the guidance will only apply in certain circumstances, such as when “the institution's model use is significant, complex, or poses elevated risk to the institution.”