Skip to main content
Back Custom print Text Only Rich Text Print

  • Introduction

    • 1 Context and Objectives

      • 1.1 Regulatory Context

        1.1.1
                 		The Risk Management Regulation (Circular No. 153/2018) issued by the Central Bank of the UAE (“CBUAE”) on 27th May 2018, states that banks must have robust systems and tools to assess and measure risks. In particular, when models are used, they must be managed appropriately to support decision-making.
         
         (i)
                 		Article 2.1: “A bank must have an appropriate risk governance framework that provides a bank-wide view of all material risks. This includes policies, processes, procedures, systems and controls to identify, measure, evaluate, monitor, report and control or mitigate material sources of risk on a timely basis (…).”
         (ii)
                 		Article 4.1: “A bank must have systems to measure and monitor risks which are commensurate with the risk profile, nature, size and complexity of its business and structure.”
         (iii)
                 		Article 4.3:Where a Bank uses models to measure components of risks, it must have appropriate internal processes for the development and approval for use of such models and must perform regular and independent validation and testing of the models (…).”
         
        1.1.2
                 		Consequently, the Model Management Standards (“MMS”) present modelling practices that must be implemented by banks in the UAE, if they decide to employ models for decision-making. These standards are based upon practices deemed appropriate within the financial industry internationally with consideration of local circumstances. The MMS therefore represent the minimum requirements to be met within the UAE.
         

      • 1.2 Objectives

        1.2.1
                 		Models are an integral part of decision-making within UAE banks for risk management, business decisions and accounting. Banks employ models to comply with several regulatory and accounting requirements, including, but not limited to: (i) IFRS9 accounting requirements, (ii) capital forecasting, (iii) Pillar II capital assessment, (iv) regulatory stress testing requirements, (v) risk management of capital market activities and (vi) valuation adjustments. In addition, banks employ models to manage their business effectively, for instance with pricing models, portfolio management models and budgeting models.
         
        1.2.2
                 		When using models to support decisions, banks are exposed to potential losses occurring from making decisions based on inappropriate models or the incorrect usage of models. This potential loss and the associated adverse consequences are referred to as Model Risk. Further details are provided in the definition section.
         
        1.2.3
                 		In light of this large and complex landscape, the MMS has three key objectives. The first objective is to ensure that models employed by UAE banks meet quality standards to adequately support decision-making and reduce Model Risk. The second objective is to improve the homogeneity of model management across UAE banks. The third objective is to mitigate the risk of potential underestimation of provisions and capital across UAE banks.
         

      • 1.3 Document Structure

        1.3.1
                 		The MMS are accompanied by the Model Management Guidance (“MMG”), which expands on technical aspects by model type. Both the MMS and MMG should be read jointly as they constitute a consistent set of requirements and guidance, as follows:
         
         (i)
                 		Part I of the MMS outlines general standards applicable to all models. They represent the key components of the Model Management Standards.
         (ii)
                 		Part II of the MMS outlines specific requirements for the application of the standards. Both Part I and Part II constitute the minimum requirements to be met by a model and its management process so that the model can be used effectively for decision-making.
         (iii)
                 		The MMG expands on technical aspects that are expected to be implemented by UAE banks for certain types of models. Given the wide range of models and the complexity of some models, the CBUAE recognises that alternative approaches can be envisaged on specific technical points. However, deviations from the MMG should be clearly justified and will be subject to CBUAE supervisory review.
         
        1.3.2
                 		The MMS is constructed in such a way that all points are mentioned sequentially and each point is a unique reference across the entire MMS. Throughout the document, the requirements associated with ‘must’ are mandatory, while those associated with ‘should’ are strongly recommended as they are regarded as robust modelling practice. The articles of the MMG are all articulated with ‘should’.
         
        1.3.3
                 		Both the MMS and the MMG contain an appendix summarising the main numerical limits included throughout each document, respectively. The summary is expected to ease the implementation and monitoring of these limits by institutions and the CBUAE.
         

    • 2 Implementation

      • 2.1 Scope of Application

        2.1.1
                 		The MMS and the MMG apply to all licensed banks in the UAE, which are referred to herein as “institutions”. This scope covers Islamic institutions.
         
        2.1.2
                 		All institutions must ensure that their models meet minimum quality standards. Simple models must not be confused with poorly designed models. Poorly designed models can be misleading and interfere with sound decision-making. Consequently, the MMS and the MMG apply to all institutions irrespective of their size or sophistication. Small and/or unsophisticated institutions can employ simple models that are properly designed.
         
        2.1.3
                 		At a minimum, UAE branches or subsidiaries of foreign institutions must apply the MMS and the MMG. Where certain elements of the requirements of the parent company’s regulator are more stringent, then these requirements should be implemented. The degree of conservatism must be assessed for each model individually and the associated calibration. The compliance of the UAE branch or subsidiary with the MMS / MSG may require the operational support of their parent company.
         
        2.1.4
                 		An institution that is a parent company incorporated in the UAE must ensure that all its branches and subsidiaries, that are also institutions, comply with the MMS and the MMG.
         

      • 2.2 Requirements and Implementation Timeframe

        2.2.1
                 		The MMS and the MMG will be effective one day after their publication date.
         
        2.2.2
                 		All institutions are expected to identify gaps between their practice and the MMS and MMG and, if necessary, establish a remediation plan to reach compliance. The outcome of this self-assessment and the plan to meet the requirements of the MMS and the MMG must be submitted to the CBUAE no later than six (6) months from the effective date of the MMS.
         
        2.2.3
                 		Institutions must work towards compliance in a proactive manner. They must demonstrate continuous improvements towards meeting these requirements within a reasonable timeframe. This timeframe will be approved by the CBUAE following a review of the self-assessments. The CBUAE will take a proportionate view in its assessment of the proposed time to reach compliance, taking into consideration the size and complexity of each institution. The remediation plan and the associated timing must be detailed, transparent, and justified. The plan must address each gap at a suitable level of granularity.
         
        2.2.4
                 		Institutions, which repeatedly fall short of the requirements and/or do not demonstrate continuous improvement, will face greater scrutiny and could be subject to formal enforcement action by the CBUAE. In particular, continuously structurally deficient models must be replaced and must not be used for decision-making and reporting.
         
        2.2.5
                 		The path to remediation may involve reducing the number and/or complexity of models in order to improve the quality of the remaining models. Subsequently, and subject to remediation needs, the institution could increase the number of models and/or their complexity while maintaining their quality.
         
        2.2.6
                 		Institutions must achieve and maintain full compliance with respect to the general principles described in Part I and Part II of the MMS. For the MMG, whilst alternative approaches can be considered, the focus is on the rationale and the thought process behind modelling choices. Institutions must avoid material inconsistencies, cherry-picking, reverse-engineering and positive bias, i.e. modelling approaches that deliberately favour a desired outcome. Evidence of an institution defying the general principles in this way will warrant a supervisory response ranging from in-depth scrutiny to formal enforcement action.
         
        2.2.7
                 		For statistical models in particular, institutions must focus on the suitability of their calibration, whether these models are relying on internal data or external data. Lack of data will not be an acceptable reason for material models to fall short of these requirements. Instead, institutions must implement temporary solutions to mitigate Model Risk until models based on more robust data sets are implemented. Institutions must avoid excessive and unreasonable generalisations to compensate for lack of data.
         

      • 2.3 Reporting to the CBUAE

        2.3.1
                 		Once a plan to reach full compliance is decided and approved, institutions must report their remediation progress to the CBUAE at regular intervals, as agreed upon with the CBUAE. The CBUAE expects continued and iterative dialogue on this matter during the implementation of the plan and thereafter as modelling requirements evolve.
         
        2.3.2
                 		From the effective date of the MMS, institutions must comply with all CBUAE reporting requirements related to model management. The nature, depth and scope of this reporting may evolve with modelling techniques and economic conditions.
         

      • 2.4 Scope of Models

        2.4.1
                 		The MMS applies to all types of models employed by institutions to support decision-making. Therefore it covers, amongst others, risk models, pricing models and valuation models. The scope of the MMS includes, at a minimum, the non-exhaustive list in Table 1 below, that represents the most commonly employed model types in UAE institutions.
         
        Table 1: List of most commonly employed model types in UAE institutions
         
        FieldModel Type FieldModel Type
        Credit riskRating and scorecard modelsStress Testing (ST)Credit risk ST
        Score-to-PD modelsMarket risk ST
        LGD modelsCounterparty risk ST
        Provision computation for credit risPIT PD term structure modelsLiquidity risk ST
        PIT LGD modelsOther types of ST models
        PIT EAD modelsOperational riskOps risk scorecards
        ECL modelsOps risk capital models
        Macro modelsPricing and financeDerivative pricing models
        Market riskVaR and related modelsBond pricing models
        Valuation modelsRAROC models
        Counterparty riskExposure modelsNPV models
        xVA modelsAsset and Liability ManagementEVE models
        Capital managementCapital forecasting modelsEAR and NII models
        Concentration modelsLiquidity risk models
        Funding cost modelsBusiness managementArtificial Intelligence
        Economic capital modelsBudgeting, forecasting
        AMLFraud alert and other modelsMarketing models