2 Implementation
2.1 Scope of Application
2.1.1
The MMS and the MMG apply to all licensed banks in the UAE, which are referred to herein as “institutions”. This scope covers Islamic institutions.
2.1.2
All institutions must ensure that their models meet minimum quality standards. Simple models must not be confused with poorly designed models. Poorly designed models can be misleading and interfere with sound decision-making. Consequently, the MMS and the MMG apply to all institutions irrespective of their size or sophistication. Small and/or unsophisticated institutions can employ simple models that are properly designed.
2.1.3
At a minimum, UAE branches or subsidiaries of foreign institutions must apply the MMS and the MMG. Where certain elements of the requirements of the parent company’s regulator are more stringent, then these requirements should be implemented. The degree of conservatism must be assessed for each model individually and the associated calibration. The compliance of the UAE branch or subsidiary with the MMS / MSG may require the operational support of their parent company.
2.1.4
An institution that is a parent company incorporated in the UAE must ensure that all its branches and subsidiaries, that are also institutions, comply with the MMS and the MMG.
2.2 Requirements and Implementation Timeframe
2.2.1
The MMS and the MMG will be effective one day after their publication date.
2.2.2
All institutions are expected to identify gaps between their practice and the MMS and MMG and, if necessary, establish a remediation plan to reach compliance. The outcome of this self-assessment and the plan to meet the requirements of the MMS and the MMG must be submitted to the CBUAE no later than six (6) months from the effective date of the MMS.
2.2.3
Institutions must work towards compliance in a proactive manner. They must demonstrate continuous improvements towards meeting these requirements within a reasonable timeframe. This timeframe will be approved by the CBUAE following a review of the self-assessments. The CBUAE will take a proportionate view in its assessment of the proposed time to reach compliance, taking into consideration the size and complexity of each institution. The remediation plan and the associated timing must be detailed, transparent, and justified. The plan must address each gap at a suitable level of granularity.
2.2.4
Institutions, which repeatedly fall short of the requirements and/or do not demonstrate continuous improvement, will face greater scrutiny and could be subject to formal enforcement action by the CBUAE. In particular, continuously structurally deficient models must be replaced and must not be used for decision-making and reporting.
2.2.5
The path to remediation may involve reducing the number and/or complexity of models in order to improve the quality of the remaining models. Subsequently, and subject to remediation needs, the institution could increase the number of models and/or their complexity while maintaining their quality.
2.2.6
Institutions must achieve and maintain full compliance with respect to the general principles described in Part I and Part II of the MMS. For the MMG, whilst alternative approaches can be considered, the focus is on the rationale and the thought process behind modelling choices. Institutions must avoid material inconsistencies, cherry-picking, reverse-engineering and positive bias, i.e. modelling approaches that deliberately favour a desired outcome. Evidence of an institution defying the general principles in this way will warrant a supervisory response ranging from in-depth scrutiny to formal enforcement action.
2.2.7
For statistical models in particular, institutions must focus on the suitability of their calibration, whether these models are relying on internal data or external data. Lack of data will not be an acceptable reason for material models to fall short of these requirements. Instead, institutions must implement temporary solutions to mitigate Model Risk until models based on more robust data sets are implemented. Institutions must avoid excessive and unreasonable generalisations to compensate for lack of data.
2.3 Reporting to the CBUAE
2.3.1
Once a plan to reach full compliance is decided and approved, institutions must report their remediation progress to the CBUAE at regular intervals, as agreed upon with the CBUAE. The CBUAE expects continued and iterative dialogue on this matter during the implementation of the plan and thereafter as modelling requirements evolve.
2.3.2
From the effective date of the MMS, institutions must comply with all CBUAE reporting requirements related to model management. The nature, depth and scope of this reporting may evolve with modelling techniques and economic conditions.
2.4 Scope of Models
2.4.1
The MMS applies to all types of models employed by institutions to support decision-making. Therefore it covers, amongst others, risk models, pricing models and valuation models. The scope of the MMS includes, at a minimum, the non-exhaustive list in Table 1 below, that represents the most commonly employed model types in UAE institutions.
Table 1: List of most commonly employed model types in UAE institutions
Field Model Type Field Model Type Credit risk Rating and scorecard models Stress Testing (ST) Credit risk ST Score-to-PD models Market risk ST LGD models Counterparty risk ST Provision computation for credit ris PIT PD term structure models Liquidity risk ST PIT LGD models Other types of ST models PIT EAD models Operational risk Ops risk scorecards ECL models Ops risk capital models Macro models Pricing and finance Derivative pricing models Market risk VaR and related models Bond pricing models Valuation models RAROC models Counterparty risk Exposure models NPV models xVA models Asset and Liability Management EVE models Capital management Capital forecasting models EAR and NII models Concentration models Liquidity risk models Funding cost models Business management Artificial Intelligence Economic capital models Budgeting, forecasting AML Fraud alert and other models Marketing models