AI In Model Risk Management Insurance: AI’s Unique Characteristics and Operating Model Impacts

By April 20, 2020March 6th, 2021No Comments

Jan 14 Max Title

Banks will need to evolve and industrialize their MRM functions in the world of big data and AI since AI based models pose unique challenges in terms of business risk management.

Executive Summary

The challenges from AI in Model Risk Management (MRM) arise due to AI systems’ unique characteristics and their compounded impacts on the MRM operating model. How can MRM teams understand these challenges and plan for operating model changes? Teams need to start experimenting with AI risk assessment tools to build institutional knowledge and better understand AI business risks specific to their environments.


MRM programs use multiples lines of defense for managing model risk: model development (line of business) as the primary, validation and risk management (MRM function) as the second, and internal audit as the third. AI complicates the functioning of each line of defense as described below.



AI Challenges

Model Development

  • Data Selection
  • Model Design, Dev & Testing
  • Model Selection
  • Documentation
  • Large and complex data sets
  • Unclear input-output linkage
  • More complex model tradeoffs
  • AI model documentation challenge

Model Validation

  • Conceptual soundness
  • Outcomes Testing
  • Challenger/ Benchmark Comparison
  • Implementation Readiness
  • Nuanced fit-for-purpose assessments
  • More complex validation of model design and implementation
  • Lacking transparency in vendor model validation
  • High touch ongoing monitoring

Model Governance & Risk Management

  • Model Inventory, Assessment and Prioritization
  • Model ecosystem
  • Risk reporting
  • Model inventory and risk profiling more complex
  • Consistent risk quantification across models more challenging
  • Overall model ecosystem risk assessment more complex

Internal Audit

  • Model development & validation evaluation
  • Data evaluation
  • Model inventory management
  • Risk mgmt. compliance
  • Lacking model documentation
  • Higher effort for inventory completeness and reliability checks
  • Internal control checks more complicated


MRM Plays a Central Role in Banking AI Transformation

AI is increasingly becoming a strategic and transformational capability for banks, projected to generate more than $250 billion per McKinsey Global Institute.  While AI is promising, it comes with a range of challenges such as fairness, bias, robustness, and explainability. Unfortunately, regulatory agencies but have issued little guidance for AI use beyond stipulating that banks are accountable for business risks associated with AI.  MRM functions seem to be the logical place for instituting AI model risk management, and are expected to take on a central role in helping banks drive broad AI adoption.

AI’s unique Characteristics

These challenges from AI in MRM arise due to AI systems’ unique characteristics.

  • Black Box Nature – ML and deep learning models do not explicitly tie outputs to inputs, instead relying on implicit pattern recognition and complex correlations. This leads to a lack of transparency and explainability.
  • Higher Data Complexity – AI models have large number of data features and high data dimensionality. They also have higher mathematical complexity.
  • High Sensitivity and Delicate Tradeoffs – AI models are highly sensitive to model configuration and tuning, requiring careful calibration for performance and benchmarking. AI models have delicate tradeoffs, such as those between explainability and performance.
  • Model Dynamicity – AI models can be retrained and redeployed based on new data and feedback on predictions. Managing model and data drift is also critical.
  • Multidimensional Risk – AI models have exposure to a range of risks, including those related to data, compliance, and bias. Consistent risk representation and risk quantification is more involved with AI.


When AI is scaled to the enterprise, these challenges drive impacts to MRM operating models. A new set of capabilities would be required to handle these impacts.

  • Shifting Enterprise Risk Equation – MRM risk management may find that traditional risk measures no longer suffice for AI. Model governance and risk managers will need new capabilities to understand and manage risk impacts of AI models.
  • Model Ecosystem and Inventory – AI accentuates the need for a comprehensive view of model and data interdependencies and model execution. A capability that provides a dynamic view of such an ecosystem becomes critical.
  • Fit for Purpose Assessment – Fit for purpose assessments of AI models require multi-dimensional persona-based views of the output. Such assessments will increasingly rely on simple language-based explanations.
  • MRM Resource Skillset – Given scarce Ai skillsets, MRM teams will need to be augmented with appropriate tools and methodologies to facilitate validation and risk management activities.
  • “Validation Ops” – MRM teams face ever increasing model inventories and have finite resources. Infrastructure, tooling and processes to automatically validate and monitor AI models will be required to scale MRM operating models.
  • Vendor Dependencies – Enterprise scale AI models frequently rely on third party and vendor provided components. A new set of tools that can rapidly assess vendor models is critically needed.


Understanding the AI challenges and business risks specific to their environments is critical for MRM teams. Tools and technologies to help understand AI business risks are quickly evolving. MRM teams should start experimenting with such tools to build institutional knowledge. This will set them up for broader operating model changes and capability adjustments.