Risk management process and controls
With regard to the development and use of internal models for own funds requirement purposes, institutions shall establish policies, procedures, and controls to ensure the integrity of the model and modelling process. These policies, procedures, and controls shall include the following:
full integration of the internal model into the overall management information systems of the institution and in the management of the non-trading book equity portfolio. Internal models shall be fully integrated into the institution's risk management infrastructure if they are particularly used in measuring and assessing equity portfolio performance including the risk-adjusted performance, allocating economic capital to equity exposures and evaluating overall capital adequacy and the investment management process;
established management systems, procedures, and control functions for ensuring the periodic and independent review of all elements of the internal modelling process, including approval of model revisions, vetting of model inputs, and review of model results, such as direct verification of risk computations. These reviews shall assess the accuracy, completeness, and appropriateness of model inputs and results and focus on both finding and limiting potential errors associated with known weaknesses and identifying unknown model weaknesses. Such reviews may be conducted by an internal independent unit, or by an independent external third party;
the units responsible for the design and application of the model shall be functionally independent from the units responsible for managing individual investments;
parties responsible for any aspect of the modelling process shall be adequately qualified. Management shall allocate sufficient skilled and competent resources to the modelling function.