How should banks govern machine learning models used in risk management, and what unique challenges do ML models pose for model validation?

Machine learning model governance extends traditional model risk management (MRM) to address the unique challenges of algorithmic complexity, opacity, and data dependency. While the foundational principles of SR 11-7 (model development, validation, use) still apply, ML models require additional safeguards.\n\nTraditional vs. ML Model Challenges:\n\n| Challenge | Traditional Models | ML Models |\n|---|---|---|\n| Interpretability | Transparent (coefficients) | Often opaque (black box) |\n| Feature engineering | Expert-driven | Automated / learned |\n| Overfitting risk | Lower (fewer parameters) | Higher (millions of parameters) |\n| Data dependency | Moderate | Extreme (garbage in, garbage out) |\n| Stability | Generally stable | Can drift with data distribution changes |\n| Regulatory acceptance | Well-established | Evolving / uncertain |\n\nML Model Governance Framework:\n\n`mermaid\ngraph TD\n A[\"ML Model Lifecycle\"] --> B[\"Development\"]\n A --> C[\"Validation\"]\n A --> D[\"Deployment\"]\n A --> E[\"Monitoring\"]\n B --> B1[\"Data quality assessment
Feature selection rationale
Algorithm selection justification
Hyperparameter documentation\"]\n C --> C1[\"Out-of-sample testing
Explainability analysis
Bias & fairness testing
Sensitivity & stress testing\"]\n D --> D1[\"Champion-challenger setup
Shadow mode before production
Fallback model ready\"]\n E --> E1[\"Performance drift detection
Data distribution monitoring
Feature importance stability
Periodic revalidation triggers\"]\n`\n\nExplainability Techniques:\n\nSince ML models may not have interpretable coefficients, validators use post-hoc explainability tools:\n\n1. SHAP (Shapley Additive Explanations) -- Decomposes each prediction into additive feature contributions based on game theory\n2. LIME (Local Interpretable Model-agnostic Explanations) -- Fits a simple linear model around each prediction point\n3. Partial Dependence Plots -- Show marginal effect of each feature on the output\n4. Feature Importance Ranking -- Permutation importance measures prediction degradation when each feature is shuffled\n\nWorked Example:\nHarbor Risk Analytics deploys a gradient boosting model for commercial real estate loan PD estimation. Governance requirements:\n\nDevelopment documentation:\n- Training data: 85,000 loans across 12 years (2012-2024)\n- Features: 47 variables (property type, LTV, DSCR, location, macro indicators)\n- Algorithm: XGBoost with 500 trees, max depth 6, learning rate 0.05\n- Holdout: 70/15/15 train/validation/test split, stratified by default flag\n\nValidation results:\n- AUC (test set): 0.847 vs. logistic regression benchmark 0.791\n- Calibration: Hosmer-Lemeshow p-value = 0.34 (adequate)\n- SHAP analysis: Top 3 features are DSCR (27%), LTV (22%), property age (14%) -- economically intuitive\n- Bias test: No statistically significant PD differences across protected demographic categories\n- Stress test: Model performance degrades to AUC 0.78 under 2008-style macro conditions (acceptable)\n\nOngoing monitoring triggers:\n- Monthly AUC drops below 0.80 for two consecutive months\n- Feature importance ranking shifts by more than 3 positions\n- Population stability index (PSI) exceeds 0.25 on any input feature\n- Any of these triggers initiates a full revalidation cycle\n\nRegulatory Expectations:\n- Regulators expect banks to demonstrate that ML model improvements over simpler models justify the added complexity and governance cost\n- \"Right to explanation\" regulations (ECOA, GDPR) require that adverse credit decisions be explainable to applicants\n- Model inventory must classify ML models with higher inherent risk ratings\n\nExplore model risk management in our FRM Part II course.