Independent validation:
lessons learned from banks

In an earlier post I wrote about artificial intelligence (AI) maturity (www.aisure.nl/aimaturity) and the role of independent validation therein. There is one sector where independent validation is way ahead of the pack in my view, namely in banking.

A lot has been written and said about banks since the financial crisis (on which I will not say anything- really of topic here)- but already since the 2006 Basel 2 accord banks are subjecting a substantial part of their models to independent validation. Under the aforementioned accord they “ ...are expected to have in place a robust system to validate the accuracy and consistency of the model and its inputs”. Of course the remainder of the regulatory requirements is too much to elaborate here. But, what are some of the lessons learned in having long run experience with independent validation?

Transparency

AI systems are sometimes perceived as black box systems. If there is one area where independent validation has contributed, it is to make models transparent and understood within banks.

  • Proper model documentation has required developers to underpin and/or substantiate all their modeling choices.
  • Hidden assumptions become clear- either from documentation or by having informed discussions between developers and validators.
  • Considering AI systems are primarily data driven having transparency on the input data is key. Data quality issues may have required developers to make shortcuts to make the best of the available data. Transparency helps to have a more objective discussion on the expected life time of an AI system or the need for investments in data quality.
  • Bank regulations make no distinction between own developed models or purchased/ vendor models. Both must be equally transparent. How many proprietary AI solutions would really meet that requirement?

Continuous improvement

Although AI systems learn from adding new data, data is not the only driver for AI to improve. Independent validation has helped to create an overview of the strengths and potential limitations of both individual and broadly comparable models. And thereby providing essential input to set the research and development agenda for a data driven business. Most banks have adopted the concept of a model life cyle, where performance monitoring and periodic independent review are cornerstones to continuous improvement.

Lowering key person risk

Anyone who has experienced the pain of a main developer leaving for the competition without documentation of earlier work understands what key person risk is about. See aldo the need for proper documentation and transparency mentioned above (and the role of independent validation to help enforce just that). But is there all that there is to it? Developing advanced models is as much an art as a science. Personal preferences for methodologies and approaches are equally important. If your development team is small, chances are that you are exposed to some form of key person risk as the number of opinions during development is limited. If you have a hammer everything looks like a nail. Having an independent challenge/view on methodologies and model choices is one of the added values of independent validation.

Governance

Sometimes perceived as somewhat bureaucratic procedures surrounding models that slow down models to be put in production fast. But is it really? Banks over time have developed -from anything between too strict and too loose governance- but have found workable more balanced governance surrounding models. In light of the topics above, having a set of rules how different stakeholders predictably work together, keep each other informed and allow each other to play their part only contributes to accurate, consistent models. With AI systems driving more of the business, the need for knowledge and awareness of senior management of the models strengths and potential limitations is growing as well. Banks have typically implemented a direct line between the validation function and the CRO (Chief Risk Officer), either as a direct report to the CRO or via an explicit right to directly escalate any issue to board level. The powerful esson learned is that an independent view is then heard and taken seriously- the option very rarely has to be execised.


Interested to learn more?