The case shows that the model didn’t fail technically, instead, it failed in purpose and governance. When leadership pressures teams to optimize risk rather than understand it, and when validation becomes a formality instead of a safeguard, the entire risk framework turns into a compliance illusion. How can a bank design accountability structures that prevent this cultural drift, so that models remain tools for truth, not instruments of narrative management?
Our group focused on governance, which can be seen through RAC: Roles were blurred as the CIO and CFO pushed for lower reported risk while the Model Risk team’s challenge function was overridden, meaning no one clearly owned the decision to stop the model rollout. Accountability broke down because “conditional approval” functioned like full approval — issues were raised but not acted on, and no one was held responsible when validation concerns were ignored. Culture reinforced the problem: incentives rewarded lower VaR numbers rather than accurate risk measurement, so staff normalized “tuning the model” to meet business targets instead of managing real exposure. If the cultural incentive was to make risk look low rather than be low, what governance mechanism could have countered that pressure and…
I'm interested in the risk ownership part, especially if the model is built by one team, validated by another, but used by a third. How can governance frameworks within an organization make sure that accountability for model outputs stays clear, rather than being lost across different teams?
After reading this case, what stood out to me the most is the fact that the losses weren’t really about the math but about weak governance. The pressure to show lower risk given by the leadership led people to take shortcuts, ignore validation and other warning signs. This case shows that managing model risk isn’t simply improving formulas. Instead, it's crucial to build accountability and challenge into every step so the right thing becomes the easy thing to do.
From an ECRG lens, resilience is between C (Controls) and G (Governance) that when controls fail, resilience determines how the firm responds before governance can reset strategy. The lack of scenario rehearsal (“what if VaR misprices exposure?”) and weak communication across lines of defense meant the organization had no muscle memory to contain losses. Effective resilience would require pre-defined model-break protocols, automatic rollback plans, and continuous validation even under executive pressure.
The case shows that the model didn’t fail technically, instead, it failed in purpose and governance. When leadership pressures teams to optimize risk rather than understand it, and when validation becomes a formality instead of a safeguard, the entire risk framework turns into a compliance illusion. How can a bank design accountability structures that prevent this cultural drift, so that models remain tools for truth, not instruments of narrative management?
Our group focused on governance, which can be seen through RAC: Roles were blurred as the CIO and CFO pushed for lower reported risk while the Model Risk team’s challenge function was overridden, meaning no one clearly owned the decision to stop the model rollout. Accountability broke down because “conditional approval” functioned like full approval — issues were raised but not acted on, and no one was held responsible when validation concerns were ignored. Culture reinforced the problem: incentives rewarded lower VaR numbers rather than accurate risk measurement, so staff normalized “tuning the model” to meet business targets instead of managing real exposure. If the cultural incentive was to make risk look low rather than be low, what governance mechanism could have countered that pressure and…
I'm interested in the risk ownership part, especially if the model is built by one team, validated by another, but used by a third. How can governance frameworks within an organization make sure that accountability for model outputs stays clear, rather than being lost across different teams?
After reading this case, what stood out to me the most is the fact that the losses weren’t really about the math but about weak governance. The pressure to show lower risk given by the leadership led people to take shortcuts, ignore validation and other warning signs. This case shows that managing model risk isn’t simply improving formulas. Instead, it's crucial to build accountability and challenge into every step so the right thing becomes the easy thing to do.
From an ECRG lens, resilience is between C (Controls) and G (Governance) that when controls fail, resilience determines how the firm responds before governance can reset strategy. The lack of scenario rehearsal (“what if VaR misprices exposure?”) and weak communication across lines of defense meant the organization had no muscle memory to contain losses. Effective resilience would require pre-defined model-break protocols, automatic rollback plans, and continuous validation even under executive pressure.