Models, Policy Rules, Scenarios, & Controls Life Cycle Framework

Financial Services firms’ Risk, Analytics, Compliance, and other groups implement thousands of controls, models, policy rules, and/or scenarios; their number grows unabated. Does your firm review the output, or manage the growth of these controls? This post outlines a disciplined approach for implementing a Life Cycle Framework that manages the process from creation to sunset. I challenge you to keep reading and comment with your own insight.

Think about your own group’s models, policy rules, and/or scenarios, and answer the following questions:

  • How easily can you pull together a list of these rules/scenarios?
  • How often are these rules/scenarios run and the output reviewed?
  • Does your firm or group have a process to manage the lifecycle and governance for these rules/scenarios?

Most likely the answer is no. Why? It requires investing time and money and is generally a low priority among the firm’s functional silos. With changing external dynamics on your firm—such as regulatory changes, competition, market volatility and workforce right sizing—your firm needs to manage its controls, models, policy rules and/or scenarios efficiently now more than ever.

Tools or Intellectual Property?

How do you think your firm’s management views the already implemented controls, models, policy rules and/or scenarios? As tools, correct? I challenge that view and offer a differing viewpoint: they are intellectual properties/assets.

Like fixed assets, they require maintenance and eventually retirement. The people who develop or maintain these rules and/or scenarios change. I recently attended a conference on Anti-Money Laundering (AML) where a group of industry experts gathered to share challenges, ideas, and best practices. A participant asked, “What process do you follow to sunset a model?” People responded with ideas, but no one had a process.

To improve the management of your firm’s Models, Policy Rules, Scenarios, & Controls (aka intellectual properties/assets), I propose the following 7-Phase Framework. It’s similar to the product / project management life cycle that is in use today. As the diagram below depicts, the process is continuous holistically. As controls, models, policy rules, and scenarios become obsolete, you need to sunset them.

The 7-Phase Framework


The Initiate Phase begins the life cycle process which is driven by Regulatory Requirements, Regulator Decree, Periodic Review, New Product or Service, or Risk Tolerance. In addition, the Periodic Review phase feeds the Initiate Phase.

During the Analyze Phase, you determine required outcomes, identify inputs/coverage, understand and estimate the impact on workload and risk tolerance, identify the impact of tuning or sun setting, as well as determine the “target” audience.

Next in the Design Phase, analyses are transformed into designing Workflows & Interfaces, Models, Policy Rules, Scenarios, Controls, and Dashboards, Reports & Analytics.
In the Implement Phase, Workflows & Interfaces, Models, Policy Rules, Scenarios, Controls, Dashboards, Reports & Analytics are built, modified or tuned. After completing the Implement Phase, your team enters the Test Phase in which integration, performance, negative and acceptance testing is performed to provide feedback regarding issues and performance. The Test Phase also answers questions about the Models, Policy Rules, Scenarios, & Controls such as whether or not they are:

  • Returning the expected results?
  • Performing as required?
  • Meeting the stated risk tolerance?
  • Answering the questions they are designed to address?

Once the Test Phase is complete and you give your acceptance, I recommend piloting the Models, Policy Rules, Scenarios, & Controls in a production environment prior to deploying them enterprise-wide. After piloting the Models, Policy Rules, Scenarios, & Controls for a predetermined period and ensuring that the pilot group is comfortable with them, you can move to the Execute Phase. In this phase, the process either moves into a Business As Usual Routine, rollout strategy, or Sunset activities. Finally, during the Periodic Review Phase, your team performs regular reviews of implemented Models, Policy Rules, Scenarios, & Controls, to determine whether to tune, sunset or leave them untouched.

Governance: Keep it Simple

As with all life cycle frameworks, governance plays a role in managing the process. Ideally, keep the governance process minimal with a central group of people who have the experience and expertise to ask the right questions and ensure the firm uses the intellectual assets optimally. I recommend having a Steering Committee that includes but is not limited to: Risk Management (Market, Credit, & Operational), Compliance (AML, KYC, Fraud, etc.), Customer Complaints, Data Privacy, Model Governance, Internal Audit, and Data Science. Implement the framework and governance process to fit your organization. The firm’s other governance processes will cover the full implementation of controls, models, policy rules and/or scenarios because it involves automating workflows or embedding in applications.

In summary, the life cycle framework is a road map providing a disciplined approach in managing your firm’s Models, Policy Rules, Scenarios, & Controls. When implementing the framework, adopt it to your firm’s culture and minimize the bureaucracy. Keep it simple. You will achieve success by having a champion implement it, sing its praises, continuously improve and use a collaborative approach.