Model Risk

Model risk is the potential for monetary losses or bad business choices due to the use of flawed models in quantitative analysis.

Author: Jackie Liu
Jackie Liu
Jackie Liu

Currently an undergraduate student studying Math and Finance at the University of Waterloo.

View Profile
Reviewed By: Osman Ahmed
Osman Ahmed
Osman Ahmed
Investment Banking | Private Equity

Osman started his career as an investment banking analyst at Thomas Weisel Partners where he spent just over two years before moving into a growth equity investing role at Scale Venture Partners, focused on technology. He's currently a VP at KCK Group, the private equity arm of a middle eastern family office. Osman has a generalist industry focus on lower middle market growth equity and buyout transactions.

Osman holds a Bachelor of Science in Computer Science from the University of Southern California and a Master of Business Administration with concentrations in Finance, Entrepreneurship, and Economics from the University of Chicago Booth School of Business.

View Profile
Last Updated:May 23, 2025
In This Article

What Is Model Risk?

Model risk is the potential for financial loss due to inaccurate or flawed quantitative models. A model is a quantitative method that often uses mathematical, financial, and economic data to generate predictions and analyses. 

Many companies use models for business strategy, risk management, trend forecasting, and regulatory compliance. 

Investors use different models, such as fundamental analysis models, technical trading algorithms, and risk assessment models, to determine stock values and identify investment opportunities.

While these models can be incredibly useful—saving time and helping make smarter decisions—they come with unique risks that must be managed carefully.

Since models rely heavily on data, their performance can vary. The results can be misleading if the input data is inaccurate, incomplete, or biased. Plus, mistakes in how the model is built or the assumptions it’s based on can lead to some pretty big errors.

A flawed model can lead to financial losses, reputational damage, and loss of trust, negatively impacting the company overall.

Model risk is considered a form of operational risk, mainly affecting businesses that use models. Businesses should evaluate and enhance their models on a regular basis to reduce this risk.

Key Takeaways

  • Model risk is the potential for monetary losses or bad business choices due to the use of flawed models in quantitative analysis.
  • This type of risk can arise from data quality issues, human errors, changing market conditions, the complexity of financial contracts, and illiquidity. 
  • Companies should implement a robust model risk management (MRM) framework to mitigate the potential negative impacts of risk exposures.
  • The key steps of the MRM framework include identification, assessment, measurement, mitigation, validation, and governance.
High Finance Offer Guaranteed
Be the first to know when applications open for WSO Academy's next cohort.
WSO Academy's 12-week program has a 92% success rate

Sources of Model Risk

Model risk can come from different sources. One example is incorrect model specification, where the model is improperly structured—either by omitting key risk factors or failing to represent the underlying economic or financial dynamics correctly..

Another common issue is using the wrong model—either one that isn’t suited to the problem or an outdated one that just no longer reflects the current situation. Since economic and financial conditions evolve, models need to be updated regularly to remain effective. 

Here are some of the common sources of model risk:

Data Quality

If the input data is inaccurate, incomplete, or biased, the results will be unreliable, as the quality of inputs directly determines the outcomes. 

Common data quality issues include missing values, outliers, and outdated information, any of which can throw off the entire model. 

Human Factors

Many models are built using spreadsheet tools like Excel, which are prone to human errors. A simple error could greatly impact the findings, such as entering the incorrect number or referring to the incorrect cell.

Choosing the right model is just as important. A model that works well in one situation may not be good for another. Companies should take time to understand the problem they’re trying to solve and each model’s strengths and weaknesses.

Knowing what a model can and can’t do helps to make smarter, more informed decisions. 

Sometimes, companies may become overconfident in a model’s results, failing to account for uncertainty and treating estimates as precise rather than probabilistic.. However, models aren’t perfect, and ignoring other important considerations like expert judgment and real-world context can lead to bad decisions.

Changing Market Conditions

Models are frequently constructed using assumptions and facts from the past, but in a world that is changing quickly, these may not remain true. Extreme volatility or economic downturns may cause a model that was created for steady conditions to falter.

For example, a model that performed well throughout regular market cycles might not stand up during a financial crisis when the market experiences extreme volatility. A strong model should be able to adjust to new information and evolving circumstances.

Complication

The more complicated a financial model or contract is, the higher the chance of mistakes. When financial models or contracts become overly complex, they introduce higher risks of misinterpretation, errors, and operational failures.

For example, during the 2007 financial crisis, evaluating and managing the risks was difficult due to the complexity of mortgage-backed securities.

Illiquidity

Risk is not only limited to complex financial contracts. As Frey (2000) points out, instruments like convertible, mortgage-backed, and high-yield bonds often suffer from illiquidity, making them tricky to value accurately. That uncertainty can lead to significant risks.

Model Risk Management (MRM)

Model risk management (MRM) aims to identify and reduce the potential downsides of decisions made using flawed or misapplied models. It’s about ensuring the models we use are reliable and appropriately applied to prevent inaccurate decision-making.

This type of risk has become more common in financial services sectors, for example, measuring consumer credit scores, real-time fraudulent credit card transactions, and anti-money laundering.

Financial institutions rely heavily on pricing, credit, valuation, and behavioral models. Financial institutions generate revenue by managing risks—using models to assess risk exposure, analyze client behavior, evaluate capital adequacy, make investment decisions, and mitigate data-related risks. 

The 2007–2008 financial crisis underscored the risks of over-reliance on financial models without proper governance, as poorly structured risk models contributed to systemic failures.

This is why having a solid risk management framework is crucial—especially for companies that depend heavily on quantitative models for their operations and decision-making.

This practice helps companies catch model errors or inaccuracies before they lead to expensive mistakes. It’s about staying one step ahead and ensuring the tools you rely on work for you, not against you.

Lifecycle of MRM Framework

An effective Model Risk Management (MRM) framework must address potential risks at each stage of the model lifecycle while aligning with regulatory guidelines.

The authority for MRM frameworks is the US Federal Reserve's Supervision Guidelines for Model Risk Management, known as SR 11-07

No matter the size or structure of a company, regulators require businesses to have MRM frameworks that address all key aspects of the MRM lifecycle, with clear roles and responsibilities laid out.

Here are the key steps of a model risk management framework:

Identification

An MRM framework begins by identifying a model’s potential risk factors, such as limitations, assumptions, and data quality issues..

Assessment and Measurement

Once we have identified potential issues, companies should move forward to assess and measure these risks by considering how likely these risks are to happen and the probable impact they could have.

Evaluating models in isolation is often insufficient. Companies should also analyze model interdependencies, as these relationships can introduce additional risks.

For example, if a prediction model depends on a biased diagnostic model, its results could end up flawed, too. Considering these dependencies together gives you a clearer picture of the risks and their broader impact.

Mitigation

Although not all risks can be reduced, there are some risk mitigation strategies that companies can use in a risk management framework:

Models should have minimum standards to follow. Internal guidelines, such as the Model Risk Management Monitoring Guide (SR 11-07), should meet or exceed regulatory requirements.

These standards can include data quality, model modification, model usage, expert judgment, model methodology, documentation, external model data, and model reporting.

Audits: Companies can evaluate their models internally or ask third-party experts for independent reviews.

Validation

Model validation assesses a model’s accuracy, reliability, and suitability for its intended purpose. This process usually takes place after implementation but before the models are put to actual use. There are both quantitative and qualitative methods. 

Let’s look at some main techniques for quantifying risk:

  • Sensitivity analysis looks at a model’s performance across different hypothetical situations by changing assumptions. It helps companies to understand potential risks under different possibilities. 
  • Stress testing assesses a model’s performance under extreme economic downturns or unexpected events, such as financial crises. This method identifies vulnerabilities that may not be evident in normal situations.
  • Backtesting tests the model using real historical data and compares outputs with actual past results to see the accuracy. 
  • A challenge model validates performance by comparing one model’s results with those of an alternative model using the same input data.

The results of these quantitative techniques and approaches exhibit the resilience and reliability of the model, whereas, on the other hand, qualitative approaches place more emphasis on the model's suitability for individual norms, situations, level of risk analysis, and other non-numerical aspects.

We should remember that both qualitative and quantitative methods provide valuable information that aids businesses in recognizing and fixing the model's flaws.

Governance

Model governance makes sure a model aligns with regulatory standards by setting clear rules and guidelines.

Effective model governance involves continuous performance monitoring, transparent documentation of assumptions, and clear accountability for model outcomes.

Effective model governance requires coordinated oversight from the board, senior management, model developers, risk teams, and auditors to ensure transparency and accountability.

Examples of Model Risks

As discussed earlier, models can fail for different reasons, for example, errors in math, problems with the data, or mistakes in how the model is put into practice.

Since models rely on mathematical and statistical approximations, they inherently involve uncertainty. The failure to acknowledge, quantify, and mitigate this uncertainty is a key source of model risk.

The negative results from model breakdowns/failures can include monetary losses, fines from the government, legal issues, or even harm to one's reputation.

The following two real-world examples demonstrate the impact of model failures. Let us have a look below:

2007–2008 Financial Crisis

During the 2007–2008 financial crisis, model risk played a significant role in the collapse of major financial institutions. 

Many banks depended on inadequate risk models to assess mortgage-backed securities and other structured financial products. As a result, institutions experienced greater losses than expected when the housing market collapsed. 

The failure of these models to capture extreme market conditions exposed their limitations and underscored the dangers of over-reliance on quantitative risk assessments without adequate stress testing and regulatory oversight..

A key lesson from this crisis is that the models' validity shouldn't just depend on the credibility of the institutions using them, but also focus on prioritizing the accuracy and reliability of the models themselves.

In response, regulators worldwide realized the need to establish model management rules to avoid future crashes. 

In 2011, the Federal Reserve issued SR 11-7. This outlines guidelines for Model Risk Management (MRM) for banks and financial institutions in the United States.

JPMorgan Chase

One of the most well-known model risk failures is the trading loss that happened to JPMorgan Chase in 2012, sometimes referred to as the “The London Whale Trading” incident.

The loss was primarily due to the misapplication and flawed assumptions of JPMorgan Chase’s Value at Risk (VaR) model, which is designed to estimate potential portfolio losses over a given period.

Several factors contributed to the loss:

  • The model was built using Excel, which involved lots of manual data entry, copying, and pasting. This process was highly error-prone, as even minor data entry or formula mistakes could lead to significant inaccuracies 
  • An inexperienced individual developed the model with minimal company support, resulting in a system incapable of handling complex trading strategies.
  • Inadequate testing also contributed to the failure. The model review group didn’t rigorously test the new model, relying only on limited back-testing and skipping the comparison of it to the existing model.
  • Furthermore, the risk management team played a passive role in developing and monitoring the model. The lack of active oversight and frequent spreadsheet changes further increase the chances of errors.

All of those reasons came together and resulted in losses of approximately $6 billion for JPMorgan Chase in that incident. 

These examples highlight the risks of overreliance on quantitative models without proper oversight and underscore the necessity of a robust risk management framework.

Model Risk FAQs

VBA Macros
Financial Statement
DCF Modeling
Valuation Modeling
M&A Modeling
LBO Module Course

Everything You Need To Master Financial Statement Modeling

To Help you Thrive in the Most Prestigious Jobs on Wall Street.

Learn More

Free Resources

To continue learning and advancing your career, check out these additional helpful WSO resources: