Large Bank Examination Workshop February 2026

Exercise: Three Lines of Defense For the three lines of defense, list a few ways in which each line should play a key role: 1. Line of Business

2. Risk Management

3. Internal Audit

121

Key Components of a MRM Policy 1. Governance framework: • Roles and responsibilities: Defines clear lines of accountability for all stages of the model lifecycle, from development to retirement. This includes roles for model developers, business unit owners, independent validators, and senior management oversight. • Board and senior management oversight: Assigns ultimate responsibility to the board of directors and senior management for setting the bank's risk tolerance for models. They must ensure that the MRM framework is effective. • Independent validation: Requires an independent function to review and challenge model development, implementation, and performance. • Internal audit: Mandates that the internal audit function periodically assesses the overall effectiveness of the MRM framework.

122

61

© Global Financial Markets Institute Inc.