casemark/managing-model-risk
skills/finance/managing-model-risk/SKILL.md
Structures model validation with independent testing, limitation documentation, and ongoing monitoring. Use when validating risk models, documenting model limitations, or managing model governance.
$ install --global
skillsauthnpx skillsauth add casemark/skills managing-model-riskInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 24, 2026, 3:33 AM118.4s1 file scanned
SKILL.md
- name:
- managing-model-risk
- language:
- en
- description:
- Structures model validation with independent testing, limitation documentation, and ongoing monitoring. Use when validating risk models, documenting model limitations, or managing model governance.
- author:
- casemark
Managing Model Risk
Structures model validation with independent testing, limitation documentation, and ongoing monitoring for quantitative risk models used in pricing, credit decisioning, market risk measurement, and capital adequacy.
When To Use
- Performing or coordinating independent model validation (initial or periodic)
- Documenting model limitations, assumptions, and compensating controls
- Building or updating a model risk inventory / model registry
- Preparing for regulatory examination of model governance (OCC SR 11-7, Fed SR 15-18, ECB TRIM) [VERIFY jurisdiction-specific guidance]
- Assessing materiality tier assignments for new or modified models
- Reviewing model performance monitoring results and back-testing exceptions
Inputs To Gather
- Model documentation package: methodology paper, mathematical specification, implementation notes, change log
- Validation scope memo: model name/ID, tier classification, intended use, prior validation findings
- Performance data: back-testing results, benchmarking outputs, sensitivity analyses, P&L attribution reports
- Data lineage: source systems, transformations, proxy usage, missing-data treatments
- Governance artifacts: model owner sign-off, approval committee minutes, prior MRA/MRIA items
- Regulatory context: applicable supervisory guidance and any outstanding findings from exams [VERIFY against current regulatory expectations]
Workflow
-
Classify the model and confirm tier
- Map the model to the firm's tiering framework (e.g., Tier 1 = material/critical, Tier 2 = significant, Tier 3 = limited impact)
- Confirm the model's intended use, downstream consumers, and materiality to financial statements or capital ratios
- Verify that model registration in the central inventory is current
-
Evaluate conceptual soundness
- Review theoretical basis, mathematical derivation, and key assumptions
- Assess whether the chosen methodology is appropriate for the portfolio/risk type
- Identify known limitations of the approach (e.g., distributional assumptions, stationarity requirements, calibration window sensitivity)
-
Perform independent testing
- Replicate key calculations or run parallel implementations where feasible
- Execute back-testing against realized outcomes (e.g., VaR exceptions, PD/LGD accuracy ratios, stress-test hit rates)
- Run sensitivity and stress analyses on critical inputs and parameters
- Benchmark against challenger models or industry proxies
-
Assess data quality and lineage
- Trace input data from source systems through transformations to model consumption
- Flag any proxy variables, manual overrides, or gap-filling techniques
- Evaluate the representativeness of calibration and validation data sets relative to the current portfolio
-
Document findings and limitations
- Categorize findings by severity: MRA (Matter Requiring Attention), MRIA (Matter Requiring Immediate Attention), or observation
- For each limitation, specify the condition under which it becomes material and any compensating controls in place
- Draft a clear limitations section that model users can reference when interpreting outputs
-
Establish ongoing monitoring framework
- Define KPIs and thresholds for model performance (e.g., back-test exception counts, stability indices, discriminatory power metrics)
- Set monitoring frequency aligned with model tier (Tier 1: monthly/quarterly; Tier 2: quarterly/semi-annual; Tier 3: annual) [VERIFY against firm policy]
- Specify escalation triggers: what level of deterioration requires ad-hoc re-validation vs. parameter recalibration vs. model replacement
-
Report and obtain governance approval
- Present validation report to the model risk committee or equivalent governance body
- Track open findings in the MRA/MRIA tracker with owners and remediation deadlines
- Confirm that model approval status is updated in the inventory (approved / approved with conditions / rejected)
Output
The deliverable is a Model Validation Report containing:
- Executive summary with overall validation opinion (satisfactory / satisfactory with conditions / unsatisfactory)
- Tier classification and scope of review
- Conceptual soundness assessment
- Independent testing results with statistical evidence (tables, charts)
- Data quality evaluation
- Findings table: finding ID, severity, description, compensating control, remediation owner, target date
- Limitations inventory with materiality conditions
- Ongoing monitoring plan with KPIs, thresholds, and escalation paths
- Appendices: replication code references, data samples, benchmarking details
Quality Checks
- Every finding has a clear severity rating, an assigned owner, and a remediation deadline
- Limitations are expressed in terms of the conditions under which the model may underperform — not just abstract caveats
- Back-testing uses an adequate observation window (minimum 1 year for market risk; 5+ years for credit risk where available) [VERIFY against internal policy and regulatory minimums]
- The report distinguishes between model risk inherent in the methodology vs. implementation risk (coding, data feeds)
- Ongoing monitoring thresholds are calibrated to historical performance distributions, not arbitrary round numbers
- All regulatory references cite the correct guidance version and effective date [VERIFY current versions of OCC 2011-12, SR 11-7, and any local equivalents]
- The validation opinion is consistent with the severity and count of open findings — no "satisfactory" rating with outstanding MRIAs
Related Skills
casemark/skills/legal/automated-contract-summary
development
VerifiedTrustedCommunity
name: automated-contract-summary language: en description: Generates structured executive summaries of contracts using ML — captures key terms, party obligations, risk allocations, and compliance requirements in a standardized format. Optimized for high-volume review where speed and consistency matter. tags: - summarization - agreement - corporate --- # Automated Contract Summarization Produces standardized executive summaries of contracts using machine learning, capturing essential term
21SKILL.mdUpdated May 26, 2026
casemark/obligation-mapping
tools
VerifiedTrustedCommunity
Extracts regulatory obligations from dense regulations across jurisdictions. Breaks down multi-level regulations into clear article-level obligations, classifies applicability to a business, and prioritizes by risk level. Use when translating regulations into actionable compliance requirements.
21SKILL.mdUpdated May 25, 2026
casemark/horizon-scanning
development
VerifiedTrustedCommunity
Continuously monitors regulatory landscapes for changes relevant to a specific business. Ingests global regulatory updates, filters by relevance, summarizes impact, and produces an actionable change advisory. Use when tracking regulatory developments affecting a particular product or market.
21SKILL.mdUpdated May 25, 2026
casemark/gap-analysis
testing
VerifiedTrustedCommunity
Compares an organization's existing compliance controls, policies, and procedures against extracted regulatory obligations to identify coverage gaps. Produces a remediation plan with prioritized actions. Use when assessing compliance maturity or preparing for regulatory audits.
21SKILL.mdUpdated May 25, 2026