NZ: RBNZ Guidance on Model Risk Management
|
|
| Regulator |
Reserve Bank of NZ |
| Jurisdiction |
NZ |
| Status |
live |
| Applicability |
Platform |
The RBNZ Model Risk Management Guidance sets out supervisory expectations for how
registered banks identify, assess, and control risk arising from the use of models.
The guidance requires a formal model inventory, a tiering framework (high / medium /
low risk), independent pre-deployment validation of high-risk models, annual review
of high-risk model performance, a model risk appetite statement, and champion-challenger
testing for credit and risk models in production.
Model risk is a material risk category for Totara Bank given the central role of
automated scoring in credit decisioning (MOD-028), AML detection (MOD-017, MOD-039),
and fraud prevention (MOD-023). The RBNZ treats unvalidated models deployed in
consequential decisions as a significant supervisory concern.
The guidance aligns with the requirements of DT-005 (Model Risk Management Policy)
and with APRA APS 220 for the Australian jurisdiction.
Compliance register
This register maps every material obligation under the Guidance to the platform control or
institutional process that satisfies it. It is the static traceability layer for the Totara
compliance report — dynamic data (module build status, test evidence, control test dates)
is overlaid at runtime.
Scope legend
| Symbol |
Meaning |
| 🤖 Automated |
Platform enforces or performs the obligation. Primary control mode is GATE, AUTO, CALC, or ALERT. Human action is not required in the normal case. |
| 📊 Evidenced |
Platform captures the evidence trail automatically. Human compliance decision sits on top. Primary control mode is LOG. |
| 🏛 Institutional |
Obligation is met by a process entirely outside the platform — board governance, risk committee, independent validation function. Platform may generate evidence inputs but does not own the process. |
| N/A |
Obligation does not apply to this deployment configuration. |
Build legend
| Symbol |
Meaning |
| ✅ |
Module built and deployed |
| 🔨 |
Module planned — not yet built (build_status: Not started) |
| ❌ |
Uncontrolled gap — no module attributed |
Model inventory and tiering
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| MRM-1 |
Maintain a complete model inventory covering all models used in consequential decisions |
🤖 Automated |
DT-005 |
MOD-150 (LOG) — model inventory is auto-maintained from CI/CD deployment events; every model promotion into production creates an inventory record with version, deployment date, and owning domain |
🔨 |
| MRM-2 |
Apply a risk tier (high / medium / low) to each model based on consequence and complexity |
🤖 Automated |
DT-005 |
MOD-150 (CALC) — risk tier is computed from model type, usage volume, and consequence classification defined in the risk taxonomy; tier is written to the inventory record and updates automatically on material change |
🔨 |
| MRM-3 |
Track model performance metrics (accuracy, PSI, stability) on a continuous basis |
🤖 Automated |
DT-005 |
MOD-150 (LOG) — scheduled PSI and accuracy monitoring runs nightly across all production models; results are written to the inventory record and surfaced in the model risk dashboard |
🔨 |
Pre-deployment validation
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| MRM-4 |
Block deployment of high-risk models without a signed-off independent validation report |
🤖 Automated |
DT-005 |
MOD-151 (GATE) — model validation cases enforce an upload-report-then-approve gate; a model cannot be promoted in the MOD-150 inventory without a closed validation case with an approved validation report attached; no bypass path exists |
🔨 |
| MRM-5 |
Capture the validation outcome (approved / conditional / rejected) as an immutable record |
📊 Evidenced |
DT-005 |
MOD-151 (LOG) — all risk cases, decisions, and resolutions are available to the internal_audit role for examination; no case can be deleted |
🔨 |
| MRM-6 |
Champion-challenger testing for credit and AML models in production |
📊 Evidenced |
DT-005 |
MOD-017 (LOG) — model version controlled, validated, and logged; champion/challenger governance applied; MOD-028 (LOG) — scorecard governance: model version logged against every decision; MOD-039 (LOG) — risk score model in model inventory, validated against AML outcomes quarterly |
🔨 |
Ongoing review
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| MRM-7 |
Conduct annual review of all high-risk models |
🤖 Automated |
DT-005 |
MOD-150 (LOG) — annual review due date is computed from the inventory record and surfaced as a model risk dashboard alert; overdue reviews auto-create risk cases in MOD-151 |
🔨 |
| MRM-8 |
Backtesting of ECL / provisions models against actual losses |
📊 Evidenced |
DT-005 |
MOD-031 (LOG) — ECL model in model inventory; backtested and validated against actual losses; provision entries in GL sourced from the validated model |
🔨 |
| MRM-9 |
Model risk appetite statement — board-approved threshold for aggregate model risk |
🏛 Institutional |
DT-005 |
Model risk appetite is owned by the Chief Risk Officer and approved by the Board. MOD-150 (CALC) — the RAF dashboard includes model risk as a risk appetite dimension; breach auto-alerts the CRO. |
— |
| Obligation |
Owner |
Platform evidence input |
| Independent validation function — validator independence from model development team |
Chief Risk Officer |
MOD-151 enforces the gate; independence of the validator is an institutional governance requirement |
| Model risk committee sign-off on high-risk models |
Model Risk Committee / CRO |
MOD-151 provides the case workflow; committee decision is recorded as a case resolution |
| Model risk appetite statement design and board approval |
Board / CRO |
MOD-150 implements the monitoring against the approved appetite; statement authorship is institutional |
| RBNZ supervisory examination responses on model risk |
Chief Risk Officer |
MOD-150 inventory and MOD-151 validation case records provide the primary examination evidence |
Coverage summary
| Area |
Total obligations |
Platform automated 🤖 |
Platform evidenced 📊 |
Institutional 🏛 |
N/A |
| Model inventory and tiering |
3 |
3 |
0 |
0 |
0 |
| Pre-deployment validation |
3 |
1 |
2 |
0 |
0 |
| Ongoing review |
3 |
1 |
1 |
1 |
0 |
| Total |
9 |
5 (56%) |
3 (33%) |
1 (11%) |
0 (0%) |
All attributed modules are currently build_status: Not started — the compliance position
will update as modules are built and deployed.
| Policy |
Title |
| DT-005 |
Model Risk Management Policy |
Official documentation
Policies referencing this standard
- DT-005 — Model Risk Management Policy
- DT-013 — Model Validation & Audit Policy
Compiled 2026-05-22 from source/entities/regulations/nz-rbnz-model-risk.yaml