Model Risk Taxonomy

From Open Risk Manual


A Model Risk Taxonomy denotes the categorization of different aspects and realizations of Model Risk into a consistent overall framework that may help with mitigating or otherwise managing this risk

Taxonomy Requirements

A model risk taxonomy is related to the broader Risk Taxonomy that is applicable within an organization in two distinct ways:

  • Model Risk being a type of Operational Risk, the model risk taxonomy is a subset and integrates in the Operational Risk Taxonomy. This view focuses on commonalities of model errors across model categories
  • Model Risk potentially affects all quantifiable Risk Types for which the organization implements models based Quantitative Risk Management. Hence the model risk taxonomy can be also considered as an additional risk sub-type within each category: for example model risks affecting credit risk

Given the commonalities characterising model risks across domains it is more effective to focus on the first view. The high level requirements from a model risk taxonomy are not different from any other risk taxonomy

  • Comprehensive Coverage: At any level of the hierarchy the taxonomy must satisfy that
    • the totality of model related risks aggregate to the super-type and
    • any type of model risk within the super-type belongs to one of the subtypes
  • Granularity: The taxonomy has sufficient granularity to distinguish the different model risk types that have their own unique attributes
  • Definitional Clarity: To prevent overlap, at any level of the hierarchy, any type of model risk belongs to one and only one risk type
  • Stability over Time: Risks can be assigned to appropriate risk types in a consistent way over longer time horizons

Model Risk Taxonomy Tree

The model risk taxonomy aims to capture the causes and manifestations of Model Risk in a systematic manner. The classification keys adopted for the taxonomy are focusing on ultimate causes of model risk. Such ultimate causes are:

  • Model Errors due to technical factors internal to the model (Intrinsic Model Risk). NB: In some usage the meaning of model risk might be restricted to mean exclusively intrinsic model risk. Given the context in which models are developed and used this narrow definition is not adequate.
  • Model Errors due to technical factors external to the model itself (e.g., Data Quality, IT infrastructure etc).
  • Errors due to Wrongful Model Embedding / Model Usage. This class covers a variety of possible organizational (typically Model Governance) failures at the different stages of the lifecycle of a model
    • Inadequate specification of scope and requirements at the commissioning / specification phase
    • Inadequate resources or oversight during the development phase,
    • Inadequate Model Validation or approval processes
    • Weaknesses in the deployment infrastructure
    • Inadequate monitoring of Model Performance Measures
    • Inadequate embedding and ongoing use (e.g. limited undestanding by users or senior management]]

You can browse the current Model Risk Taxonomy by clicking on the arrows of the taxonomy tree below. Nodes that have further subdivisions are indicated with a blue arrow. End-nodes lead to the corresponding category definition and the list of articles belonging to that.

NB: The structure of the taxonomy (especially the more granular levels) is still under active development!


A model risk taxonomy enters in Model Risk Management activity as a tool to help with a variety of tasks:

Issues and Challenges

  • Model Risk is an abstract and technical risk type and its management is still an evolving practice