Role-Specific Content Generation Exercises

Objective:

Learn to craft effective prompts for generating comprehensive model risk management policy documents.

Background:

Model Risk Managers are responsible for developing and maintaining policies that govern the institution's approach to model risk management. These policies must align with regulatory expectations while being tailored to the organization's specific model landscape and risk appetite.

Exercise:

1. Scenario:

You need to develop a new model risk management policy section addressing AI/ML models for your financial institution.

2. Basic Prompt Example:

Write a model risk policy for AI models.

3. Prompt Improvement Activity:

• Identify the limitations of the basic prompt (lack of specificity, context, and structure)
• Add details about your institution's model landscape and existing policy framework
• Specify the regulatory guidance that should be incorporated
• Request specific sections and content elements
• Include formatting and style requirements

4. Advanced Prompt Template:

I need to draft a new section for our Model Risk Management Policy specifically addressing AI/ML models at our [size/type] financial institution. This will be incorporated into our existing policy framework.

Institutional context:
- We are a [size/type] financial institution with [retail/commercial/investment] banking operations
- Our current model inventory includes approximately [number] models, with [number] AI/ML models in development or production
- Our existing Model Risk Management Policy follows SR 11-7 and OCC 2011-12 guidance
- We have a three-tiered model risk rating system (high/medium/low) based on materiality and complexity
- Our model governance includes a Model Risk Committee and independent Model Validation function

Regulatory considerations:
- Must align with SR 11-7 and OCC 2011-12 guidance
- Should incorporate recent regulatory communications on AI/ML model risks
- Should address model explainability and transparency expectations
- Must include appropriate governance for third-party AI/ML models

Please draft a comprehensive policy section (approximately 1500-2000 words) that includes:

1. Introduction and Scope
   - Definition of AI/ML models within our framework
   - Types of AI/ML models covered by the policy
   - Applicability to third-party and internally developed models

2. Risk Assessment and Tiering
   - Criteria for assessing AI/ML model risk
   - Additional considerations beyond traditional models
   - Risk tiering approach specific to AI/ML models

3. Development Standards
   - Documentation requirements specific to AI/ML models
   - Data quality and representativeness standards
   - Feature selection and engineering guidelines
   - Model explainability and interpretability requirements
   - Testing and performance assessment standards

4. Validation Requirements
   - Conceptual soundness assessment approach
   - Process verification requirements
   - Outcomes analysis expectations
   - Ongoing monitoring considerations
   - Benchmarking and challenger model expectations

5. Governance and Controls
   - Approval authorities and escalation paths
   - Roles and responsibilities (business, validation, audit)
   - Change management requirements
   - Documentation and evidence standards
   - Periodic review and reassessment frequency

6. Third-Party AI/ML Models
   - Due diligence requirements
   - Ongoing monitoring expectations
   - Documentation standards
   - Contingency planning requirements

Format the policy section in a professional, clear style with:
- Numbered sections and subsections
- Concise, actionable policy statements
- Clear delineation between requirements and guidance
- Consistent use of defined terms
- Professional, formal tone appropriate for a regulatory audience

The policy should be rigorous but practical, balancing effective risk management with operational feasibility. It should be written for an audience of model developers, validators, and senior risk managers.

5. Evaluation Criteria:

• Does the prompt provide sufficient institutional context?
• Does it specify relevant regulatory considerations?
• Does it request all necessary policy sections?
• Does it include specific formatting and style requirements?
• Does it balance rigor with practicality?

6. Practice Activity:

Create your own advanced prompt for generating:

1. A model validation standards section for climate risk models
2. A model risk governance framework for third-party models
3. A model monitoring policy for credit risk models

Objective:

Learn to craft effective prompts for generating comprehensive risk assessment reports.

Background:

Risk Officers regularly need to produce detailed risk assessment reports that identify, analyze, and recommend mitigations for various risks facing the financial institution.

Exercise:

1. Scenario:

You need to develop a comprehensive risk assessment report for a new digital banking initiative at your financial institution.

2. Basic Prompt Example:

Write a risk assessment for digital banking.

3. Prompt Improvement Activity:

• Identify the limitations of the basic prompt (lack of specificity, context, and structure)
• Add details about the specific digital banking initiative
• Specify the risk categories to be assessed
• Request specific sections and content elements
• Include formatting and style requirements

4. Advanced Prompt Template:

I need to draft a comprehensive risk assessment report for a new digital banking initiative at our [size/type] financial institution. This report will be presented to the Risk Committee and senior management.

Initiative details:
- New mobile banking application with enhanced features including:
  * Remote account opening with ID verification
  * Integrated personal financial management tools
  * Peer-to-peer payment capabilities
  * Virtual card issuance and management
- Target launch date is [timeframe]
- Will replace our existing mobile banking platform
- Developed in partnership with [internal/external] technology teams
- Will integrate with our core banking system and multiple third-party services

Risk assessment scope:
- Strategic risk
- Operational risk (including technology and process risks)
- Compliance and regulatory risk
- Information security and cyber risk
- Third-party/vendor risk
- Reputation risk
- Financial risk

Please draft a comprehensive risk assessment report (approximately 2500-3000 words) that includes:

1. Executive Summary
   - Overview of the initiative
   - Summary of key risks identified
   - Overall risk rating
   - Critical mitigation recommendations

2. Initiative Overview
   - Detailed description of the digital banking initiative
   - Strategic objectives and business case
   - Key stakeholders and responsibilities
   - Implementation timeline and phases

3. Risk Assessment Methodology
   - Assessment approach and framework
   - Risk rating criteria (likelihood and impact scales)
   - Data sources and stakeholder inputs
   - Limitations and assumptions

4. Detailed Risk Assessment
   For each risk category, please include:
   - Specific risks identified
   - Inherent risk rating (before controls)
   - Existing controls and their effectiveness
   - Residual risk rating (after controls)
   - Gap analysis against risk appetite
   - Supporting evidence and analysis

5. Key Findings and Themes
   - Cross-cutting risk themes
   - Highest priority risks requiring attention
   - Interdependencies between risks
   - Comparison to industry benchmarks or similar initiatives

6. Mitigation Recommendations
   For each significant risk, please include:
   - Specific, actionable mitigation measures
   - Responsible parties
   - Implementation timeframes
   - Expected impact on residual risk
   - Resource requirements
   - Monitoring mechanisms

7. Implementation Roadmap
   - Prioritized mitigation plan
   - Critical path items that must be addressed before launch
   - Key risk indicators to monitor
   - Governance and oversight recommendations

Format the report in a professional, clear style with:
- Executive-friendly language and structure
- Visual elements (suggest tables, matrices, or charts that would be helpful)
- Clear risk ratings using High/Medium/Low terminology
- Balanced perspective that acknowledges both risks and opportunities
- Practical, actionable recommendations

The report should be thorough but practical, balancing comprehensive risk identification with actionable insights. It should be written for an audience of senior risk managers, business executives, and technology leaders.

5. Evaluation Criteria:

• Does the prompt provide sufficient context about the initiative?
• Does it specify all relevant risk categories?
• Does it request all necessary report sections?
• Does it include specific formatting and style requirements?
• Does it balance thoroughness with practicality?

6. Practice Activity:

Create your own advanced prompt for generating:

1. A risk assessment for implementing a new loan origination system
2. A third-party risk assessment for a critical cloud service provider
3. An emerging risk report on climate-related financial risks