Skip to Main Content
BAI & RMA Together we’re ProSight

Mind the Model Gaps

8/7/2025

Banks may be under pressure to innovate, but that doesn’t mean they should accept vendor models sight unseen. As ProSight’s Model Validation Consortium points out, software companies often resist sharing details about their models’ mechanics—leaving bank risk teams to vet what they can’t see. “We can’t just say the associated risks are the responsibility of the vendor,” said Trevor Woolley, model risk manager at Berkshire Bank. “They are our responsibility.” 

To help level the playing field, the consortium has drafted a set of proposed contract clauses designed to give banks a better shot at proper third-party model validation before products go live. The suggested language includes: 

  • Model Risk Management: Banks need enough information to assess whether a model is appropriate for their risk profile—not just the vendor’s sales pitch. 
  • Performance Warranty: Vendors should meet professional standards and product “hygiene.” 
  • Pass-Through Rights: Banks should inherit warranties and guarantees from subcontractors supporting the model. 
  • Offshoring Approval: Banks should sign off on any offshore work related to the product. 

Without these provisions, risk managers are often caught in a bind. “If I don’t have enough resources [from the vendor] to do that, then I can’t approve the model,” said Jessica Jiang, executive director of model risk at Texas Capital Bank. And once a solution is in place, high switching costs can make replacing it extremely challenging—even if concerns emerge later in the validation process. 

The dynamic is especially tough on smaller institutions. They tend to rely more heavily on vendors but have less negotiating power to demand disclosure. When a vendor’s product dominates the market, it often comes with a standardized contract—crafted to protect the vendor’s interests across industries, not tailored to the needs of banks. 

Getting the business line on board is key. “It’s really about the business understanding that the second line has the same process and profitability goals as they do,” said Steven Crowe, director of risk quantification and model risk at Busey Bank. Risk and performance don’t have to be at odds—but without the right contractual groundwork, they often are. 

The takeaway: Start conversations about validation standards and risk transparency at the negotiation stage—not after the contract is signed. 

You can read more in The RMA Journal.