Striking the Balance: Collaboration Between the 1st and 2nd Lines of Defense in Model Risk Management

In today’s highly regulated and data-driven financial environment, models are at the heart of decision-making, from credit underwriting and liquidity forecasting to stress testing and capital planning. As their importance grows, so does the need for effective model risk management (MRM). A key component of this is the relationship between the first and second lines of defense, model owners and users on one side, and the independent risk function on the other.

Too often, this relationship is framed in adversarial terms: the business wants to push models forward quickly, while risk management pulls back in the name of caution. But the most resilient and effective organizations understand that collaboration, not conflict, is the path to models that are not only regulatory compliant but also strategically valuable.

Independent Challenge, Not Independent Isolation

Regulatory guidance such as SR 11-7 underscores the importance of an independent, effective challenge from the second line of defense. This independence is critical. Risk functions must be empowered to question assumptions, probe methodologies, and evaluate performance metrics without influence or pressure from the first line.

However, independence doesn’t mean isolation. Risk teams that operate in a vacuum risk missing business context, operational constraints, or emerging strategic goals that could materially impact how models should be built, validated, and maintained. Effective challenge must be informed challenge.

Building Value Through Mutual Understanding

When first and second line teams engage in open dialogue early and often, the result is a shared understanding of both regulatory expectations and business objectives. This collaboration allows:

• Model development that anticipates scrutiny: Developers can proactively incorporate controls, documentation, and testing aligned with validation expectations, reducing rework and delays.

• More nuanced validation: Validators with a better grasp of business use cases can tailor their assessments to focus on what matters most, increasing the relevance and actionability of their findings.

• Streamlined model governance: Consensus on model classification, materiality, and risk tiers reduces friction and facilitates smoother approval processes.

Compliance and Efficiency Are Not Mutually Exclusive

It’s a common misconception that rigorous model governance slows innovation. In truth, the opposite is often true: organizations with mature, collaborative MRM frameworks can deploy new models faster, with fewer surprises and greater confidence.

This is especially important in areas like CECL, ALM, and interest rate risk, where both compliance requirements and market conditions are evolving rapidly. Models must be defensible to regulators, but also flexible enough to support agile decision-making. Achieving this dual mandate requires tight coordination across lines of defense.

A Culture of Respect and Accountability

Ultimately, successful MRM hinges on culture as much as policy. The first line must respect the role of the second line as a necessary check on model risk. The second line, in turn, must approach its duties not as gatekeepers, but as strategic partners invested in the organization’s success.