Nowadays, the tolerance for legacy workarounds in risk models is wearing thin. Adjustments made to accommodate poor documentation, patch data issues, or compensate for inflexible logic are increasingly flagged during validation and regulatory review.
Supervisory expectations have changed. Firms are now expected to demonstrate end-to-end traceability, variable-level transparency, and evidence that models reflect current conditions, not just historical assumptions. Internally, risk and finance teams are under pressure to deliver models that support faster iteration, more granular insight, and alignment with business objectives.
That’s where model modernisation comes in.
In this blog, we define model modernisation, explain why it’s become a 2025 priority, and discuss how leading firms are approaching it.
What is model modernisation?
Model modernisation is a structured reassessment of how risk models are designed, built, governed, and deployed to ensure they remain fit for regulatory, operational, and analytical use. Increasingly, firms are extending this focus beyond individual models to structural analytics — the full suite of capital, IFRS 9, stress testing, liquidity, pricing, and ALM models that underpin financial stability and regulatory compliance.
The process typically includes a review across five key areas:
1. Data foundations and governance
This area assesses the adequacy of data for modelling throughout its lifecycle.
■ Are there persistent data quality issues (e.g., accuracy, completeness, consistency) that undermine trust and usability for modelling?
■ Is data readily available and accessible for modelling purposes, or is it locked in disparate silos lacking the necessary connectivity for a consolidated view?
■ Is data governance robust, with clear ownership, policies, quality standards, and controls specifically supporting modelling needs?
■ Does data possess sufficient granularity to meet sophisticated modelling and regulatory demands?
2. Model design, logic, and development
This examines the appropriateness of model methodologies, the validity of their underlying assumptions, the inclusion of forward-looking information, and the robustness of development practices.
■ Do models employ overly sophisticated or opaque methodologies that are difficult to interpret, explain, or validate effectively?
■ Is there an over-reliance on undocumented assumptions, simplifications, or expert judgments within model design that may not hold true, especially under stress?
■ How effectively, and with what justification, is uncertain forward-looking information (e.g., macroeconomic forecasts for IFRS 9 or Stress Testing) incorporated into models?
■ Are there inconsistencies in models, data definitions, or assumptions used across different regulatory frameworks (e.g., IFRS 9, IRB, Stress Testing) or for various internal applications, hindering integration?
■ Are traditional model development cycles too lengthy and resource-intensive to keep pace with business and regulatory demands?
3. Model validation and risk management
This evaluates the rigour of the validation process, the effectiveness of ongoing monitoring, and the comprehensiveness of the model risk management (MRM) framework.
■ Is the scope of model validation sufficiently rigorous and comprehensive, covering the entire model lifecycle from development to implementation and use, and assessing both technical soundness and fitness-for-purpose?
■ Does the validation function maintain true independence and possess the competence and influence to provide effective challenge to model assumptions and conclusions, as mandated by regulators?
■ Is ongoing model performance monitoring, back-testing, and benchmarking consistently and effectively performed across the model inventory, with clear triggers for action?
■ Is there a robust model risk management (MRM) governance framework in place, defining clear policies, roles (e.g., owner, developer, validator, user), standards, change control, and documentation requirements?
■ Are validation approaches adapting to the challenges posed by newer, more complex models, including those leveraging AI/ML?
4. Technology enablement and deployment
Here, the limitations of legacy IT have become especially acute. Many firms still rely on offline tools or fragmented environments that introduce unnecessary risk. Modern orchestration platforms, such as TRAC, are starting to address this challenge. TRAC provides universal orchestration for complex models, allowing teams to deploy and monitor in minutes rather than months, generate automated governance documentation, and guarantee repeatability through immutable assets.
■ Do inflexible, outdated, or siloed legacy IT systems impose limitations on the development, deployment, or performance of modern, computationally intensive analytical models?
■ Are there significant challenges in integrating disparate data sources, analytical platforms, and execution environments required by models?
■ Does the current infrastructure offer sufficient scalability and processing power for increasingly complex models and larger datasets, or are there performance bottlenecks?
■ Is there a lack of integrated, end-to-end tooling covering the entire model lifecycle (from data management to deployment and monitoring), leading to fragmented, manual, and hard-to-govern processes?
■ Are model deployment processes inefficient, leading to slow updates, reliance on complex offline tools (EUCs), or risks during execution?
5. Regulatory compliance and fitness for purpose
This assesses the models' ability to meet the extensive and evolving demands of various regulatory frameworks while also serving internal business objectives effectively.
■ Are models and their underlying processes struggling to keep pace with the high volume, complexity, and potential ambiguity of overlapping regulatory requirements (e.g., IFRS 9, IRB capital rules, Stress Testing expectations, PRA SS1/23 on model risk management)?
■ Do interpretive challenges with principle-based regulations lead to uncertainty in model application or concerns about meeting supervisory expectations?
■ Can models and their governance frameworks effectively demonstrate compliance and robustness under intense supervisory scrutiny and internal audit?
■ Is there a tension between the desired risk sensitivity and sophistication of internal models versus prescriptive regulatory constraints (e.g., output floors, IRB restrictions) that might blunt their overall effectiveness or intended benefits?
■ Are models consistently fit for their intended purpose, not only for regulatory submissions but also for internal risk management, pricing, and strategic planning?
Modernisation doesn’t always mean replacing a model. In many cases, it means addressing specific areas of risk, inefficiency or technical debt — so that the model can continue to deliver value without increasing the burden on governance or development teams.
Why model modernisation is on the agenda in 2025
Model modernisation has become a business-critical priority for many firms this year. This isn’t down to regulatory change. It’s because of the cumulative strain legacy models are placing on validation, governance, and decision-making.
In fact, nearly two-thirds of businesses invest more than $3 million annually maintaining and upgrading legacy systems, with more than three-quarters of IT decision-makers reporting teams spend 5-25 hours per week just updating and patching legacy systems.
Several factors are driving the urgency:
#1. Regulatory expectations have increased
Supervisors are placing more emphasis on transparency, explainability, and control. Models must demonstrate traceable inputs, well-documented logic, and robust governance across the lifecycle. The bar for evidencing compliance with IRB, IFRS 9, and ICAAP requirements has risen.
#2. Validation and audit cycles are absorbing more effort
Legacy models often require additional overlays, supplementary documentation, or manual interpretation to pass internal challenge. This not only slows down the approval process but undermines stakeholder confidence and stretches internal resource.
#3. Model performance is harder to explain and maintain
As portfolios evolve and economic conditions shift, many older models struggle to adapt. Performance degradation is often masked by recalibration or business rules, which can lead to inconsistency across models and limited insight into root causes.
#4. New demands are being placed on existing infrastructure
Risk models are now being used to support a broader range of use cases — from vulnerability detection and affordability assessment to real-time decisioning and early warning indicators. These use cases require faster updates, more granular segmentation, and tighter integration with upstream data and downstream systems.
#5. Technical debt is starting to create operational risk
Hardcoded assumptions, undocumented transformations, and manual processes have accumulated over time. As regulatory scrutiny increases, so too does the risk that these legacy elements will be challenged, delayed, or fail under review.
These pressures are forcing firms to reconsider whether their existing models are sustainable. Not just from a performance standpoint, but from the perspective of governance, transparency, and long-term viability.
The benefits of modernisation are also becoming clearer. When structural analytics are modernised, firms report gains across four areas:
- Strategic value and decision-making: analytics become a driver of profitable growth, not just a regulatory necessity.
- Operational efficiency and agility: faster development and deployment cycles reduce costs and speed up delivery.
- Regulatory compliance and risk management: models are more robust, auditable, and defensible under supervisory scrutiny.
- Future readiness: platforms and processes are better able to absorb innovation, from AI techniques to emerging regulation
What’s changed in modelling
The context in which models are developed and deployed has changed significantly. What passed for acceptable model design a few years ago may no longer be sufficient because the fundamentals have changed, as have the expectations around control, speed, and accountability.
Greater availability of granular and behavioural data
Firms now have access to richer datasets, including real-time transaction behaviour, open banking feeds, and affordability signals. Models that were built around static credit bureau data often can’t accommodate these inputs without substantial reengineering.
Increased adoption of machine learning and AI
While machine learning offers performance advantages, it also introduces challenges in explainability, variable control, and regulatory comfort. Many firms operate in hybrid environments—where some models use traditional techniques, while others deploy ML—and governance processes are struggling to keep up.
Tighter integration between risk, finance, and digital teams
Models are no longer isolated and built solely by risk teams. They underpin digital journeys, drive credit policy, and feed capital planning. This interconnectedness increases both the value and the vulnerability of the models themselves.
Faster release cycles and cloud-based pipelines
Modern infrastructure allows for rapid deployment and iteration, but legacy models often can’t be adapted quickly or tested robustly within these newer environments. Manual processes, inconsistent environments, and undocumented logic slow down delivery and introduce avoidable risk.
Rising internal expectations for agility and control
Stakeholders want more than performance metrics. They expect models to be explainable to non-specialists, flexible enough to adjust for policy changes, and responsive enough to meet emerging use cases. Older models rarely meet all three criteria without intervention.
Modernisation is how firms close the gap between old and new techniques and between what’s in place and what’s now required in regulation, infrastructure, and internal decision-making.
What model modernisation looks like in practice
Modernising a model estate isn’t about wholesale replacement. In most cases, it means applying structure, clarity, and rigour to the areas that introduce the most friction, whether that’s data foundations, model development, governance, or deployment.
Leading firms are now taking a phased approach, which often follows a maturity journey:
Step 1: Start with a holistic assessment
Modernisation begins with a clear diagnostic: reviewing data management practices, governance frameworks, and the health of the model inventory. Many firms also conduct a technology and infrastructure assessment, alongside regulatory and skills gap analysis, to establish a realistic baseline for change.
Step 2: Prioritise data governance and quality
This stage often involves setting up stronger governance frameworks, improving lineage, and addressing quality issues that undermine trust in models. By treating data as a strategic asset, firms can unlock a more reliable basis for both regulatory and business decision-making.
Step 3: Modernise model development and validation standards
With data foundations in place, attention turns to redeveloping or refining core regulatory models (IFRS 9, IRB, Stress Testing). Many are now adopting explainable AI techniques, often supported by platforms like Archetype, to balance performance with transparency. Crucially, new models undergo rigorous independent validation to meet supervisory standards and support integration across risk and finance.
Step 4: Embed comprehensive model risk management
A strong Model Risk Management (MRM) framework becomes the backbone of sustainability. This includes clear roles and responsibilities, a well-maintained inventory, formalised policies and procedures, and governance aligned with regulatory expectations such as PRA SS1/23. For more complex models, including those using AI/ML, validation approaches are adapted to provide effective challenge.
Step 5: Upgrade technology and pilot new platforms
Finally, firms are tackling the operational bottlenecks created by legacy IT. Proofs of concept and pilot deployments are common, particularly with orchestration platforms such as TRAC. TRAC enables faster, more controlled deployment, automated governance documentation, and repeatable execution through immutable assets. Together with cloud-enabled infrastructure, this reduces reliance on offline tools and accelerates the move to a fully governed, scalable environment.
While the specific interventions vary by model type and regulatory regime, the goal is the same: to build models that are defensible, adaptable, and aligned with the business's real demands.
Modern models for modern demands
Model modernisation ensures that the models in place today can withstand scrutiny, support evolving decision-making needs, and deliver value without introducing unnecessary risk.
Firms that act now will be better positioned to meet regulatory expectations and internal demands for speed, flexibility, and control. Those that delay may find themselves locked into fragile architectures, reliant on workaround after workaround, with mounting governance costs and operational exposure.
Keen to hear more about model modernisation? Subscribe to our LinkedIn newsletter.
Model modernisation FAQs
1. What is model modernisation?
Model modernisation refers to the process of updating risk models to meet current expectations around data governance, documentation, performance, and regulatory compliance. It involves re-evaluating variable construction, improving input traceability, streamlining deployment, and embedding governance. It’s not limited to technology upgrades — it addresses the full modelling ecosystem.
2. Why is model modernisation important in 2025?
In 2025, regulators will place greater emphasis on model transparency, data lineage, and explainability. At the same time, firms will be under pressure to adapt models to new data sources, business requirements, and reporting cycles. Model modernisation ensures that existing models remain defensible, auditable, and fit for purpose in a changing environment.
3. Does model modernisation always require a full model rebuild?
No. In many cases, model modernisation can be achieved through targeted interventions — such as auditing input variables, simplifying feature logic, or improving governance workflows. A full rebuild is only necessary where legacy structures can’t be adapted to meet current standards.
4. What are the key triggers for model modernisation?
Common triggers include performance drift, increased regulatory scrutiny, changes to input data, difficulty explaining model outputs, or inefficient validation cycles. Where models rely on undocumented logic or manual workarounds, model modernisation becomes a strategic priority.
5. How does model modernisation improve regulatory defensibility?
Modernised models are easier to validate and explain. They include clear documentation, stable data inputs, transparent assumptions, and defined governance roles — all of which make it easier to meet PRA, ECB, and IFRS 9 requirements. Regulators increasingly expect firms to demonstrate control over the full model lifecycle.
6. Can model modernisation support the use of AI or machine learning?
Yes, but only when governance is built in from the start. Model modernisation provides the structure needed to integrate ML techniques while maintaining explainability and regulatory compliance. This includes controlling data inputs, ensuring auditability, and validating performance in real-world conditions. Platforms such as Archetype can help embed explainability, while orchestration tools like TRAC ensure that even complex models are deployed and monitored in a controlled, repeatable way.
7. Where should firms start with model modernisation?
A structured data audit is the recommended starting point. This identifies weak inputs, undocumented logic, and governance gaps that may be undermining model reliability. From there, firms can prioritise remediation based on materiality, risk exposure, and regulatory relevance. For firms also struggling with outdated deployment processes, piloting orchestration solutions like TRAC can provide an early, tangible win, reducing reliance on offline tools and giving validation teams greater confidence in execution consistency.