Machine-learning models in credit scoring create model risk when predictions diverge from reality, when they encode biased signals, or when their behavior changes after deployment. Sources include noisy or nonrepresentative training data, proxy variables that correlate with protected attributes, and evolving borrower behavior known as concept drift. Regulatory guidance such as the Office of the Comptroller of the Currency Model Risk Management Bulletin underscores the need for systematic detection and controls to limit financial and compliance harms.
Detection methods
Quantitative monitoring begins with performance monitoring and backtesting: compare predicted default probabilities to realized outcomes using measures like AUC, Brier score, and calibration plots. Calibration checks are essential because an uncalibrated model can misprice risk even with high discrimination. Data drift detection uses statistics such as Population Stability Index and Kolmogorov-Smirnov tests to flag input-distribution changes; unsupervised drift detectors can reveal shifts before outcome feedback is available.
Explainability tools surface hidden failure modes. Techniques such as SHAP developed by Scott Lundberg University of Washington and Su-In Lee University of Washington provide local and global feature attributions that help detect undue reliance on fragile or discriminatory predictors. Local surrogate methods like LIME similarly offer interpretable approximations. Fairness analysis, informed by research from Alexandra Chouldechova Carnegie Mellon University, evaluates disparate impact and error-rate imbalances across groups to detect model risk that disproportionately affects protected communities.
Adversarial and scenario testing stress models with extreme but plausible inputs to reveal brittleness. Stress testing and reverse stress testing follow frameworks advocated by the Basel Committee on Banking Supervision to estimate losses under adverse macroeconomic scenarios. Sensitivity analysis and counterfactual testing probe how small input changes alter decisions, highlighting instability that can amplify during economic shocks.
Governance and consequences
Detection must link to model governance: versioned development, validation by independent teams, and documented assumptions reduce undetected drift and misuse. When detection fails, consequences include financial losses, regulatory sanctions, and erosion of public trust, particularly among marginalized populations who may face exclusion. Jurisdictional differences matter: disclosure and explanation obligations under European data protection laws shape which detection and remediation steps are feasible. Combining statistical monitoring, explainability, fairness audits, and governance produces a defensible, transparent approach to detecting and mitigating model risk in credit scoring.