215. Institutions should specify internal policies for changes of models and estimates of risk parameters used within a rating system. Such policies should provide that changes in the models should be made as a result of at least the following:

(a) regular review of estimates;

(b) independent validation;

(c) changes in the legal environment;

(d) internal audit review;

(e) competent authority review.

216. Where material deficiencies are identified as a result of the procedures referred to in paragraph 215 institutions should take appropriate actions depending on the severity of the deficiency and apply a MoC in accordance with section 4.4.3.

217. For the purpose of regular reviews of estimates, institutions should have a framework in place which includes at least the following elements:

(a) a minimum scope and frequency of analyses to be performed, including predefined metrics chosen by the institution to test data representativeness, model performance, its predictive power and stability;

(b) predefined standards, including predefined thresholds and significance levels for the relevant metrics;