Chapter 5 - Governance, Risk Management & Compliance

Question 1

What can be the consequences of poor corporate governance?

Answer 1

Poor corporate governance can contribute to bank failures, which can pose significant public costs.

In addition, poor corporate governance can lead markets to lose confidence in the ability of a bank
to properly manage its assets and liabilities, including deposits, which could in turn trigger a bank
run or liquidity crisis.

Question 2

How does the OECD define Corporate Governance?

Answer 2

A set of relationships between a company’s management, its board, its shareholders, and other stakeholders

Question 3

What is the role of the Board in Corporate Governance?

Answer 3

It is the responsibility of the board of directors to set out the governance structure for the organisation, to
make sure it is implemented as intended, and to provide effective supervision over senior management

Question 4

What is the Senior Manager and Certification Regime?

Answer 4

It replaces the approved persons regime for senior management registration and regulator approval and encourages senior management to take responsibility for their actions. In addition, there is a strong focus on improved conduct and governance structures. As part of the SM&CR, each senior manager must have a statement of responsibilities (SoR) setting out their roles and responsibilities.

Question 5

Who is included under the Senior Manager’s regime?

Answer 5

• Chief Executive
• Executive Director
• Partner
• Chair of Audit Committee
• Compliance oversight
• Money Laundering Reporting Officer (MLRO).

Question 6

What role does a Compliance Function have in Corporate Governance?

Answer 6

As part of its work as the firm’s second line of defence, the compliance function should also include a
review of these governance standards as part of its monitoring activity. This monitoring should include
the regulatory standards relating to corporate governance, and also the activity of those board members and senior management in positions of significant influence. Any deviations should be reported to an appropriate level of management and, in case of material deviations, to the board.

Question 7

What is a Unitary Board?

Answer 7

The unitary board of directors is characterised by one single board comprising both executive and
non-executive directors.

Question 8

What is a Two-Tier or Dual Board?

Answer 8

The dual board consists of a supervisory board and an executive board of management where there is a clear separation between the functions of supervision and management. In a two-tier structure, a management board manages the company’s business operation but is accountable to, and supervised by, a supervisory board elected by shareholders.

Question 9

What is the advantage to a Matrix Structure?

Answer 9

Such an approach should lead to a more flexible servicing model, as members of the team build and
apply experience in multiple contexts to benefit the business overall.

Question 10

What are the risks of a Matrix Organisation?

Answer 10

However, firms also must be careful to ensure that the implementation of matrix structures does not dilute staff accountability and clarity in the roles that each person fulfils. There can also be tensions if the managers in the matrix structure continue to expect that they can determine 100% of the employee’s activity – forgetting that the employee has a matrix responsibility to another manager covering a portion of their time.

Question 11

What is a Silo structure?

Answer 11

Where isolated groups of workers report to a line or
functional manager. As these groups operate independently, it is not unique to discover functions replicated in each silo.

Question 12

What is a key concern of Silo structures for Compliance?

Answer 12

For compliance, there is an additional concern that
replication of functions (eg, monitoring, advisory, regulatory analysis) in different locations can lead to
inconsistency of the control infrastructure, and could ultimately undermine the clarity and consistency
of liaison with regulators.

Question 13

What are the 4 elements required to maintain Compliance independance?

Answer 13

1. The compliance function should have a formal status within the firm.
2. There should be a group compliance officer or head of compliance with overall responsibility for
   coordinating the management of the firm’s compliance risk.
3. Compliance function staff, and in particular the head of compliance, should not be placed in a
   position where there is a possible conflict of interest between their compliance responsibilities and
   any other responsibilities they may have.
4. Compliance function staff should have access to the information and personnel necessary to carry
   out their responsibilities.

Question 14

What key areas do the 2006 Principles of Corporate Governance from the Basel Committee focus on?

Answer 14

• the board should be appropriately involved in approving the bank’s strategy
• clear lines of responsibility should be set and enforced throughout the organisation
• compensation policies should be consistent with the bank’s long-term objectives, and
• the risks generated by operations that lack transparency should be adequately managed.

Question 15

What are the elements of a PESTLE analysis?

Answer 15

Political 
Social
Technical
Environmental
Economic

Question 16

What does a PESTLE analysis assess?

Answer 16

External Macro Environment - Risks beyond a firms control

Question 17

How do you score events for “exposure” in a risk assessment?

Answer 17

Exposure means how often ana crudity occurs that could give rise to an adverse event.

Annually = One
Semi-Annually = Two
Quarterly = Four
Monthly = 10
Weekly = 50
Daily = 250
Real-Time = 500

Question 18

What is the difference between Risk and Uncertainty?

Answer 18

Risk is a scenario with quantifiable data

Uncertainty is unquantifiable

Question 19

What is the usual expected time frame for reporting a regulatory breach to regulators?

Answer 19

24 Hours

Question 20

Name the board structure typically found in Germany

Answer 20

The Dual (Two Tier) Board

Question 21

Name five examination areas used when conducting due diligence on a hedge fund

Answer 21

• a fund snapshot
• disclosed investment strategy
• historical returns
• assets under management (a copy of the fund’s portfolio from the custodian is usually requested)
• audited financial statements if the fund is regulated by the US Securities and Exchange Commission (SEC)
• fund’s terms and details
• regulatory registration, if any
• risk factors
• valuation.

Question 22

Name two external stakeholders that can be a source of risk for a business.

Answer 22

Parent Company
Major Institutional Investors
Major Clients

Question 23

What is the key to managing stakeholder risk?

Answer 23

• Build relationships at senior levels
• Understand their agenda and how it may differ from the firm’s own agenda
• Manage expectations with any new developments

Question 24

What is gearing and how does it increase risk?

Answer 24

A company which, on paper, looks sound, but which has become over-geared can suffer disproportionately if interest rate rises cause its debt to become more expensive, or if its revenues fall to a level too low to repay its debt.

Question 25

What are the issues with cloud data hosting?

Answer 25

Regulators usually consider cloud data hosting to be a
form of outsourcing, and apply the outsourcing regulations. Within the EU, the General Data Protection
Regulation (GDPR) in relation to data processors and data controllers, applies to cloud data hosting.

Question 26

Name four risk register column headings.

Answer 26

• business objective
• description of associated risk
• risk ranking
• lead person or department
• action plan
• target and completion dates
• sources of assurance and oversight (which may or may not be the lead person or department)
• mitigating controls.