OR

Question 1

UK Regulation in Regulatory Expecation

Answer 1

Evolution of Cyber Risk Management in UK Banking:
2018- Introduction of new ORM regulations by FCA, PRA, and BoE
2020- Adjustments due to COVID-19 and WFH arrangements

Question 2

US REG.

Answer 2

Question 3

What is operational risk defined by the Basel Committee on Banking Supervision?

Answer 3

The risk or loss resulting from inadequate or failed internal processes, people, systems, and external events.

Question 4

What does operational risk management (ORM) deal with?

Answer 4

Four specific causes: inadequate or failed internal processes, people, systems, and external events.

Question 5

What is an ORM framework?

Answer 5

The total of the methods or processes used to control operational risk within a firm.

Question 6

What are the four steps in the iterative cycle of risk management?

Answer 6

• Risk identification
• Risk assessment
• Risk mitigation
• Risk monitoring

Question 7

What is the goal of risk identification?

Answer 7

To determine as many relevant risks as possible that could negatively impact the firm’s business goals.

Question 8

What methods might be used during risk identification?

Answer 8

• Group brainstorming activities
• Interviews with staff

Question 9

What does risk assessment involve?

Answer 9

Determining the probability and severity of identified risks for prioritization.

Question 10

What tools are used in risk assessment?

Answer 10

• Stress testing
• Scenario analysis

Question 11

What is the purpose of risk mitigation?

Answer 11

To minimize or eliminate risks that have a high probability of occurring or high severity if they occur.

Question 12

What methods are commonly used in risk mitigation?

Answer 12

• Internal controls
• Purchasing insurance
• Minimizing exposure

Question 13

What is the final step in the risk management process?

Answer 13

Risk monitoring

Question 14

What is the objective of risk monitoring?

Answer 14

To verify if the risk management process is operating as expected and if the firm’s operations are robust.

Question 15

What actions are taken if the risk management process is not operating as expected?

Answer 15

Remedial actions are taken in the first three steps before performing another step of risk monitoring and evaluation.

Question 16

What activities are involved in risk monitoring?

Answer 16

• Reviewing incident reports
• Developing key risk indicators

Question 17

What is more important consistency or accuracy while risk mapping?

Answer 17

consistency

Question 18

Internal Fraud

Answer 18

rogue trading, employee defalcation. low severity and low loss

Question 19

External Fraud

Answer 19

cyber attack, low s and low p

Question 20

Employment practices and work safety

Answer 20

moderate frequency, low severity, legal risk

Question 21

Client, business

Answer 21

high probability, very high severity, legal risk

Question 22

business disruption and IT failure

Answer 22

low probability and low severity

Question 23

execution, delivery and process management

Answer 23

high frequency and high loss