Payments Risk Policy & Governance

Question 1

What is risk management?

Answer 1

The process required to identify, control, and minimize the impact of risk events

Question 2

What is risk appetite?

Answer 2

The amount of risk, on a broad level, an organization is willing to accept in pursuit of value

Question 3

What is risk tolerance?

Answer 3

The acceptable level of variation between the achievement of a specific objective and the risk appetite

Question 4

What is risk culture?

Answer 4

The norms and traditions of behavior of individuals and of groups within an organization that determine the way in which they identify, understand, discuss, and act on the risk the organization confronts and takes on

Question 5

What is risk assessment?

Answer 5

The overall process of risk identification, analysis, and evaluation that guides resource allocation, and assists in designing the infrastructure necessary to effectively respond to and monitor risks

Question 6

What is risk identification?

Answer 6

Finding, recognizing, and describing risks

Question 7

What is risk analysis?

Answer 7

The process to determine the level of risks

Question 8

What is risk evaluation?

Answer 8

The process of comparing risk assessment results to determine if residual risk is at an acceptable level

Question 9

What is risk acceptance?

Answer 9

An informed decision to accept or take a particular risk

Question 10

What is risk avoidance?

Answer 10

An informed decision to withdraw from, or not become involved with, an activity in order to avoid exposure to unwanted or unacceptable risk

Question 11

What is risk sharing?

Answer 11

A form of risk treatment involving the agreed-upon distribution of risk among other parties

Question 12

What is risk assignment?

Answer 12

The allocation of risk by agreement
(it is a form of risk sharing)

Question 13

Who is the board of directors?

Answer 13

A group of individuals that are elected to act as representatives of stockholders and to establish corporate management-related policies

Question 14

Who is the chief executive officer (CEO)?

Answer 14

The highest-ranking executive in an organization whose primary responsibilities include making major corporate decisions, managing overall operations and resources, and acting as the main point of communication between the board and the organization’s operations

Question 15

Who is the senior management team?

Answer 15

A group of individuals at the highest level of management who have the day-to-day task of managing the organization

Question 16

Who are shareholders?

Answer 16

A group that either plays a direct role through electing directors or an indirect role by not investing in a company, thereby pressuring management to meet sales and profit projections

Question 17

What should an audit policy address?

Answer 17

An organization’s policy objective, the scope of work, the assignment and administration of authority, auditing standards, and if audit functions are handled in-house or outsourced

Question 18

What are procedures?

Answer 18

Instructions that define how an organization will proceed, perform, or affect something to accomplish the objectives of a policy

Question 19

What are PCI Data security standard requirements?

Answer 19

1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security

Question 20

What are the three components of the PCI Compliance continuous process?

Answer 20

Assess
Remediate
Report

Question 21

What is the Payment Card Industry Data Security Standard (PCI DSS)?

Answer 21

A global data security standard that all businesses must adhere to in order to accept payment cards, and to store, process, and / or transmit cardholder standards

Question 22

What is the purpose of a customer identification program (CIP)?

Answer 22

It is intended to enable a financial institution to form a reasonable belief that it knows the true identity of each customer

Question 23

What must a customer identification program (CIP) include?

Answer 23

Account opening procedures that specify identifying information that should be obtained from each customer, reasonable procedures for verifying their identity, and information should be documented and retained

Question 24

What is the beneficial ownership rule?

Answer 24

A rule from the Financial Crimes Enforcement Network (FinCEN), stating an institution must establish and maintain written procedures that are reasonably designed to identify and verify beneficial owner(s) of 25% or greater of a legal entity customer, and to include such procedures in its anti-money laundering compliance program