Study Questions (All Chapters) Flashcards

Question

Which of the following is NOT a type of operational risk under Basel’s classification? A) Internal Fraud B) Employment Practices and Workplace Safety C) Business Strategy Failure D) Execution, Delivery and Process Management

Answer 1

False - Operational risk also includes external events, such as natural disasters, regulatory changes, or cyberattacks

Answer 2

**C** - When employees manipulate internal records or conceal trades, it falls under internal fraud, which is one of Basel's key categories of operational risk.

Answer 3

**B** - The Dodd-Frank Act was designed to reduce systemic risk and ensure large firms could fail without triggering financial collapse.

Answer 4

False - GDPR requires companies to obtain consent for certain types of personal data collection, but there are exceptions (like legitimate interest). Explicit consent is only required for certain data types or uses (e.g., sensitive personal data).

Answer 5

**C** - FATCA requires foreign financial institutions to report the foreign accounts of U.S. citizens to the IRS to prevent offshore tax evasion.

Answer 6

**B** - Article 8 products are those that promote ESG characteristics but do not have sustainable investment as their primary objective (unlike Article 9 products, which are "dark green" and have sustainability as their core goal).

Answer 7

Via an approved publication arrangement (APA). ## Footnote Specialist-reporting service provider companies, referred to as approved reporting mechanisms (ARMs), are approved by the regulator for this purpose.

Answer 8

ensuring the counterparty has the legal power to transact, ie, that it is not acting beyond its legal authority

Answer 9

When multiple projects are being managed in conjunction

Answer 10

The project management team aims to bring about the successful completion of specific project goals and objectives. The change management team ensures that any required changes are implemented in a controlled manner by following a predefined framework or model. ## Footnote Operational risk may increase during a transitiona/change period

Answer 11

Projects are packages of work that deliver a ‘defined change’. ## Footnote May get a question relating to defined change risks instead off project risks

Answer 12

Underwriting standards.

Answer 13

* Issuer/Counterparty Risk * Pre-settlement risk * Settlement risk * Direct Risk

Answer 14

* Bad data - lack of data, irrelevent data, major market events causing misleading data * Simple Calculations - too simple for future exposure * Assumptions - i.e. that all credit risk is equal * Understanding - lack of on how mititgating risk techniques influence risk

Answer 15

**Managing** * Credit exposure management * Credit Risk Premium **Measuring** * Credti Ratings * Modern Calculation Techniques (PD, LGD and VaR Calculations)

Answer 16

* Underwriting Standards * Credit Limits * Collateral and Margin * Netting

Answer 17

* Diversification * Asset Securitisation * Loan Sales * Credit Deriviatives (CDSs, Total Return Swaps, Option CDSs, Credit-Linked Notes)

Answer 18

Direct market risk factors are those that directly reflect the performance of a company, such as the health of its balance sheet, strength of its management team and its policy.

Answer 19

Indirect market risk factors are those that indirectly affect the performance of a company, such as interest rates, economic events and political and environmental.

Answer 20

* FX Risk: adverse exchange rate movement * Interest Rate Risk: adverse interest rate movement, affects fixed income mainly. * Credit Risk * Equity Price Risk: adverse share price movement * Commodity Price Risk: adverse commodity price movements

Answer 21

* Liquidity Risk: loss through not being able to trade in a market or obtain a price * Basis Risk: when one kind of risk exposure is offset with another exposure in an instrument that behaves in a similar, but not identical, manner (ie, hedged).

Answer 22

* Distribution Analysis * Value at Risk (VaR) calculations * Expected Short Fall (cVaR) calculations. * Back Testing * Stress Testing

Answer 23

* Hedging: used to reduce the impact of adverse price movements by taking an offsetting position in a related product. * Diversification * Risk Limits: Market Risk Limit or Stop‐Loss Limit (in terms of VaR).

Answer 24

Risk of loss through not being able to trade in a market or obtain a price on a desired product when required. May also mean that the bank or financial institution may not be able to fulfil transactions as it does not hold sufficient cash (funding liquidity). Overlaps with credit/counterparty risk.

Answer 25

* Asset Liquidity - loss caused by an inability to sell an asset * Funding Liquidity - when liabilities cannot be met when they fall due or can only be met at an uneconomic price * Fund Liquidity - sufficient cash not available within a fund to pay out

Answer 26

* Bid-Offer Spread - difference in buy and sell order prices. * Market Depth - amount of an asset that can be bought and sold at various bid-ask spreads * Immediency - measure of time taken for a trade to completed at specific price * Resilience - time taken for price recovery after a large transaction

Answer 27

* Asset and Liability Management - match cash flows with liabilities * Maturity Ladders - stagger maturity dates ensuring consistant cash flow * Managing Actual and Contractual Cash Receipts - blancing non-contractual and contractual cash receipts.

Answer 28

* **Pros**: can give statistical probability, provide correlation between assets, allows for quantifying all risks in a portfolio. * **Cons**: Doesn’t account for liquidity risk, depends on data accuracy/availability, doesn’t predict well for drastic risk environment changes.

Answer 29

* Historical Simulation * Correlation Simulation

Answer 30

Conditional value at risk, looks at average VaR, mean, excess loss and expected tail loss at certain VaR levels. Looks at average loss over a selected risk threshold.

Answer 31

Applied using a stop-loss limit calculated based on VaR or similar varient.

Answer 32

The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.

Answer 33

Defined as the amount of risk an organisation can afford to take during its business activities or their ability to absorb a loss of a certain size over a period of time

Answer 34

Lack of duty/responsibility segregation is one of the main operational risks. A key preventative control is ‘supervision and segregation of duties’.

Answer 35

‘the ability of a bank to deliver critical operations through disruption’.

Answer 36

A ‘risk event’ is essentially the loss event that occurs. In contrast, the ‘risk effect’ is the loss incurred by the firm.

Answer 37

Straight-through-processing / automated environment.

Answer 38

Near-misses are where a risk event occurred but did not incur losses

Answer 39

The board will have many responsibilities, including: * Overseeing the firm * Establishing board policies, strategy and objectives * Reviewing risk and setting risk appetite with a management approach * Appointing the CEO * Ensuring the firm has sufficient financial resources * Approving annual budgets for the organisation, and * Agreeing the salaries of senior management. * Being aware of operational risks and approve/review the operational risk framework: * Ensure the operational risk framework is independently audited by competent staff.

Answer 40

It is US Legislation with the objective to prevent another financial crisis caused by firms through improving the level of accountability and transparency in the US financial system through highlighting to the SEC excessive risks. It further aims to end the concept that a US firm is ‘too big to fail’ to protect the US taxpayer by ending bailouts to struggling firms and to protect consumers from abusive financial services practices. The act requires that high-risk OTC derivatives, such as CDSs, are regulated in the US by the SEC or the Commodity Futures Trading Commission (CFTC)

Answer 41

Applying to LSE listed companies, its intended to improve corporate governance within the UK by improving standards and promoting transparency and integrity. Through 5 sections: 1. Board leadership and company purpose. 2. Division of responsibilities. 3. Composition, succession and evaluation. 4. Audit, risk and internal control. 5. Remuneration.

Answer 42

This US Legislation purpose is to protect investors by improving the accuracy and reliability of corporate financial reporting and disclosures. It created rules relating to public company accounting, auditor independence, corporate responsibility, and analysts’ conflicts of interest. It also gave the SEC power to regulate or to require securities associations and national securities exchanges to create rules to protect investors and the public interest. It is now a requirement that analysts certify the truthfulness of their views and disclose if they have received payment for them.

Answer 43

This US Law requires that US persons, including those living outside the US, need to annually report details of themselves and their non-US financial accounts to the US authorities. It also requires all non-US based financial institutions to examine their account holders in order to identify any US persons and then report details of their identities and their assets to the US Treasury.

Answer 44

- Regulated by the ICO, designed to protect the data rights of individuals (‘data subjects’). - Breach £17.5million or 4% of global turnover - Data controller has overall responsibility. Oversee the data processors. - Data should be obtained lawfully, fair and transparent, must be purpose limited, minimal, accurate. It must be stored minimally and be confidential. - Generally all records of transactions must be kept for at least five years in the UK.

Answer 45

- Mandatory disclosures for financial market participants in relation to the firm’s consideration of its sustainability risks to reduce greenwashing for comparing products accurately based on environmental impact. - Requires products to be captured within three classifications: **Article 6** - products either integrate ESG risk considerations into the investment decision-making process or explain why sustainability risk is not relevant. **Article 8** - products promote ESG characteristics, and may invest in sustainable investments, but do not have sustainable investing as a core objective. **Article 9** - products have a sustainable investment objective.

Answer 46

The risk associated with an activity or an event before the risk response, i.e, the level risk before any controls have been put into place.

Answer 47

Residual risk is the amount of risk remaining once the controls have been implemented.

Answer 48

**Direct** - more resources and time required to put project back on course - cancelling of project midway through - setup of further projects for remedial action **Indirect** - The opportunity to use the dedicated resource for the failed project on another project - project destabilising business as usual causing delays or more pressure increasing errors. - the project may be beyond the capacity of the business.

Answer 49

- Responsible for providing oversight and giving advice to the board of directors in relation to identified risk exposures of the organisation, including both current and potential risks, future risk strategy. - Oversees the CRO.

Answer 50

- Report to Board of Directors or Board Risk Committee. - Responsible for ensuring the efficient and effective governance of risks and that the firm is compliant (main responsibility). - May be involved with internal audits, insurance, corporate investigations and fraud and info security. - Oversees and implements the ERM approach

Answer 51

1. Optimise the overall risk management process. 2. Provide an understanding of total risk exposure. 3. Manage the consequences of risk. 4. Ensure firmwide common understanding of risk and risk language.

Answer 52

ERM provides a firm with the ability to manage its risks effectively. It is a structured, consistent and continuous process across the whole organisation for identifying, assessing, deciding on responses to, and reporting on opportunities and threats that affect the achievement of its objectives. ERM aims to protect shareholder value by creating a risk profile, risk registers (a risk management tool)

Answer 53

The business requirement is that the firm has a clearly defined business strategy. Impacts on Culture include: - Quality and integrity of staff - Internal changes - Effectiveness of controls, - Level of resourcing - Reward practices - Senior management conduct ## Footnote Senior Management are held accountable and should promote personal responsibility, integrity, continuous improvement, risk awareness and motivate, boost morale, train staff and manage changes effectively

Answer 54

A Risk Officer is appointed to independently challenge the firms risk control

Answer 55

A type of operational risk and is the risk of loss due to legal issues brought about by an inability to enforce legal contracts, licenses, ownership rights, patents or documents, or during contract forming, jurisdiction, netting and or collateral arrangements

Answer 56

- A type of operational risk to earnings from violations i.e. paying fines, contract voiding, damage payments and reputational damage. - Compliance function should ensure good corporate governance, organisational integrity and regulatory compliance. - Other realised risks are fines or regulatory censure due to, fraud insider dealing/ market abuse, money laundering, exposure violations, unauthorised trading and bribery

Answer 57

Supports the front office and acts as a point of control and acts. Middle Office will have systems in place to assess the types of clients the firm has, their risk profiles. Ensures that due diligence is correctly carried out before being passed to the back office by: - ensuring that trades are correctly booked. - monitoring existing trades - revaluing portfolios - reporting profit and loss positions, risk and process metrics - providing a point of contact as well as a point of control over an outsourced provider. - monitoring COACs - May include outsourced providers.

Answer 58

- Generally referred to as ‘operations’, provides administrative and support services. - Their objectives are typically to monitor the life of transactions, fulfill the settlement, payment and other actions, and provide the transaction, position and cash movement information. - Carries out functions such as transaction instruction, settlement, clearing, record maintenance, reconciliation, asset servicing and interface with regulatory compliance and accounting. - The back office ensures that: o actual exchanges and deliveries of money and assets between the firm and its various counterparties are arranged, monitored, verified and fulfilled, o settlement instructions are maintained and checked, o flows between cash nostro accounts and deposit accounts at securities depositories are correctly managed.

Answer 59

- Risk of inaccurate financial reporting - Effects can lead to the consequences of direct and indirect loss such as fines and penalties. - Accounting errors can also conceal already realised losses. These can often go undetected for a long period as they become lost among other problems and causes. - Includes Trader misreporting transaction details, misreporting accounts, because of complex aggregation rules, changing industry accounting standards.

Answer 60

True - and has to be independant of senior management

Answer 61

False - it is a requirement under MIFID. Although it does form part of the basel accords

Answer 62

Risk reporting involves communicating the losses, exposure and risks to the right level of management in the firm, including escalating the details to the board of directors. Its functions are to provide transparency of risk status and issues, aid communication reduce uncertainty, escalate issues and recommendations, and allow early and decisive action to address risk.

Answer 63

- First line: Controls are integrated into the firm’s systems and processes and provides management with verification and feedback to auditors on identifying risks and its controls. - Second Line: comprises of risk professionals and compliance groups, which help the risk management process in facilitating and monitoring the implementation of effective risk management, systems and controls within the firm. - Third Line: Essentially the internal audit and independent assurance covering the first and second line of defence

Answer 64

In order to meet the prime objectives of operational risk management, the risk policy should address the following areas: * Sponsorship * Identification of key officers * Cross-divisional involvement and agreement * Roles and responsibilities * Definition and communication of the risk management framework and explicitly the firm’s risk methodology * Consistency of the firm-wide approach * Coordination and escalation * Segregation of duties, and * Risk appetite.

Answer 65

1. Identification, measurement, assessment and management of operational risk. 2. Reduction or mitigation of the potential impact to acceptable levels 3. Adopt a common, structured approach to risk management across the firm.

Answer 66

1. Reduce operational errors and its associated losses 2. Detect risk early 3. Reduce future risk exposure 4. Decrease cost of audits and compliance.

Answer 67

The Process the operational risk management function is responsible for implementing and overseeing is: 1. Identification and classification of risks 2. Risk and control measurement and assessment. 3. Response (the reduction of potential risk impact, and of the likelihood of any occurrences in the first place). 4. Monitoring of risks. 5. Reporting and escalation of risks. 6. Planning and change. 7. Policy and appetite.

Answer 68

A central record of all identified risks at alll stages with ratings and resulting actions taken place by the risk manager. A risk register typically contains: - risk reference (used internally to help identify this risk in the future) - date identified - description of the risk - risk owner - risk cause - key controls - risk effect/harm - risk scores (inherent and residual) - risk response/proposed action (immediate) - remedial actions (follow-up) and deadlines, and - methods of monitoring the risk.

Answer 69

Constraints on implementing this process/framework include: - Data collection (i.e lack of) - Cultural (management need to be convinced) - Resources and Costs - Unfit risk indicator designs.

Answer 70

* Unauthorised Activity (unreported transactions/ transaction type unauthorised) * Theft/Fraud (bribery, insider trading, forgery, tax evasion).

Answer 71

External fraud – examples include robbery, forgery and theft via computer hacking and cyber attacks.

Answer 72

Risk appetite can be expressed in any number of ways including an absolute value or limit (eg, £1 million per risk event) or a relative limit (eg, 3% of revenue, or 1% of clients in default). Risk appetite statement communicates and provide transparecny around the risks management process within the organisation. It should include the: * Date of issue * Document approvals and revisions * Definition of risk and risk ratings to ensure consistency across the business * Risk appetite value or limit * Escalation procedures for any risk identified exceeding the risk appetite * Frequency of review or date of next review, and * Distribution.

Answer 73

1. Internal Fraud 2. External Fraud 3. Employment Practices and Workplace Safety 4. Clients, Products and Business Practices 5. Damage to Physical Assets 6. Business Disrupton and System Failures 7. Execution, Delivery and Process Management

Answer 74

To source external operational risk data to help improve the companies operational risk process ## Footnote British Bankers Association (BBA), Operational Riskdata eXchange Association (ORX), the Operational Risk Consortium (ORIC) and Fitch.

Answer 75

Measurements allow for: - Creation of a quantitative baseline, - Appropriate accountability - Responsibility by understanding the scale and where it occurs, - Providing an incentive for risk management - The development of a risk-aware culture, - Improving management decision-making - Adopting a proactive and transparent approach to risk management - Assessing the financial risk exposure that can be used for capital allocation purposes.

Answer 76

Risk Score = Likelihood*Impact ## Footnote **Advantages**: simple, effective, focuses management attention, minimal data needed, wide scope of possibilities, anticipates loss, encourage risk awareness culture. **Disadvantages**: cost benefit of remedial action is difficult to ascertain, it is subjective and may be oversimplified.

Answer 77

**1. Rating, Ranking and Assessing** - risk scoring **2. Risk and Control Self-Assessment** - each manager compiles a list of risks and exposure. **3. Scenario Analysis** - capture possible scenarios that have occurred in the past **4. Benchmarking** - comparing loss data and measures of operational risk with competitors **5. Material Top-Down Risk Assessment** - SM review risks, set objectives and appetite **6. Risk Event Data Analysis:** - use statistical methods from internal/external collected data | SM - Senior Management

Answer 78

1. Root Cause 2. Event 3. Effects

Answer 79

Process, People, Systems, Events

Answer 80

1. Risk and Control Self-Assessment 2. Reviews/Audits 3. Focus Workshops 4. Risk Event Analysis 5. Management Information Statistics and Key Risk Indicators (KRIs)

Answer 81

**KRI advantages**: trend monitoring, creation of limit of acceptability, basis for performance measurement and targets, early warning signal alert. **KRI disadvantages**: misleading if in isolation, difficult to report on qualitative measures.

Answer 82

* Number of settlement failures occurring over a given time period. * Number of times a trader exceeds agreed credit limits. * Number of times funding deadlines are missed in a given time period. * Number and value of cash (nostro) or position (depot) reconciliation breaks over a given time period. * Value of interest claims incurred over a given time period.

Answer 83

* Staff turnover. * Percentage of temporary staff to permanent staff. * Amount of overtime. * Percentage of staff with an agreed training plan. * Period of time to review departmental plans. * Response and resolution times to audit queries. * Absenteeism.

Answer 84

**RAG Status**: many firms monitor KRIs on a red/amber/green basis (often referred to as the ‘RAG’ status), and ensure that staff understand the implications, escalation process and actions to be taken when risk indicators go into the amber or red zones.

Answer 85

**Key performance indicators (KPIs)** - send to measure activity within the organisation and are often used as a measure of success in meeting performance targets. **Key control indicators (KCIs)** – used to monitor the effectiveness of controls in meeting their objectives.

Answer 86

1. Time required to ensure comprehensive risk profile 2. Changing business/operating model 3. Product/Market/System/Regulation changes. 4. Lack of quaility historical data 5. Lack of robust policies 6. Poor Methods of collecting and compiling a risk profile 7. Conflicting opinions/perceptions of risk 8. Consistancy of risk catagorisation & general consistancy

Answer 87

**Five potential mitigation methods:** 1. Reduce the likelihood of the risk occurring 2. Reduce the impact of the risk, should it occur 3. Transfer the risk 4. Accept the risk, and 5. Avoid the risk – by ceasing the activity that gives rise to the risk.

Answer 88

Avoiding risk means either withdrawing from a business because of an unacceptable level of risk

Answer 89

1. Outsource 2. Get Insurance 3. Increase Security around Information and Physical Assets 4. Have financial reserves ## Footnote Transfering risk does not address the reputational impact and indirect costs of operational losses incurred by an insurer or third party as it will most likely still have to be borne by the firm.

Answer 90

Operational risk controls: * Directive Controls * Preventative Controls * Corrective controls * Detective Controls (internal & external)

Answer 91

1. Diversification strategies 2. Risk Sharing 3. Business Continuity and Contingency Planning 4. Operational Resiliance 5. Disastery Recovery Plan 6. Good communication and Reporting

Answer 92

1. Data collection and management constraints 2. Cultural constraints 3. Resource and cost constraints 4. Indicator constraints

Answer 93

- Root Causes: People, Processes, Systems, External Events.

Answer 94

Some of the important events are: * incorrect data * delayed processing and documentary omissions * regulatory non-compliance * project mismanagement * fraud and theft * unforeseen litigation * information technology failures.

Answer 95

Data can be incorrect for several reasons, for example: * It has been captured or calculated incorrectly. * It has been overwritten in error. * It has not been updated to reflect changes. ## Footnote Mis-keying because of human error (people cause). Not be detected due to the lack of an effective control procedure (process cause). Problem occurring might be increased due to the pressure of increasing volumes (event cause).

Answer 96

Delayed Processing and Documentary Ommissions.

Answer 97

Direct will be financial costs and Indicrect will be consequential loss. - Direct Loss (direct financial costs) includes: o Claims for damages/compensation from failure to meet contractual obligations. o Penalties/fines arising from regulatory censure, or revocation of licences. o Loss of income from transaction fees, direct fees and commissions o Loss of assets or cash through unenforceable contracts o Costs associated with compensating client loss from poor conduct risk outcomes o Corrections to profit and loss (P&L) due to mistakes in booking o Associated direct remedial or litigation costs of rectifying the operational weakness - Indirect Loss (consequential loss) includes: o Remedial Action costs o Reputational Damage (reputational risk), client dissatisfaction, loss of clients, perceived malpractice. o Staff Demotivation

Answer 98

A - eg, fraud, exceeding credit limits, and point-of-trade errors). ## Footnote Font Office is populated by the firm’s ‘revenue-earners’ (traders, fund managers, salespeople, and market risk managers).

Answer 99

- segregation of duties, - have clear escalation procedures, - ensure adequate research is carried out, - controlling new market and credit limit requests, - have effective capital requirement reporting, - continuous limit reviews, - effective control over front office systems, - ensuring control over after-hour trading, - controlling dealing tickets and ensuring their efficient processing, - continually updating positions, - and maintaining high ethical standards. | Note all would need continual monitoring

Answer 100

1. Forms part of AML 2. Allows the firm to provide suitable advice 3. Allows firms to understand the clients requirements and changes, and gives teh frim the ability to determine vunerable customers to provide addtional supprort ## Footnote In the UK, the Financial Conduct Authority (FCA) has issued requirements in its Handbook for firms to abide by.

Answer 101

- Marketing and Sales Promotions Regulations are adhered to - Know Your Customer (KYC) is performed - International Sanctions Check - Suitability Assessment of Client using reference data - Account Setup in system with Classification (Retail/Professional/ECP) - Credit Assesment - Setting up Standard Settlement Instructions (SSIs) - Legal Contract Negotiations - Client and Counterparty Agreements

Answer 102

1. Transaction Capture 2. Trade Confirmation 3. Asset and Cash Positioning 4. Centralised Clearing

Answer 103

1. Payment Instruction / Transaction Instruction 2. Settlement

Answer 104

1. Reconciliation 2. Inventory Management 3. Asset Servicing (COACs, Proxies) 4. Margin and Collateral Management 5. Record-Keeping

Answer 105

* Initial Margin - worst case scenario of a one-day price move on all registered open positions. * Variation Margin - based upon a mark-to-market calculation at the previous day’s closing prices, which reflects the profit or loss on all registered open positions.

Answer 106

They are funded by their members, their share capital and reserve, the exchange, or other parties that do not have a direct relationship with the economics of their market.

Answer 107

They protect themselves against defaults by position monitoring and taking collateral, calculated using recent sale prices of similar assets or having the asset appraised by a qualified expert | They'd also use credit deriviatives and other methods under there..

Answer 108

* Trends in volume of transactions with the %age handled manually. * Number of errors detected by reconciliations. * Time taken to detect and resolve errors. * Number of transactions not captured within a specific time from trade execution.

Answer 109

* Implementing straight-through processing (STP) (a preventative control). * Daily sign-off of front-to-back positions (an internal detective control). * Funding position reconciliations (an internal detective control).

Answer 110

* Length of time taken to formalise a legal agreement. * Number and type of confirmation errors found in the checking process. * Number of confirmations not yet agreed with the counterparty. * Time taken for counterparties to return confirmations

Answer 111

- Ensuring that a legal agreement covering confirmation protocol is in place prior to trading (a preventative control). - A confirmation checking function performed by a different person to the creator (an internal detective control). - Front office sign-off of the economic terms of the confirmation (an internal detective control). - Follow-up actions to counterparties that have not returned written confirmations (an internal detective control).

Answer 112

- the number of transactions missing the internal funding deadlines. - the number of late-settled transactions due to a lack of funds. - extra cost of borrowing to ensure settlement.

Answer 113

- The use of internal funding deadlines by which time confirmation and transaction instructions must be completed. These deadlines would allow enough time for the funding and settlement activities to be completed (a preventative control). - System limits to warn users that there are insufficient assets available to cover an upcoming settlement (a detective control).

Answer 114

Key Risk Indicators (KRIs) might include: - Measures the quality of the overall process is the number of times a firm settles late, but this could also be affected by market influences.

Answer 115

Key Risk Indicators (KRIs) might include: - The volume of unreconciled events (or ‘breaks’) - The amount of reconciliation breaks - amount of time spent by staff and other resources in rectifying the discrepancy. - amount of overtime being worked by the reconciliations team. - monetary cost of this overtime - other associated costs, for example, fines imposed by regulators (unreconciled positions may also involve the payment of interest or compensation claims)

Answer 116

* Missed announcements. * Complex structure of information and instruction flows between participants. * Late elections / missed deadlines. * Incomplete or incorrect information or instructions – possible rejections

Answer 117

**Asset and Cash Positioning** ensures that there is sufficient stock or cash available at the time of settlement to fulfil the settlement of a contract. As part of overall inventory management which is to have the most efficient use of a company’s resources to maximise profit, it leads to operational risk where poor management can lead to two potential consequences: settlement being delayed, exposing the firm to interest claims, potential fines and reputational damage. And higher borrowing costs – to ensure settlement, a firm may have to borrow cash or securities at a higher cost than would otherwise be necessary.

Answer 118

1. monitor the life of a transaction 2. fulfil the settlement, payment and other actions 3. provide the transaction, position and cash movement information | Settlement and Post-Settlement Phases in Trade Life-Cycle

Answer 119

* Pillar 1 – minimum capital requirements. * Pillar 2 – regulatory supervision. * Pillar 3 – market discipline.

Answer 120

The 1988 Accord called for a minimum capital requirements . It introduced Capital Adequacy (later replaced by Basel II) Objective: addressing the need for setting aside additional capital for both market risk and operational risk in response to market events including the Barings crisis | Basel Accords

Answer 121

CRD aims to: - have in place a comprehensive and risk-sensitive framework - encourage and enhance risk management among financial institutions - maximise the effectiveness of the capital rules in ensuring continuing financial stability, thus maintaining confidence in financial institutions and protecting consumers. ## Footnote The Basel II Accord CRD implementation was in addition to the Basel I Capital Adequacy Directive (CAD)

Answer 122

D - This approach requires a bank to hold a fixed percentage (denoted ‘alpha’) of its gross income as operational risk capital. This fixed percentage is set by the Basel Committee, and is currently at a level of 15%.

Answer 123

**B** ∑Required Capital= Gross income x beta factor Beta Factors are set by the regulators at: * Corporate Finance, Trading and Sales, Payment & Settlement = 18% * Retail Banking, Retail Brokerage, Asset Management = 12% * Commercial Banking, Agency Services= 15%

Answer 124

A - The minimum overall capital ratio remains at 8% of its risk-weighted assets (RWA) but the methods of measuring market, credit and operational risk exposure are now more elaborate. Capital ratio= (Capital requirement)/(Credit risk expore+Market risk exposure+Operational risk exposure)

Answer 125

The internal loss multiplier (ILM) is a measure of the firm’s average historical operational risk losses during the previous 10 years, it is calculated at 15 times the average annual operational risk losses and used as calculating the Capital Requirement of a company under the Advanced Measurement Apporach (AMA).

Answer 126

- The Advanced Measurement Approach (AMA) uses internal measurements and loss data to base the calculation on. - To apply AMA, you must qualify under the standard approach and have highly detailed quantitative models and qualitative figure to back up your required capital amount.

Answer 127

The business indicator component (BIC) is a measure of operational risk based on the institution’s last three years financial statements and consists of three elements: 1. The interest, leases and dividend component. 2. The services component. 3. The financial component

Answer 128

- **Capital requirements** – ‘additional capital buffers’ - **Leverage ratio** – a minimum ‘leverage ratio’ that requires banks to hold in excess of 3% of their average total consolidated assets to provide more protection. - **Liquidity coverage ratio** – this requires a bank to hold sufficient liquid assets that are of a higher quality and are in excess of its total net outflows over a 30-day period. - **Net stable funding ratio** – this requires a bank to hold an amount of stable funding that is in excess of the required amount of stable funding over a one-year period of extended stress. - **AMA replaced by standardised approach** – a single approach for all firms, focusing on a bank’s income and historical internal losses over a ten-year period. - **Higher quality reserve capital** to be held.

Answer 129

Basel III also aims to ensure: - that there is sufficient liquidity during times of economic stress, - improve risk management, - strengthen the transparency and, - reduce bank leverage by setting voluntary regulatory standards on the level of bank capital adequacy, stress testing and market liquidity risk.

Answer 130

* Exposing investors to higher levels of risk than they had been led to expect. * Invesco did not comply with investment limits and did not clearly inform investors or explain the associated risks of its use of derivatives in its simplified prospectus required for each fund * introducing leverage into its funds, although the firm was not allowed to use derivatives in this way. * firm had not always recorded trades on time, which meant funds could have been wrongly priced. * The firm also failed to monitor whether trades were fairly allocated between funds, creating an actual risk that some funds may have been disadvantaged.

Answer 131

* Some banks were falsely over- or understating their interest rates in order to profit on certain trades, or to give the false impression that they were more creditworthy than they actually were. * LIBOR was also the benchmark rate for many types of derivatives, such as swaps and structured products. Banks could, therefore, influence the setting of prices for products they had sold to clients.

Answer 132

Employees of Wells Fargo fraudulently opening millions of fee-bearing bank accounts and credit cards on behalf of clients without their consent in order to meet sales targets and to boost income for the bank using a process called pinning. ## Footnote processes known as ‘pinning’ whereby the client’s security pin number was reset to ‘0000’, allowing members of staff to access and control the account; employees would also replace the clients’ contact details with their own contact details to circumvent fraud notifications to the clients

Answer 133

Transactions werent being reported and they and had experienced difficulties in implementing appropriate systems and controls to prevent this. They syntehetically genereated these undocumented trades but unfortunately it was based on incorrect static data table that made over 68 million trades not being reported to the regulator, ## Footnote the lack of appropriate controls over the three-year period in review, coupled with the repeated nature of the offence, resulted in the regulator increasing the fine by 60%.

Answer 134

They were transaferring customers to Llyods Banking Group new digital platform where they experienced an outage on it. 1.9million people couldnt access online and mobile banking. Due to poor communication on TSB's end, many customers were fruadulently targeted during it.

Answer 135

* The bank had been fined previously by the PRA in 2015 for its failure in relation to oversight of outsourced functions. It did not have the processes in place to identify and assess the risks related to business continuity and disaster recovery arrangements. * An incident occurred at its third-party supplier, preventing any transactions from being authorised which affected over 3,000 customers who were unable to use their prepaid cards during an eight-hour period on Christmas eve in 2015.

Answer 136

* Fined for ‘pervasive off-channel communications’ which allowed employees of the organisations involved to avoid regulatory scrutiny by communicating via WhatsApp. * These record-keeping failings were identified across multiple levels from junior employees through to senior executives.

Answer 137

This method involves investing in a range of securities that have varying ‘maturity dates’. This ensures regular cash flows in terms of both income and capital maturing. This helps reduce liquidity risk

Answer 138

Performance level of a suitable index

Answer 139

Cash and Time

Answer 140

A. In normal distribution, they are all the same. A normal distribution is a distribution that is a bell shape curve and symmetrical. The mean, median and mode are all the same and coincide with the peak of the curve. the frequencies gradually decrease at both ends of the curve

Answer 141

A - can be calculated using historical or correlation simulation.

Answer 142

B - VaR is prospective, unlike historical volatility which is retrospective. Therefore, it quantifies market risk while its being taken. It doesn't measure liquidity risk so its not D.

Answer 143

B. The bank would be D

Answer 144

C. Standard deviation is a means of measuring variability, uncertainty or volatility. It measures the dispersion from the average of mean value. For example if an equity is high volatility, it will have a high standard deviation

Answer 145

C - Value at Risk (VaR) measures how much a portfolio may lose in value, given certain market conditions

Answer 146

B - Collateral is an asset held by the lender on behalf of an obligor, as as security for a loan or transaction. It is marked to market to assess its present value relative to the cost of the transaction. If the value of the collateral rises or falls outside of a pre-agreed band (known as the variation margin), a margin call will be made (ie, collateral is requested from, or returned to, the obligor) to ensure that the value of collateral remains aligned to the value of the transaction

Answer 147

C - doesn't predict it well, usually due to lack of data.

Answer 148

D. A, B & C are all People Causes.

Answer 149

B - For A,C,D only on implementation will we see risk being classified, monitored and assessed

Answer 150

D For A&B this would come under Contingency planning For C this would come under diversification strategies.

Answer 151

C - this is only one of the advantages.

Answer 152

A - KCI: Key Control Indicators are used to monitor the effectiveness of controls in meeting their objectives.

Answer 153

B - Compliance and risk management

Answer 154

A BCD would be within the risk management process

Answer 155

A. Risk management process is: 1) Identification and classification of risks 2) Risk and control measurement and assessment. 3) Response (the reduction of potential risk impact, and of the likelihood of any occurrences in the first place). 4) Monitoring of risks. 5) Reporting and escalation of risks. 6) Planning and change. 7) Policy and appetite.

Answer 156

B - all four risks cannot be considered in isolation as they are all mutually independent

Answer 157

C - consequential loss is sometimes referred to as indirect loss

Answer 158

B - not an employee hence external and it is a system weakness hence process.

Answer 159

B All others are internal detective controls.

Answer 160

B - SSI are not available.

Answer 161

B - controlling new market and credit limit requests and ensuring they are adhered to.

Answer 162

B The rest are considered key controls.

Answer 163

C - Ensuring the existence of legal agreements is a key control when confirming trades, whereas each of the other options is a key risk indicator.

Answer 164

1. unauthorised trading 2.anti-bribery control failures, and 3. concealing losses

Answer 165

* fraud * insider dealing and other forms of market abuse * money laundering

Answer 166

A - Under MiFID, it is a requirement for each firm to have an ‘independent internal audit function’ if it is appropriate and proportionate.

Answer 167

A - The main role of financial reporting in risk management is to ensure true profits are reported in the financial statements.

Answer 168

A - It is a compliance function to define the training and communication programmes and related accountability processes (such as a self-assessment process) that intend to motivate, measure and monitor the organisation’s ethical performance.

Answer 169

C The third Basel Accord (Basel III) was developed by the Basel Committee in response to the global financial crisis. Building on the previous Basel I and II Accords, Basel III introduced a set of reforms designed to mitigate risk within the international financial services sector by requiring banks, credit institutions and investment firms to maintain minimum leverage ratios and levels of reserve capital in order to limit the likelihood and impact of future financial crises. This capital must be of a higher quality against more conservatively calculated risk-weighted assets (RWAs). | Chapter 7, Section 3.1

Answer 170

The Basel II directive was structured on three pillars: Pillar 1 – minimum capital requirements. Pillar 2 – regulatory supervision. Pillar 3 – market discipline.

Answer 171

C - Setting voluntary regulatory standards on levels of stress testing is an aim of Basel lII, which relates to banks globally, not just those that are based in Europe and aims to set voluntary regulatory standards on the level of bank capital adequacy, stress testing and market liquidity risk. The other options are characteristics of the CRD.

Answer 172

A - Corporate finance carries a rating of 18% based on the gross income for this business line. Agency services and commercial banking attract a charge of 15%, and retail banking 12%. | Trading and Sales has also got a beta factor of 18%

Answer 173

D - measures volatility, variability or uncertainty

Answer 174

A Price level risk is the risk where there is a potential for adverse changes in the price of a financial instrument such as interest rate or FX Rates. Volatility risk is associated with the risk of price movements and basis risk is the reflection of uncertainty of the impact of market factor on price

Answer 175

B - stages are identifying business objective, determining risk tolerance, identifying events that could affect these, assess the inherent likelihood and impact off these risks.

Answer 176

A - Basic indicator approach is 15% of gross income.

Answer 177

B - the LCR is a generic stress test relating to highly liquid assets held by a financial institution to meet short term obligations, which aims to anticipate market wide shocks and ensure financial institutions have the necessary assets on hand to ride out short term liquidity disruptions. A higher ratio indicates a greater resistance to market shocks

Answer 178

B - Since control will only discover errors after they have been made and thier effects have been realised (i.e. after settlement), it is an external detective control

Answer 179

B - The HR function supports business strategy and initiatives, such as mergers and acquisitions. These may involve legal aspects such as TUPE Regulations 2006.

Answer 180

C - the effect of hygiene factors, such as poor pay, can negatively affect the motivation of employees. Improving motivation is a key factor in improving performance and creating a more positive risk culture

Answer 181

B - minimal data needed and is more subjective. All other options require data.