Unit 2

Question 1

Corporate governance, creates a structure in order to:

Answer 1

1. Set Corporate objectives and run daily operations
2. Consider interests of all its stakeholder groups
3. Manage the bank in a safe and sound manner
4. Comply with relevant laws and regulations
5. Protect the interests of its depositors

Question 2

Board of Directors should:

Answer 2

• set strategic direction including risk tolerance
• advise on recruitment, oversee and review performance of senior management, set senior management compensation
• monitor performance of the bank
• be qualified
• meet regularly with senior management and internal auditors to establish and approve policies
• review reporting lines, authority and responsibilities of the banks senior management

Question 3

Outside directors statement

Answer 3

Should be independent of internal and external influences and provide sound advice without participating in the daily management of the bank

Question 4

EIOPA -Guidelines 1

Answer 4

The administrative, management or supervisory (AMSB) body should have appropriate interaction with any committee it establishes as well as senior management. Proactively requesting relevant information and challenging that information.

Question 5

EIOPA Guideline 2

Answer 5

Org and operational structure.

Should have org and operational structures aimed at supporting the strategic objectives and operations. The ASMB should assess how changes to structure impact financial position. AMSB should have appropriate knowledge of the org, it’s entities and links and the risks arising from the groups structure.

Question 6

EIOPA guideline 3

Answer 6

Any significant decisions should involve at least 2 people who effectively run the undertaking

Question 7

BIS principal 1

Answer 7

The Board has overall responsibility for the bank, including approving and overseeing the management implementation of the bank’s strategic objectives, governance framework and corporate culture.

Question 8

RASP - Risk architecture

Answer 8

Risk governance, risk reporting and kRIs

Risk governance- structures in place at group, division and business unit level in terms of both individual and collective roles and responsibilities for the identification and management of risk. Collective responsibilities are executed through a hierarchy of business, risk and other committees. Structures commonly adopt 3LOD

Risk reporting- process by which the business communicates on the risks it is facing especially in relation to risk appetite.

KRIs - Use KRIs or KCI that tell them whether their view of the world remains appropriate or up to date. Solvency 2 and Basel 3 talk of the need for KRIs. Building a robust indicator framework is complex- needs to be comprehensive while avoid information overload.

Question 9

A RM Framework is simply a system by which:

Answer 9

• Risk management activity is linked to the orgs strategic objectives
• risks are identified, described and quantified
• risks are reported
• risks are controlled
• risks are monitored

Question 10

RASP - architecture

Answer 10

Committee structure and TOR
Roles and Responsibilities
Internal reporting requirements
External reporting controls
RM assurance arrangements

Question 11

RASP - Strategy

Answer 11

RM philosophy
Arrangements for embedding RM
Risk appetite and attitude to risk
Benchmark tests for significance
Specific risk statements/policies
Risk Assessment techniques
Risk priorities for current year

Question 12

RASP - Protocols

Answer 12

Tools and techniques
Risk classification system
Risk assessment procedures
Responding to incidents, issues and events
Documentation and record keeping
Training and communications
Audit procedures and protocols
Reporting/ disclosures/ certification

Question 13

3LOD - differentiate between

Answer 13

Those responsible for managing the risks within the business in accordance with appetite and those providing independent oversight

Question 14

Who makes up the 3 lines?

Answer 14

First- risk and control owners. Mgt

Second- Risk Oversight. RM committee. RM function

Third- Risk assurance-internal audit

Question 15

Risk architecture for large corporate

Answer 15

The Board- overall responsibility for RM

Exec Committee- Ensure RM embedded; review group risk profile

Group RM Committee- form strategy and policy; compile group risk register; receive reports from divisions; track RM activity in the divisions.

Audit committee- receive routine reports from RM committee; set audit program; monitor progress with audit recommendations

Disclosure committee- review and evaluate disclosure controls and procedures; consider materiality

Div mgt- prepare and keep up to date risk register; set risk priorities; monitor projects; prepare reports for RM Comittee

Question 16

Risk documentation

Answer 16

Risk governance; risk response; event reports; risk performance

Question 17

Protocols documentation should include

Answer 17

Risk assessment procedures;
Risk control objectives;
Risk resourcing arrangements;
Reaction planning requirements;
Risk assurance systems

Question 18

4Ns and FOIL

Answer 18

Naive, novice, normalised and Natural

Fragmented, organised, influential, leading

Question 19

Naive

Answer 19

Organisation are unaware of the need for ERM and/or do not understand benefits

Question 20

Novice

Answer 20

Orgs are aware of the benefits of ERM but have only just started to implement an ERM initiative

Question 21

Normalised

Answer 21

Orgs have embedded ERM into business processes but mgt effort still required to maintain adequate ERM activities

Question 22

Natural

Answer 22

Orgs have a risk aware culture with a proactive approach to ERM and risk is reliably considered at all stages to gain competitive advantage

Question 23

Fragmented

Answer 23

RM activities are fragmented and focused on legal compliance activities such as Health and Safety

Question 24

Organised

Answer 24

Actions are planned to co-ordinate RM activities across all types of risk, although plans not fully implemented

Question 25

Influential

Answer 25

Embedded ERM processes are influencing processes and management behaviour, but may not happen consistently or reliably

Question 26

Leading

Answer 26

Consideration of risk is a substantial factor in making business decisions and decisions about strategy are ERM based

Question 27

RIMS -risk maturity model

Answer 27

Ad hoc; initial; repeatable; managed; leadership

Question 28

McKinseys risk maturity model

Answer 28

Initial transparency - compliance with basic standards/regs; reduction of regular surprises

systematic risk reduction - avoiding unexpected large loss events; stability to enable growth plan; professionalised mgt

risk return management - ROE improvement requirements; competitive pressure; navigating trade offs

Risk as competitive advantage - top mgt focus on risk adjusted performance; finding niche in mature marketplace

Question 29

RIMS - function:

Answer 29

helps bind together the work that the risk function and the operating divisions carry out, particularly where there are multiple divisions or departments contributing information to the central risk management team

Question 30

Key benefits to using a RIMS

Answer 30

the uniformity of data gathering,

storage and analysis that the system makes possible and;

reduced potential for errors and omissions when using a range of spreadsheets.

Question 31

4Ns framework

Answer 31

Vertical axis
Competent or desirable

Incompetent/ undesirable ( behaviour)

Horizontal axis
Embedded/automatic

Intentional/ deliberate (effort)

Naive > Novice ^ Normalised < Natural

Question 32

BIS principle 6

Answer 32

Banks should have an effective independent RM function, under the direction of a CRO, with sufficient stature, independence, resources and access to the board

Question 33

BIS principle 8

Answer 33

An Effective risk governance framework requires robust communication within the bank about risk, both across the org and through reporting to the board and senior management