Week 3 Flashcards
1
Q
What is Scenario Assessment?
A
evaluate the impact of potential risk events
2
Q
How does SA work
A
creating detailed scenarios to understand the impacts of different risks
3
Q
what must be done to Non-Financial impacts before a severity assessment
A
Convert into financial terms for a complete assessment
4
Q
What is SA specifically tailored towards
A
preparing for high-severity, low-frequency events.
5
Q
what is a Severity Assessment
A
Evaluates total financial and non-financial impacts, direct or indirect
6
Q
how to benchmark severity of losses
A
Peer Comparisons using peer/external loss data
6
Q
why is sa improtant
A
Enhances preparedness
insights into impacts and responses.
strategic planning and decisions.
calculates regulatory capital requirements
7
Q
SA steps
A
prep
generation and selection
SA
validation and review
incorporation and mgmt
aggregation and reporting
8
Q
What is a Frequency Assessment
A
Evaluates the probability of each scenario in the coming year
8
Q
how is FA updated
A
updated annually with new data
8
Q
what external data can be used for FA
A
insurance tables
catastrophe bond prices
8
Q
how many scenarios are focused on for the detailed assessment
A
15
9
Q
challenge of FA
A
Attributing probabilities to rare events is difficult; discrepancies in low-probability risks.
9
Q
For internal risk scenarios what are frequency assessments aligned with
A
results from the RCSA exercise
9
Q
who should be included in a governance framework
A
senior managers, risk owners, and risk function representatives
9
Q
what happens during scenario selection
A
relevance and potential impact
Consolidate similar scenarios, exclude
negligible ones
10
Q
Steps to Preparation and Governance of SA
A
Structured Approach
Governance Framework
Documentation
10
Q
How are scenarios generated and selected
A
Brainstorming
11
Q
what is Structured Expert Analysis
A
Using structured questions/benchmarks to reduce estimation biases based on past
experience and similar events
11
Q
when do Anchoring, Confirmation, and Group Polarization Biases occur
A
when initial information, existing beliefs, or
group dynamics influence judgments
12
Q
what is Availability and Recency Bias
A
Recent events may seem more likely than older ones
13
Q
mitigation for availability and recency bias
A
using longer data spans for stable risks and shorter spans for fast-evolving risks
14
Q
Anchoring, Confirmation, and Group Polarization Bias mitigations
A
silent estimates - participants answer individually before discussing results.
15
Q
how does Group Size and Dynamics influence sa
A
smaller group of subject matter experts is better, large groups add noise and increase bias
15
how to mitigate the overall probability of bias
awareness and expert elicitation training
16
how is the final avg response estimate calculated ,
n = number of participants
(lowest + (n − 2) × average + highest) ÷ n
16
what is the Delphi Method
Pooling Expert Judgments
16
4 steps of delphi method
Step 1: Silent Collection
Step 2: Disclose Estimates
Step 3: Optional Reassessment
Step 4: Final Estimate Calculation
17
where were Fault Tree Analysis (FTA)
initially used
high-risk industries (e.g., aerospace, nuclear)
17
what does Fault Tree Analysis (FTA) do
breaks down scenarios into conditions that must occur for a disaster
18
how is risk lowered in In high-reliability organizations (HROs)
Layering Independent Controls
19
conditions required for insider data theft
(1) dishonest employee,
(2) access to confidential info,
(3) ability to remove data, and
(4) opportunity to sell it.
20
how does insider data theft chance increase
increases with the number of employees
20
who is Bayesian Models named after
Thomas Bayes
21
what type of impacts are considered in an impact assessment
financial, operational, reputational, strategic
21
what models are used in likelihood assessments
historical data, expert judgment, and statistical models.
22
what are bayesian models
update likelihood assessments based on
new info/ expert opinions, using conditional probabilities to refine estimations
23
when is Fault Tree Analysis (FTA) useful
scenario assessment, fostering discussions on causes, preventive measures, and conditions for extreme event
24
what is the importance of Expert Review
Ensure that the scenarios are realistic and comprehensive
24
How must EACH SCENARIO SUMMARIZED IN A SHEET
TITLE,
DESCRIPTION,
RATIONALE,
ASSESSMENT RANGE,
RELEVANT INCIDENTS.
25
what is the benefit of USING STANDARD
TEMPLATES
ENSURES CONSISTENCY, HELPS COMPARISON, ENSURES ALL ITEMS ARE COVERED
26
Which independant parties may verify scenarios and values for scenario assesment
CRO,
INTERNAL AUDITORS,
THIRDPARTY CONSULTANTS
27
which scenarios can be consolidated
SCENARIOS WITH SIMILAR CONSEQUENCES
28
how are consolidated scenarios treated
SEVERITY is ASSESSED UNIFORMLY AND
PROBABILITIES COMBINED
28
how many scenarios will a different sized firms have in their final scenario list
Large - 50
Mid - 15
Small - 6-10
28
what is done with the final scenario list
PRESENTED TO SENIOR EXECUTIVES AND THE BOARD FOR APPROVAL.
28
how can scenario analysis be incooprorated into management
Strategic planning
Risk mgmt
Training
29
How does Sa help strategic plannign
Develop contingency plans based on scenario outcomes
30
5 Benefits of Scenario Assessment
PREPAREDNESS
DECISIONs
COMPLIANCE
RISK MANAGEMENT
CONTINUOUS IMPROVEMENT
31
what is Expert-Based Scenario
Assessment
interviewing subject matter experts about potential worst-case impacts for specific scenarios over varying timeframes
31
advantages of Expert-Based Scenario
Assessment
quick and inexpensive
32
limitations of Expert-Based Scenario
Assessment
Results rely on expert selection, are prone to behavioral biases
32
why has Expert-Based Scenario
Assessment Declined in Usage
less favored by regulators due to its
lack of structure and reliability.
33
What proportion of employees in developed economies are considered dishonest
0.5%
34
where is the ability to remove large amounts of data an issue
firms without USB restrictions, up to 100% of employees could do so
35
what is often done with stolen confidential data
passed to prearranged buyers, or
sold on the dark web
35
why do real world scenarios require conditional probability
often involve partial dependence between control failures
36
how do bayesian models update likelihood
based on new information or expert opinion, following Bayes' theorem
36
what is Fault Tree Analysis (FTA) recommended for
discussing the causes and conditions of
extreme events
37
what does FTA's effectiveness depend on
identified faults and assigned probabilities
38
what is the benefit of Breaking down scenarios into likelihood and impact
improves result transparency and
robustness.
39
if Participant responses change significantly after disclosure during the delphi method
reassessment can be repeated to reach greater convergence
40
when is forcing convergence not advised
in operational risk scenarios
41
what does a Scenario Sheet state
the entire scenario analysis process in detail
42
how is each scenario documented
in a summary sheet
43
what are the fields of a summary sheet
title, description, rationale, assessment range, and relevant incidents
44
who reviews Scenario lists and values
independent internal or external parties
45
what does a validation team do
evaluates the method, process consistency, and relevance to the firm's risk environment.
46
who may validate scenarios in small firms
CRO
47
what is Scenario Consolidation
Similar scenarios being merged for
assessment
48
who may validate in larger firms
risk management or external panels.
49
5 Management Lessons learnt From Scenario Analysis
Focus on Response and Mitigation
Group by Consequence
Risk Appetite breaches
Preparedness
49
how is severity and probability calculated for consolidated scenarios
Severity is the same across causes; probability is summed for each event
50
what are the three pillars of basel II
* Minimum capital requirements
* Supervisory review
* Market discipline
51
What is Regulatory Capital?
minimum amount of capital a firm must hold required by regulators.
52
why have regulatory capital
ensures institutions can absorb reasonable losses - protects depositors and financial system
53
Importance of Regulatory Capital
Protects the financial system from insolvency
buffer against unexpected loss
confidence for depositors, investors and regulators
Supports the stability and integrity of the financial system
54
when was the Basel Committee formed
1974
54
two main funding sources that banks rely on
capital (own funds)
debt (retail deposits)
55
when did the glass-steagall act come into place
After the Great Depression
56
what is the glass-steagall act
restricted banks from both lending and
holding shares in the same company,
preventing conflicts of interest
57
who introduced the Basel Concordat
The Basel Committee
58
what did the Basel Concordat focus on
supervision of foreign banks and banking authorities cooperation
59
when did Basel I come out
1988
60
what ratio did basel I introduce
Cooke ratio (8% capital to risk-weighted assets)
61
what risk did the cooke ratio cover
credit risk,
later expanded to market and operational
62
When was Basel II introduced
2002
63
what did basel II introduce
the three pillars approach to banking regulation
64
What risks do minimum capital requirements help with
credit, market, and operational
65
When did Basel II become Law in the European community
2007 - applied to all finstitutions
66
who was basel II mandatory for in the US
internationally active banks,
later classified as Systemically Important
Financial Institutions (SIFIs)
67
what does Pillar 1 of basel state
Regulatory capital: minimum capital to cover credit, market and operational
risks
68
what is pillar 2 of basel
Supervisory review process/SREP: adjustments to pillar 1 requirements
based on the risk profile of an institution,
assessed by the regulator and firm itself
69
what is pillar 3 of basel
Market discipline: rules on mandatory information disclosures by finstitutions
70
what was The initial idea of pillar 3
publication of certain financial and risk information would encourage market discipline
71
what was Basel I focused on
credit risk
72
what did Basel II expand to include
operational and market risks.
73
Basel III was Introduced in response to the 2008, including what
stricter capital requirements and new regulatory metrics.
74
Key Basel ratios
Capital Adequacy Ratio (CAR)
Leverage Ratio
Liquidity Coverage Ratio (LCR)
75
what is Regulatory capital based on
average yearly gross income over the last 3 years.
76
two approaches to capital requirement calculation
Basic Indicator Approach (BIA)
Standardized Approach (TSA)
77
how does BIA work
Regulatory capital equals 15% (alpha factor) of gross income
78
who is allowed to use BIA
local banks
79
79
80
How does TSA work
Capital is a beta factor of 12%, 15%, or 18%, depending on risk level
81
issue with Beta values
calibrated in the late 1990s with a limited
sample of 29 institutions
82
when was Principles for Sound
Management of Operational
Risk introduced
2003, revised 2011 to address lessons from
the financial crisis
83
what are the 2 Capital Modeling Approaches
Standardized Approach
Internal Ratings-Based (IRB) Approach
84
what is the Standardized Approach to Capital Modeling
Uses predefined risk weights for different asset classes
85
what is the internal Ratings-Based (IRB) Approach to capital modelling
Allows banks to use their own risk models to estimate capital requirements
86
what does IRB require before its use
regulatory approval
87
three Advanced Modeling Techniques
Value at Risk (VaR)
Stress Testing
Scenario Analysis:
88
how does value at risk work
potential loss of a portfolio over defined
period for given confidence interval.
89
what must be considered when mixing internal and external data
* Scaling: Adjusting loss to fit the institution / accounting for inflation.
* Cut-off mix: Including external data when internal data is scarce
* Filtering: Deciding which peer losses to include, rules to avoid manipulation.
90
what is Stress Testing
simulating extreme, plausible scenarios to assess the impact on capital
91
what is Scenario Analysis
Evaluates different scenarios on
capital adequacy
92
4 model types for operational losses
stochastic,
scenario based,
hybrid,
factor-based
93
How many principles are there for sound op risk mgmt
11
94
Advanced Measurement Approach (AMA)
Criteria
Incident reporting history of 5years(now 10)
Mapping risks and losses to reg categories
Independent op risk management function
Implication of the sm in risk management
Written policies and procedures
Active day-to-day op risk management.
95
4 qualifying models for operational risk mgmt
Internal loss data (ILD)
External data (ED)
Scenario data (SD)
Business environment and internal control
factors (BEICF).
96
what does Internal loss data provide
Essential information on past losses and trends
97
what do repetitive internal losses indicate
control breaches and internal failures.
98
is Internal data alone is sufficient for risk assessment
no, external peer data is needed
99
where is external data sourced from
public data bases and industry associations
100
two examples of public databases
IBM Algo FIRST,
Factiva
101
Two examples of industry associations
ORX,
ORIC International
102
what trade off exists in external data
between information (public databases) and abundance (anonymous membership databases)
103
what type of model is stochastic
purely quantitative, based on past losses
103
what approach are stochastic models part of
Loss Distribution Approach (LDA)
104
up to what percentile do statistical methods extrapolate future data
up to the 99.9th percentile
105
how is model validation done
Checking assumptions, methodologies, and data
106
what is backtesting
Compares model predictions against actual outcomes to assess accuracy.
107
why is backtesting used
Helps refining models to improve their predictive power
108
what do Models represent
reality through repeated observations to derive stable patterns and law
109
what is the LDA technique
breaking down risk events into frequency (how often they occur) and severity (their cost)
110
which model is the Most widespread approach, often mixed with scenario-based data
Stochastic Models
111
are scenario based models quantitative or qualitative
Qualitative
112
when is scenario based modelling used
when internal loss data is insufficient for
stochastic modeling.
113
where is qualitative modelling used
Europe and the insurance industry, where loss data collection is less established
114
what is the Most common approach aligned with AMA regulatory expectations
Hybrid models
115
what are hybrid models
Combine past incident data with scenario-based losses
116
what confidence level are the results of hybrid models
loss distributions at 99.9% confidence.
117
what is factor modeling
Explain behavior of a variable based on influencing factors
118
where are factor models common
equity pricing
119
what were factor models overtaken by and why
stochastic models - Factor models faced calibration challenges
120
what are the Benefits of Effective Capital Modeling
imprves risk mgmt
Reg compliance
Decisions
Stability
121
4 Challenges in Capital Modeling
Data Quality
Model Risk
Regulatory Changes
Complexity
122
what is the importance of Model Validation
Ensures that the models are accurate and reliable
123
how is LdA modelled
discrete distributions, typically with a Poisson distribution
124
what model distribution is used 10% of the time instead of poisson
Negative Binomial distributions
125
why do LDA models use continuous, asymmetric distributions
to account for many small losses and few large incidents
126
what is the most common LDA distribution
* Lognormal distribution
127
what is the most common convolution method for frequency and severity of aggregated loss
Monte Carlo simulation (millions of random draws)
128
what distributions are used for heavy tailed data
Weibull and Generalized Pareto Distributions (GPD)
129
Alternative methods to the monte carlo simulation
Fast Fourier Transform and Panjer recursion - more maths, less cpu time
130
units of measuer for loss
External fraud - by LOB
Internal fraud - per bus. entity
physical asset damage - by LOB
Processing error - by LOB
131
what is the SREP (Supervisory Review and Evaluation Process) in pillar 2
regulators evaluate a firm’s risks and impact on the financial system in case of failure
132
what is used to identify further risks after SREP
stress testing
133
Name for Capital Sufficiency Evaluation in EU
ICAAP
134
Name for Capital Sufficiency Evaluation in insurance
ORSA
135
Name for Capital Sufficiency Evaluation in US
CCAR
136
what does a Solvency Assessment do
Identifies key threats and large-loss scenarios
137
what do solvency assessments use stress testing for
to evaluate responses to adverse conditions
138
what is Sensitivity Stress Testing
Tests the robustness of a model by changing key parameters
139
in SREP what can changes in
parameters affect
firm’s business plan, profitability, and solvency
140
what does Scenario Stress Testing focus on
unlikely but significant tail events
141
In the U.S. (CCAR), what is given more
attention to when compared to EU
legal and compliance scenarios
142
what does Reverse Stress Testing identify
events that could cause a firm to fail
143
aim of reverse stress testing
ensure such events are highly unlikely
and beyond the 99.9% confidence interval
144
If external shocks are unmanageable, what is arranged
wind-down planning for an orderly closure with minimal disruption.
145
what data is used for Macroeconomic Stress Testing
Regulators provide macroeconomic shock
scenario
146
what is Wind-down Planning
Identifies situations where the firm is no longer viable
147
what does An orderly closure require an assessment of
liquidity, solvency, personnel, and
infrastructure
148
What is Operational Risk Governance?
policies, processes, and structures used to manage operational risks
149
Why is Operational Risk Governance Important
* structured managing of risks.
* compliance with regulation
* organizational resilience and stability.
* risk-aware culture
* informed decision-making
150
what are the Key Components of Operational Risk Governance
Risk culture
risk appetite
Policies and procedures
Identification and assessment
monitoring and reporting
151
What is the 1st LoD in the 3 LoD model
Operational management: manages risks in their areas
152
what is the 2nd LoD
Risk mgmt and compliance: oversight
and supports 1st LoD
153
what is the 3rd LoD
Internal audit: independent assurance on
effectiveness of risk mgmt
154
who acts as the main correspondent for risk issues
The Risk Champions
155
what do risk champions do
collect/record/map risk events and losses
follow up on controls
redesign procedures
follow up audit and mgmt
156
who is The second line of defense
the risk function
157
what do the risk function do
develops risk methodologies rather than
managing directly
158
3 key roles of the risk function
* Define risk appetite
* Monitor risk exposure within risk appetite and own risk management framework.
* advise on strategic decisions
159
Risk professionals need expertise in what areas
risk identification,
assessment,
mitigation,
regulatory
deep understanding of the business.
160
Defining a relevant and actionable risk appetite requires what 3 steps
* Identifying key risks.
* Evaluating exposure and controls
* Providing a view of risk profile
161
how does the risk function support decision-making
assessing risks in
new ventures,
products,
investments,
strategic actions.
162
To challenge effectively, what must the risk function have
authority to halt decisions that exceed risk appetite or conflict with regulatory standards
163
what does the third LoD, internal audit do
assesses risks and compliance across departments, including the risk function, independently of them.
164
Complete independence of third LoD
raises what concerns
duplication with internal audit and is ineffective
165
what is The primary role of the operational risk management (ORM)
educate about operational risk
166
what do the first and second lines own
first line owns risks,
second owns methodology.
167
what is a “partnership model”
collaborative risk management, fostering joint decision-making and respect between business and risk
168
who Sits above the three lines of defense and is responsible for the overall
governance of the firm.
Risk Committees and Organization
169
Three commitees
Executive Committee - management
Risk Committee - risk oversight
Audit Committee - audit
170
what are committees composed of
executive and NEDs, dependent and
independent directors
171
what is role of directors in governance
*Sets tone at the top ,approves risk mgmt framework.
*Ensures alignment with strategic
objectives.
172
what is role of senior management in governance
* Implements the risk framework.
* manages operational risks.
*Ensures risk management practices
are integrated into business processes
173
who does The board delegate operational risk oversight to
the risk committee
174
who does The risk function report to
board and risk committee
175
what is RMC
Risk Management Committee
176
what does RMC do
* Oversees risk management framework.
* Reviews and approves risk policies
* Monitors risk exposures and mitigation.
177
what do Risk Policies do
* Define the organization’s approach to risk management.
* Outline roles, responsibilities, and risk appetite
178
what do risk procedures do
Provide detailed steps for identifying, assessing, mitigating, and monitoring
risks.
179
what do risk procedures ensure
consistency and effectiveness in risk management practices
180
what are KRIs used for
signal increasing risk exposures
181
what are KPIs used to measure
the effectiveness of risk controls.
182
what are the Benefits of Strong Operational Risk Governance
Better risk mgmt
Regulatory compliance
Organizational resilience
Better decisions
Risk aware culture
