Professional Documents
Culture Documents
com
By AnalystPrep
1
©2023 AnalystPrep “This document is protected by International copyright laws. Reproduction and/or distribution of this document is
Table of Contents
2
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
3
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5044 A risk manager at the Bank of India is presenting a holistic overview of operational risk and
resilience to a group of employees. Which of the following statements made by the manger about
operational risks management (ORM) framework is least likely correct?
A. Operational risk is the risk of loss resulting from inadequate or failed internal processes,
people, systems, or external events
D. Market and credit risks with their bases in operational risk events are called boundary
events.
T he correct answer is D.
Market and credit losses and not market and credit risks with their bases in operational risk events
A i s i ncorrect. Operational risk is the risk of loss resulting from inadequate or failed internal
processes, people, systems, or external events. It includes events such as fraud, employee errors,
B i s i ncorrect. ORM is a relatively new discipline in the financial sector. Financial management has
long been based on credit, market, and actuarial risk. Moreover, since the 15th century, banks have
been lending money and managing credit risk. For a long time, banks did not require external
regulations to manage risk since banks were mainly exposed to fraud which could easily be detected
and managed. However, the evolution of the financial industry led to increased risk exposure.
C i s i ncorrect. Following the Baring's bank incident, the Basel Committee on Banking Supervision
(BCBS) developed requirements for banks to manage risks that arise from their general operations
(operational risk) beyond the risks due to credit exposure and market transactions.
4
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5045 Mr. Jonathan Howard, FRM, is presenting on the ORM framework. Jonathan highlights
several points regarding the ORM framework. Which of the following statements made by Jonathan
is least likely correct?
B. A good ORM framework should include governance and conduct risk as the umbrella of all
other risk management actions
C. Regulated financial service companies are required to define their risk appetite and
tolerance as a means of achieving their objectives
D. Risk monitoring focuses on the definition, discovery, selection, and categorization, of the
risks faced by a business or in a given activity
T he correct answer is D.
Risk identification focuses on the definition, discovery, selection, and categorization, as exhaustively
as possible, of the risks faced by a business or in a given activity while risk monitoring indicates
A i s i ncorrect. It is crucial for companies to develop a holistic picture of their risk management
B i s i ncorrect. A good ORM framework should include governance and conduct risk as the
umbrella of all other risk management actions. T hese management actions include risk identification,
risk appetite definition, risk assessment, risk mitigation, and risk monitoring.
C i s i ncorrect. Regulated financial service companies are required to define their risk appetite and
tolerance as a means of achieving their objectives. Risk appetite drives risk exposure and mitigation
5
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5046 A risk analyst analyzes the types of risks that fall within the ORM framework. Which of the
following statements made by the analyst is l east l i k el y correct?
A. According to BCBS, the definition of operational risk includes legal risk and strategic risk
but excludes reputational risk
B. Recently, BCBS clarified that reputation and strategic risks should be considered by banks
where appropriate.
C. Compliance risks occur when an institution incurs fines due to knowingly or unknowingly
ignoring the industry's set of rules and regulations.
D. We can argue that strategic risk forms part of the operational risk of an organization.
T he correct answer is A.
According to BCBS, the definition of operational risk includes legal risk but excludes strategic and
reputational risk.
B i s i ncorrect: T he inclusion of legal risk and the exclusion of strategic and reputation risk have
been discussed and postulated among professionals. BCBS, however, recently changed its stand by
pointing out, in its latest Revisions to the Principles for the Sound Management of Operational Risk
(2021), "Where appropriate, strategic and reputational risks should be considered by banks'
C i s i ncorrect: Compliance risks occur when an institution incurs fines for knowingly or
unknowingly ignoring the industry's set of rules and regulations, internal policies, or best practices.
Some examples of compliance risks include money laundering, financing terrorism activities, and
D i s i ncorrect: It can be argued that people are not only the main cause but also the mitigant of
operational risk and that strategic performance depends largely on the competence of senior
management. We can therefore argue that strategic risk forms part of the operational risk of an
organization.
6
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5047 Bank ABC has identified weaknesses in its operational risk management framework and has
invited a risk consultant to enlighten them more about operational risk. Which of the following types
of risk did the consultant define correctl y within the scope of the ORM framework?
A. Legal risk refers to the possibility that a contract will be enforced or breached, the
relevance of the contract, the laws and legislation, and the risk of loss in the event of a
breach or error
B. Compliance risks occur when an institution incurs fines due to knowingly or unknowingly
ignoring the industry's set of rules and regulations
C. Strategic risk is the risk that the strategy is not executed in the way it is intended or the
risk that the strategy fails as a result of making the wrong strategic choices
D. Reputational risk is the potential for a company or organization to suffer harm to its
reputation, public image, or brand due to the negative impacts of an operational event.
T he correct answer is D.
Reputational risk is the potential for a company or organization to suffer harm to its reputation,
A i s i ncorrect. Legal risk refers to the possibility that a contract will be enforced or breached, the
relevance of the contract, the laws and legislation, and the risk of loss in the event of a breach or
error.
B i s i ncorrect. Compliance risks occur when an institution incurs fines due to knowingly or
unknowingly ignoring the industry's set of rules and regulations, internal policies, or best practices.
C i s i ncorrect: Strategic risk can be nuanced between the risk that the strategy is not executed in
the way it is intended and the risk that the strategy fails as a result of making wrong strategic
choices.
7
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5048 BCBS categorizes operational risk into seven broad categories, commonly known as "Basel
types level 1." T hese types are further divided into regulatory types (level 2) and examples (level 3).
An FRM Part II candidate highlights several points regarding the Basel event risk type categories.
Which of the following statements is correct?
A. Internal fraud and external fraud are under the same event risk category
B. Acts that go against laws put in place to safeguard the health, safety, and general well-being
of employees and customers fall under clients, products, and business practices
C. Issues such as data entry errors and unfinished legal documents fall under execution,
delivery, and process management
D. Losses due to theft and hacking are examples of event risks under the damage to physical
assets category
T he correct answer is C.
Issues such as data entry errors and unfinished legal documents relate to the failure to execute
transactions and manage processes correctly. T his falls under the category of execution, delivery,
A i s i ncorrect. Internal fraud and external fraud are actually two different event risk categories.
B i s i ncorrect. Acts that go against laws put in place to safeguard the health, safety, and general
well-being of both employees and customers fall under employment practices and work safety.
D i s i ncorrect. Losses due to theft and hacking are examples of event risks under external fraud.
8
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5049 Which of the following is most l i k el y an example of execution, delivery, and process
management (EDPM) type of operational risk of the “Basel types level 1”?
A. Destruction of equipment
C. Vendor disputes
T he correct answer is C.
Examples of execution, delivery, and process management (EDPM) event types include processing
errors, missing documentation, and vendor disputes.
9
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
A. Operational risk can only arise from risk managers within a firm
C. T he range of operational risk can only arise within one business line
T he correct answer is D.
Operational risk is dynamic and evolving in nature. For example, the evolution of operational risk in
the financial sector follows the development of the financial sector itself. T he need for operational
risk was inspired by the massive losses reported by institutions resulting from fraudulent trading and
excessive exposure in the new derivative markets in the late 1990s. A good example is the failure of
Barings Bank in 1996. With time, operational risk has been evolving to reflect the changing industry
and environment.
A i s i ncorrect. Operational risk is idiosyncratic and diffuse in nature, meaning that it arises from
each person and process within the firm; therefore, everyone has to take part in managing
operational risk.
distribution of operational risk is highly skewed, with a higher concentration of the density being in
the lowest part of the distribution. On the other hand, a heavy tail stretches to a small number of
C i s i ncorrect. T he range of operational risk is complex and can arise in every business line. Most
operational risks arise from weaknesses in controls, biases, failing human behavior, and changes in
operating environments.
10
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5051 An investment firm has contracted a risk professional and wishes to discuss the
characteristics of operational loss events and challenges that may arise in managing operational risk.
Which of the following characteristics correctl y matches its description?
C. Interconnected – Operational risk arises from each person and process within the firm;
therefore, everyone has to take part in managing operational risk
T he correct answer is A.
Different causes, consequences, and distributions of losses are associated with operational risk.
Operational risk events can vary greatly even within the same risk category. Operational risk is
highly heterogenous because it encompasses diverse risks such as fraud in retail transactions.
B i s i ncorrect. Operational risk is idiosyncratic and diffuse in nature since it arises from each
person and process within the firm; therefore, everyone has to take part in managing operational
risk. Back office clerks should carefully handle transactions before validating them to avoid fraud and
errors. On the other hand, IT managers should test any IT applications to avoid bugs and disruptions.
Credit managers should carefully record credit collateral to avoid further losses in case of defaults.
C i s i ncorrect. Operational risks are interconnected in a way that the range of operational risks is
complex and can arise in every business line. Most operational risks arise from weaknesses in
controls, biases, failing human behavior, and changes in operating environments. T hese factors
D i s i ncorrect. Operational losses are heavy-tailed in that losses due to operational risk materialize
in a highly asymmetric way. T he distribution of operational risk is highly skewed, with a higher
concentration of the density being in the lowest part of the distribution. On the other hand, a heavy
11
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5052 Bank ABC wishes to strengthen its operational resilience. T he bank invites a consultant to
give more insights into this area. In his definition of resilience, the consultant clarifies that according
to BCBS, resilience cannot be defined in a single sentence but rather comprises four components.
Which of the following components is correctl y defined?
A. Continuity of business services: To contribute to the stability of the system, firms should
respond to disruptions, maintain trust among key stakeholders, and provide clarity of
communication during a crisis
D. Lessons learned: Firms should learn from past events and cover predictable shocks only
T he correct answer is B.
Important business services: To ensure continuity, the regulator moved from a process-based view
A i s i ncorrect. Continuity of business services: It is the closest element to the classic business
continuity planning and prevention approach. It protects vital business services from disruption.
C i s i ncorrect. Management of disruption: To contribute to the stability of the system, firms should
respond to disruptions, maintain trust among key stakeholders, and provide clarity of communication
during a crisis.
D i s i ncorrect. Lessons learned: Firms should learn from past events and improve their resilience
12
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5053 T he Federal Reserve's Sound Practices for Strengthening Operational Resilience, published
in 2020 along similar business lines and tolerance levels, illustrates that operational resilience is an
important element in an Operational Risk Management Framework. Which of the following is not a
regulatory expectation for operational resilience in line with the BCBS?
B. Firms are required to monitor and report the coordination and maintenance of Business
Continuity Management (BCM) and IT systems resilience
T he correct answer is D.
T he Federal Reserve's Sound Practices for Strengthening Operational Resilience does not encourage
firm to reduce their use of third parties. It encourages firms to properly manage third parties as they
are among typical areas that can expose firms to huge risks.
ORM relies on a solid foundation of governance and assigning roles and responsibilities to each party,
B i s i ncorrect. Business Continuity Management (BCM) and IT systems resilience are the two
essential pillars supporting operational resilience. Firms are required to monitor and report the
cannot be achieved without a proper ORM and two of its specializations: third-party risk
management, which ensures supply chain resilience, and scenario analysis, which ensures that tail
13
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5054 Mr. Rihan, a risk specialist at Bank ABC is presenting to the board of directors on the Basel
regulatory expectations for the governance of an operational risk management Framework. What is
the purpose of supervisory risk management in the ORM framework of banks in this context?
C. To develop robust governance policies and processes and manage material risks per the
firm's risk appetite.
T he correct answer is C.
Supervisory risk management in the ORM framework of banks involves assessing the risk profile in
a forward-looking manner, developing robust governance policies and processes to facilitate the
establishment of a robust risk management framework, identifying and managing all material risks per
the firm's risk appetite, and ensuring an effective control environment. T his comprehensive
approach is aimed at creating a sound and effective risk management system, not just creating a
A i s i ncorrect. Creating a paper trail of compliance activities is not the sole purpose of
B i s i ncorrect. Identifying material risks per the firm's risk appetite is just one part of the
D i s i ncorrect. Overseeing the activities of banks is not the main objective of supervisory risk
14
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5055 In an FRM presentation on the Basel regulatory expectations for the governance of an
operational risk management framework, an FRM candidate wishes to know how one can examine
whether the ORM framework is being implemented at a firm. Which of the following questions
should least likely be used to examine the above case?
A. Is there evidence that all material events are captured in event reports? Do reports
provide lessons and root-cause analysis? Does this include near misses?
B. Does the value of each risk indicator come from an independent source?
T he correct answer is D.
To examine whether an ORM framework is being implemented in a firm, the following questions
should be asked:
I. Is there evidence that all material events are captured in event reports? Do reports provide
lessons and root-cause analysis? Does this include near misses?
II. Is the basis for risk and control assessments robust and consistent? Are the right people
involved? Are the assessments challenged and peer-reviewed to ensure consistency across
the organization?
III. Does the value of each risk indicator come from an independent source? Do line managers
(the risk owners) approve of the indicators as being the best? How often are they
refreshed?
IV. Scenarios: Are they sufficient enough? Do they remain realistic while being sufficiently
extreme? Is the assessment objective, documented, and repeatable?
V. Coverage: Do the reports sufficiently cover the ORM scope?
VI. Risk reporting: Are the presented data sufficient for decision-making? Does the information
pertain to the level of management it is intended for?
15
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5056 A company's operational risk is managed through several committees that make collegial
decisions based on information provided by different levels of the firm's decision-making hierarchy
and information escalated by those committees. Which of the following is the correct function
operational risk committee?
T he correct answer is A.
Operational Risk Committee is responsible for overseeing, managing, and reporting a comprehensive
picture to the executive risk committee, management committee, and board risk committee.
B i s i ncorrect. Overseeing the activities of a specific business line or function is the responsibility
C i s i ncorrect. Overseeing all operational risks is the responsibility of the Risk Committee of the
board.
D i s i ncorrect. Reviewing and monitoring the investigation of large incidents is also a responsibility
16
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5057 T he 3rd principle of operational risk management outlines the roles of the board of directors
in operational risk governance. Which of the following roles of the board is in line with principle 3?
A. Identify the types and levels of operational risks the bank is willing to assume, as well as
approve risk appetite and risk tolerance statements
B. Regularly review the bank's risk appetite and tolerance statements' appropriateness
D. Ensure that they consider all risks when approving the bank's risk appetite and tolerance
statements which provide details on risk limits and thresholds.
T he correct answer is C.
Establish a culture and processes that help everyone – including board members, managers,
risks.
Provide senior management with guidance regarding operational risk management and
Ensure that the bank has identified and is managing operational risks arising from external
market changes and other environmental factors by reviewing and evaluating, and
personnel.
Ensure that management follows the evolution of best practices and avails themselves of
these changes.
A, B and D are i ncorrect. T he options fall under principle 4 for risk appetite and tolerance.
17
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5058 T he bank of India wishes to get a deeper understanding of the three lines of defense. To
achieve this, the bank has invited an operational risk specialist to shed more light on this topic.
Which of the following roles did the specialist highlight under the first line of defense?
A. Keeping track of the operational risk profiles of the business units and reporting them
D. Reviewing and taking part in the monitoring and reporting of the operational risk profile
T he correct answer is A.
T he front-line risk management involves all commercial and front-office operational functions or
simply business functions. An effective first line of defense consists of the following responsibilities:
Keeping track of the operational risk profiles of the business units and reporting them.
measurement policies, standards, and guidelines, as well as the design and delivery of operational risk,
C i s i ncorrect. T he third line of defense is the one responsible for reviewing both the first and the
D i s i ncorrect. T he second line of defense is the one responsible for reviewing, monitoring, and
18
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5059 T he second line of defense also referred to as the independent corporate operational risk
function, is involved in policy setting and provides assurance over first-line activities. T he CORF
generally complements the operational risk management activities of individual business lines. T he
following are the responsibilities of the second line of defense except?
C. Reviewing and taking part in the monitoring and reporting of the operational risk profile
T he correct answer is B.
Evaluating and identifying operational risks inherent in the business is the role of the first line of
defense.
policies, standards, and guidelines, as well as the design and delivery of operational risk
Establishing an independent view of the business units' risk management activity, including
the identification of material operational risks, the design and effectiveness of key
operational risk management tools, measurement activities, and reporting systems and
Reviewing and taking part in the monitoring and reporting of the operational risk profile.
19
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5060 T he third line of defense consists of the bank's audit function, which performs independent
oversight of the first two lines. Everyone involved in the auditing process must not be a participant
in the process under review. According to the Institute of Internal Auditors (IIA, 2017), in which of
the following ways should the internal audit least likely interact with risk management, compliance,
board of directors and finance?
B. A company's internal audit should never rely exclusively on risk management, compliance,
or finance to evaluate the effectiveness of internal controls
D. T he internal audit should assess the effectiveness and adequacy of risk management,
compliance, board of directors and finance functions.
T he correct answer is D.
According to the Institute of Internal Auditors (IIA, 2017), the internal audit should interact with the
and finance functions. T his should not be the responsibility of, or a part of, an internal
audit.
An internal audit should assess the effectiveness and adequacy of risk management,
compliance, and finance functions. A company's internal audit should never rely
internal controls. T he internal audit itself should always assess a sample of the activities
under review. Internal audit does not assess the board of directors.
As part of its risk assessment, internal audit should make informed decisions regarding the
20
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5061 According to the 4th principle of operational risk management, the board must identify the
types and levels of operational risks the bank is willing to assume, as well as approve risk appetite
and risk tolerance statements. Which of the following is least likely a correct feature of these
statements?
T he correct answer is D.
According to principle 4, the risk appetite and risk tolerance statements should be:
provide the assumptions and information used by the bank to prepare its business plan;
ensure risk limits align with the bank-wide risk appetite statement; and
21
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5062 Mr. Ibrahim Rashid is a lecturer at Oxford University. In one of his lectures on risk appetite
and tolerance, Rashid states several points regarding risk appetite and risk tolerance. Which of the
following statements made by Rashid is least likely correct?
A. As a good practice of risk appetite, a risk owner should be assigned to each risk type;
control owners to design, implement, and evaluate controls
B. Risk appetite should be consistent with the firm's objectives and the firm's risk
management strategy
C. To demonstrate their risk appetite and tolerance for disruptions, firms must set maximum
impact tolerances for critical business services
D. Risk Appetite and tolerance statement for operational risk to be approved and periodically
reviewed by senior management
T he correct answer is D.
Risk Appetite and tolerance statement for operational risk to be approved and periodically reviewed
A i s i ncorrect. As a good practice of risk appetite, a risk owner should be assigned to each risk
type; Control owners to design, implement, and evaluate controls. Metrics owners are responsible
for collecting, reporting, and monitoring metrics that measure the organization's risk appetite.
Owners of risk are managers who manage, maintain, and monitor risk within defined appetite and
tolerance limits.
B i s i ncorrect. Risk appetite should be consistent with the firm's objectives and the firm's risk
management strategy. Such a well-articulated risk appetite that is strategically aligned with the firm's
C i s i ncorrect. To demonstrate their risk appetite and tolerance for disruptions, firms must set
22
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5063 According to the 1st principle of operational risk management, the bank should maintain a
strong risk management culture spearheaded by the bank's board of directors and senior managers.
T he bank should strive to propagate a culture of operational risk resilience where everyone
understands the need to manage risk. With respect to principle 1, the board of directors and/or
senior management should least likely perform which of the following?
A. Provide a sound foundation for a strong risk management culture within the bank
B. Establish a code of conduct (or ethics policy) for all employees that outline expectations
for ethical behavior
T he correct answer is D.
T he board should receive assurance of ongoing operational resilience through timely reporting from
senior management, particularly when significant deficiencies could affect the delivery of the firm’s
critical operations. Its the board that recieves assurances and reports from senior management.
A i s i ncorrect. T he board should provide a sound foundation for a strong risk management culture
within the bank. With a strong risk management culture and ethical business practices, the bank is
less likely to experience potentially damaging operational risk events. If the bank ends up
experiencing such an event, it would be better placed to deal effectively with the outcome.
B i s i ncorrect. Establish a code of conduct (or ethics policy) for all employees that outline
expectations for ethical behavior. T he code of conduct should identify acceptable business practices
C i s i ncorrect. Provide risk training throughout all levels of the bank. T raining should consider the
23
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5064 In an FRM Exam discussion forum on risk culture, which of the following statements stated
by one candidate is least likely correct?
A. Banks with a strong risk culture are less likely to be affected by damaging operational risk
events
C. Firms should organize training and compensation structures to reinforce the codes of
contact to promote a strong risk culture
D. To promote a strong risk culture, a firm must have well-documented policies and codes
that apply to the senior management of the firm
T he correct answer is D.
To promote a strong risk culture, a firm must have well-documented policies and codes that apply to
everyone in the firm. Creating awareness and alerting people of the firm's policies and rules
A i s i ncorrect. Banks with a strong risk culture are less likely to be affected by damaging
operational risk events and are better positioned to deal with such events when they occur.
already a strong risk culture. Success on the risk appetite journey is extremely difficult without a
C i s i ncorrect. Firms should organize training and compensation structures to reinforce the codes
of contact to promote a strong risk culture. Educating all participants about operational risks
embedded in activities and processes is another critical component of creating a sound risk culture.
24
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5065 Which of the following is most likely a document that includes all operational risks of a firm,
the likelihood of the risks and the controls applied to each risk?
A. Risk universe
B. Top-ten risks
C. Risk register
D. Shock scenarios
T he correct answer is C.
T he risk register is the central repository of all operational risks in financial firms. It is a document
that includes all operational risks of a firm, the likelihood of the risks and the controls applied to each
risk.
A i s i ncorrect. T he risk universe is a list of all the risks a firm believe it is exposed to. It is a
B i s i ncorrect. T he top-ten risks are the most important risks for the organization in terms of both
D i s i ncorrect. Shock scenarios are events that would be extremely impactful but highly unlikely
to occur.
25
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5066 Which of the following four main categories of controls are implemented to reduce the
likelihood of risks materializing by mitigating their possible causes?
A. Detective controls
B. Corrective controls
C. Preventative controls
D. Directive controls
T he correct answer is C.
Preventative controls are implemented to reduce the likelihood of risks materializing by mitigating
A i s i ncorrect. Detective controls take place during the event or soon after, with the objective of
B i s i ncorrect. Corrective controls are implemented to reduce or correct the negative impacts
generated by incidents.
D i s i ncorrect. Directive controls include the set guidelines, procedures, and training that
26
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5067 Which of the following risk identification processes begins at the executive level, then to the
business units and finally to individual business processes?
T he correct answer is C.
T he process of top-down risk identification begins at the board/executive level of the company,
moves down through the departments of the business units, and ends with the individual business
processes. T he goal of top-down risk identification is to identify the most significant corporate
A i s i ncorrect. Bottom-up risk identification is the process carried out at the local company level,
identification.
B i s i ncorrect. Event and loss data analysis is a bottom-up risk identification tool that uses the
analysis of internal losses, external losses and near misses to identify risk.
D i s i ncorrect. A risk and control self-assessment (RCSA) exercise a risk identification tool where
an organization or a business line evaluates the likelihood and the impact of its operational risks.
27
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5068 Which of the following is most likely risks that a firm has identified as being on the horizon,
relatively small but on the rise with the potential for significant impact in the future?
A. Emerging risks
B. Risk universe
C. Taxonomies
D. Risk register
T he correct answer is A.
Emerging risks are risks that a firm has identified as being on the horizon, relatively small but on the
rise with the potential for significant impact in the future and not well understood yet.
B i s i ncorrect. T he risk universe is a list of all the risks a firm believe it is exposed to. It is a
C i s i ncorrect. Taxonomies are a range of impacts that are a results of risks from the possible
D i s i ncorrect. T he risk register is the central repository of all operational risks in financial firms.
It is a document that includes all operational risks of a firm, the likelihood of the risks and the
28
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
B. Risk wheel
C. Process mapping
D. Horizon scanning
T he correct answer is C.
Process mapping is a bottom-up risk identification technique. It entails outlining the steps of a
process step by step, considering the risks associated with a particular set of actions, and asking
Exposures and vulnerabilities, risk wheel and horizon scanning are all top-down risk identification
techniques.
29
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5070 Which of the following is least likely classified as an exposure under top-down risk
identification tools?
T he correct answer is C.
Exposures and vulnerabilities are top-down risk identification tools. Business risk exposure is
inherent in every financial firm while vulnerabilities are the weakest links in business activities.
T he key benefit of using a list of exposures and vulnerabilities as a brainstorming technique for risk
Examples of exposures are critical third parties, key persons, key distribution channels, main drivers
Examples of vulnerabilities are issues in control systems, systems overdue for updates, overdue
resolutions of issues, stand-alone systems, unmonitored operations or people, blind spots among
others.
30
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5071 Which of the following bottom-up risk identification tools relates to incidents that could have
resulted in operational losses but did not due to interventions outside normal controls?
A. Internal losses
B. External losses
C. Near misses
D. Process mapping
T he correct answer is C.
Near misses are incidents that could have resulted in an operational loss but did not because of good
luck or intervention outside of the normal course of controls. An example would be sending funds to
the wrong person but having the funds reversed before the funds could be withdrawn.
A i s i ncorrect. Internal losses are losses resulting from fraud, misappropriation of assets, or
actions that violate the law, corporate policy, or regulations that involve at least one internal party.
B i s i ncorrect. External losses are losses brought on by third-party fraud, property theft, or law-
D i s i ncorrect. Process mapping laying out the tasks of a process, step by step, and asking what
can go wrong in each step, is a structured way of reflecting on the risks attached to a set of
activities.
31
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5072 Which of the following is not one of the six components of PEST LE that are used for
scanning horizon risks?
A. Political component
B. Economic component
D. Environmental component
T he correct answer is C.
A structured way of scanning horizon risks is the PEST LE analysis, an acronym that encapsulates the
Political
Economic
Social
Technological
Legal
Environmental
32
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5073 Which of the following is most likely a bias that an external expert can help mitigate during
scenario analysis?
B. Myopia
C. Initiation of discussions
T he correct answer is B.
Myopia is the over-estimation of recent events. It is one of the biases that an external expert can
help mitigate during scenario analysis. T he involvement of additional external experts is advisable but
A i s i ncorrect. Another bias that an external expert can help mitigate during scenario analysis, is an
C i s i ncorrect. Initiation of discussions is a task for the facilitators of workshops for operational
risk scenario analysis. T hey are also tasked with coordinating debates and reaching consensus based
33
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5074 Which of the following Basel Category level 1 event relates to losses arising from acts
inconsistent with employment, health, or safety laws or from diversity / discrimination events?
T he correct answer is B.
Employment practices and workplace safety are losses resulting from violations of employment,
health, or safety regulations or agreements, from having to pay for personal damage claims, or from
A i s i ncorrect. Clients, products & business practices are losses brought about by an inadvertent
or negligent failure to fulfill a professional duty to a particular client or by the structure or design of
a product.
C i s i ncorrect. Damage to physical assets are losses caused by natural disasters or other
D i s i ncorrect. Business disruption and system failures are losses brought on by system
34
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5156 In the context of incident data collection recommendations by the Basel Committee, which of
the following statements is incorrect?
A. When reporting operational incidents, banks should use as many data fields as possible to
maximize the documentation of important information.
B. Companies should strive to utilize the same data fields when reporting operational
incidents.
C. While markets and credit risks usually follow easily identifiable external conditions,
operational events chance more subtly and their effects are harder to predict.
T he correct answer is A.
Although the inclusion of more data fields can add to a comprehensive understanding of any given
incident, it also poses several risks. Too much information can lead to reporting and analysis overload
as well as excessive use of resources. As such, it is best practice to include only the most essential
B i s i ncorrect. It is virtually universal that companies across all sectors utilize the same set of
core data fields whenever operational incidents are reported. T his allows for better internal and
external benchmarking and visibility, helping the business to increase its efficiency on many levels.
C i s i ncorrect. While market and credit risks usually follow easily identifiable external conditions,
operational events chance more subtly and their effects are harder to predict. For example, imagine
a bug in a digital banking app that results in delays in payment transfer for clients. Such an
occurrence could have wide-reaching repercussions beyond those immediately present at the time
of failure. T hese delayed payments can lead to customer complaints, demands for compensation from
the bank, and negative reviews on social media—all of which damage the reputation of the bank’s
services and mean extra costs in terms of management attention and IT resources. Identification and
quantification of the impacts of such an event is less straightforward than recording a credit loss on a
35
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
D i s i ncorrect. In addition to collecting internal incident data, it is also beneficial for organizations
to analyze external loss data from other firms. Doing so provides rich insights into the risk exposure
for other companies; these insights can be used by organizations to compare their own operations
against those of their peers or competitors—which helps them identify any areas needing
36
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5157 Joel and Mark, FRM Part II candidates, are discussing BCBS’ guidelines on the need to report
comprehensive data regarding operational risk events. During the discussion, the following
statements are made. Which statement is most likely correct?
A. While the Basel Committee has set a minimum threshold for loss reporting at €20,000
($22,000), setting reporting thresholds at zero is considered best practice so as to capture
every operational loss or simplify instructions to the business units that do not need to
estimate a loss before deciding to report incidents.
B. Regulatory guidelines dictate that firms must report any incidents causing them both
financial losses and non-financial impacts.
D. Grouped losses are distinct operational risk events connected through a common loss
amount.
T he correct answer is C.
It is important to remember that both direct and indirect losses must be reported. Direct losses are
the ones incurred immediately after the event: for example, the cost of remediation, any financial
outcomes due to wrongful transactions, or compensation to clients. Indirect losses are much trickier
to identify as they are results of further consequences from an operational risk event.
A i s i ncorrect. Even though some banks do set a threshold of zero for operational risk events, this
strategy is fading away among large banking institutions because of the sheer number of small
incidents that must be reported with little information value gained in return. Instead, most banks and
insurance companies are preferring a threshold slightly lower than the regulatory limit. T hresholds
B i s i ncorrect. Banks are only required to report any incidents causing them financial losses. But
from a management perspective, it's also good practice to record the non-financial impacts
D i s i ncorrect. Grouped losses are defined as distinct operational risks connected to a single core
event or cause. For example, if an IT failure occurs impacting various departments in different ways,
37
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5158 During a RCSA workshop, a bank executive makes the following statement: “At the moment,
our research shows that a large-scale cyber attack in the banking industry is a one-in-ten-year
event.” T he statement implies that:
T he correct answer is D.
Risk Control Self Assessment (or RCSA) exercises typically have a time horizon of one year or less
and may even be shorter depending on the organization's preferences. For example, when discussing
a one-in-ten-year event, this description actually refers to an event that has a 10% chance of
happening in the next year - not once every ten years. Similarly, a one-in-twenty-year event has a 5%
38
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
T he correct answer is D.
T he Swiss Cheese model is a concept that describes how multiple defenses (or "layers of cheese")
are necessary to create effective safety systems. Each layer serves as a defense against hazards, and
each has its own weaknesses, creating holes in the protective barrier. T he idea is that all defenses
need to be in place and working properly in order to protect against potential hazards. T he model was
first proposed by James Reason, and it has become widely used in risk management as a way to
Opti on A i s i ncorrect because the Swiss Cheese Model does not assess the impact of an attack,
but rather operates as a way to identify vulnerabilities and increase safety protocols.
Opti on B i s i ncorrect because the Swiss Cheese Model does not generate scenarios (as does the
FAIR model), but rather operates as a way to identify vulnerabilities and increase safety protocols.
Opti on C i s i ncorrect because while the Swiss Cheese Model can be used for analyzing security
risks, its primary purpose is as a way to identify vulnerabilities and increase safety protocols.
39
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5160 What is the purpose of Monte Carlo simulations in the FAIR model of managing operational
risk?
B. To generate scenarios with an asset at risk, a threat community, a threat type and an
effect.
T he correct answer is C.
Monte Carlo simulations are used in the FAIR model to provide the distribution of simulated scenario
losses based on factor estimates expressed as distributions. T he factor estimates come from
business experts who estimate the frequency and probable loss magnitude for each scenario. T he
Monte Carlo simulations then use these factor estimates as inputs to generate outputs in the form of
Opti on A i s i ncorrect because Monte Carlo simulations do not estimate the frequency and
Opti on B i s i ncorrect because Monte Carlo simulations do not generate scenarios with an asset at
risk, a threat community, a threat type and an effect - this is done through risk assessment and
analysis.
Opti on D i s i ncorrect because Monte Carlo simulations are not used to determine the best course
of action to prevent a potential loss event - this is determined through other methods such as
40
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5161 Which of the following statements best describes the purpose of Root Cause Analysis?
T he correct answer is B.
Root Cause Analysis is designed to investigate incidents or near misses that led or could have led to
operational impacts above the materiality threshold. It is more valuable to compare the results of
previous investigations and look for links and commonalities in the causes and failures leading to
significant operational risk events, in order to identify patterns within an organization that can help
create action plans across it. A key purpose of RCA is thus not only identifying an immediate cause,
but also recognizing underlying trends that can lead to greater understanding and preventative
measures.
A i s i ncorrect. T hough this statement is partially true, it does not encompass all elements of root
cause analysis. Identifying immediate causes is just one part; recognizing underlying trends in order
to formulate preventive action plans is another.
C i s i ncorrect. While RCA certainly includes evaluation, its main purpose is not solely limited to
assessment; rather, it involves systematic investigation into why an incident has happened in order to
D i s i ncorrect. T he statement does not accurately reflect RCA’s true purpose. Root cause analysis
involves assessing incidents and near misses in order to recognize underlying trends which can then
41
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5075 According to the international standards of enterprise risk management ISO 31000, there are
four ways to address risks. Which of the following is correct in this context?
B. Termination should be the first response action in case of an operational risk event
D. Tolerance involves all types of risk mitigations, especially internal controls aimed at
reducing the probability
T he correct answer is C.
Risk transfer entails moving the risk to another party. Risk can be transferred through external
A i s i ncorrect. Some risks, such as reputational risks and the risk of accountability, cannot be
transferred.
B i s i ncorrect. Termination involves the removal of all risk exposure. T his should be the last
response action when all other options are not applicable. Removing all the risk exposure also
acceptable option for either low inherent risks or residual risk exposure already controlled.
42
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5076 Christian Grey, an FRM Part II candidate, wishes to present on different types of internal
controls, the process of internal control design, and control testing in operational risk management.
Which of the following statement made by Grey is correct?
A. According to the Institute of Internal Auditors, controls can be of four types, i.e.,
preventive, detective, corrective, and directive controls
B. Directive controls aim to alert the firm if an incident occurs to accelerate its resolution
and limit the impact of the incident on the firm or its stakeholders
C. Examples of preventive controls include smoke alarms and credit card notifications of
potentially fraudulent transactions
T he correct answer is A.
Controls can be of different classes. However, according to the Institute of Internal Auditors,
controls can be of four types, i.e., preventive, detective, corrective, and directive controls.
B i s i ncorrect. T his is the function of detective controls but not directive controls.
perform different functions in a firm, access controls, level of authorization, and process
automation.
D i s i ncorrect. Directive controls are not always part of control taxonomies, but they exist in
every firm.
43
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5077 Among the four ways to address risk, treatment is the most common risk response, which
involves risk mitigation through various control plans. Controls can be of different classes. In this
chapter, however, we have adopted the classification used by the Institute of Internal Auditors.
Which of the following types of control fall under this classification?
A. Preventive controls
B. Key controls
C. Manual controls
D. Automated controls
T he correct answer is A.
According to the Institute of Internal Auditors, controls can be of four types, i.e., preventive,
Detective controls aim to alert the firm if an incident occurs to accelerate its resolution and limit
Corrective controls are intended to mitigate the impact of adverse events on an institution.
Directive Controls include all the prescriptions and rules for executing a process: policies and
procedures, training and guidance, governance structure, and roles and responsibilities.
B, C, and D are i ncorrect. T hey do not fall under the said classification.
44
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5078 David Hans, FRM, works as the risk manager at ABC bank. In one of his presentations, David
states that a firm's internal controls are its foundation for risk mitigation. He further goes ahead to
state several issues concerning internal controls. Which of the following statements is least likely
correct in this regard?
A. A key control is a control that can sufficiently mitigate risk on its own
C. Control automation is prone to human errors, which can transform into technology and
model risk
T he correct answer is D.
Automated data back-up is a component of control automation and not control testing.
A i s i ncorrect. A key(primary) control is a control that can sufficiently mitigate risk on its own.
Key controls can be corrective if it neutralizes the impact of adverse events on an institution. A non-
key control, on the other hand, can not sufficiently prevent the risk from materializing. T his control
B i s i ncorrect. Controls can either be manual or automated in nature. Automation greatly increases
C i s i ncorrect. With the advancement in modern technology, banks no longer find it reasonable to
rely on manual controls. However, control automation is prone to human errors, which can
45
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5079 An FRM candidate is preparing for May 2023 exam. In one of the open discussion forums, the
candidate states that a control should be effectively designed so as to be applied effectively and
hence be able to mitigate risk effectively. Ineffectively designed controls waste resources and may
give unrealistic expectations resulting in vulnerabilities. He goes ahead to state the types of weakly
designed controls. Which of the following is a least likely a type of a weakly designed control
highlighted by the candidate?
A. "Optimistic control."
C. "Collective controls."
T he correct answer is D.
System-based data validation checks in data collection tools is an example of automated controls.
A i s i ncorrect. "Optimistic controls" - Since they are cursory rather than comprehensive, these
controls are commonly called "tick-boxes." For these controls to be effective, the controller must
have either exceptional skill or experience.
B i s i ncorrect. "More of the same." T his refers to adding more controls of the same design as the
ones that failed after an operational incident caused by a control failure. For example, adding more
controllers doesn't help resolve a failure of collective controls, nor does it reinforce an onboarding
process that managers already bypass due to its disproportionate and cumbersome nature.
Q.5080 T he Bank of India is in the process of implementing an effective control system. Its risk
management unit has clarified that control designs should be assessed, and if satisfactory, they can be
tested to check whether they are operationally effective. Which of the following is least likely a
type of control testing?
A. Examination
B. Observation
C. Self-certification
46
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
D. Independence
T he correct answer is D.
Independence of the testing party is one of the factors that influence the effectiveness of control
testing.
We have four primary types of control testing, presented in their level of scrutiny. T he greater the
inherent risk, the more rigorous the control testing must be.
risk.
determine the effectiveness of this testing method. In addition, it is more suitable for
automated checks and sampling of manual checks since it provides moderate assurance.
Observation. It involves observing the execution of the control process in real time so
that its design and effectiveness can be judged. T his testing control is suitable for key
controls.
which involves the tester reproducing the control process on a sample of transactions and
47
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5081 Joseph Bolts, FRM, is a risk manager at the Bank of Baroda. In his recent presentation to the
board of directors, Joseph highlights that while the firm strives to establish effective control testing,
we have several factors that determine the level of this effectiveness. Which of the following
factors least likely influence the effectiveness of control testing?
B. T he frequency of testing
D. Reperformance
T he correct answer is D.
A i s i ncorrect. T he independence of the testing party – To avoid conflict of interest and bias, the
testing party should be independent of the owner of the control process (except in the case of self-
certification).
frequently for higher risks or unstable risk environments in proportion to the severity of the risk.
C i s i ncorrect. Scope and sample. T he results of a test depend on the scope of testing, and the size
of the sample tested. To adequately represent the population, the sample should be large enough.
48
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5082 To effectively mitigate human errors, we should first categorize these errors accordingly.
Identifying slips and mistakes is the first step in categorizing human error. Which of the following
categories of human errors is correctly described?
A. Slips – T hese are wrong choices made when someone faces a new situation due to a lack
of familiarity with a process
B. Rule-based mistakes – T he perpetrator understands the right thing to do but decides to act
against the rules
C. Knowledge-based mistakes – T hese are the wrong choices made when someone faces a
new situation due to a lack of familiarity with a process or a lack of training and guidance
D. Violation – T hese are involuntary errors caused by inattention, distraction, and fatigue
T he correct answer is C.
Knowledge-based mistakes are the wrong choices made when someone faces a new situation due to a
A i s i ncorrect. Slips are involuntary errors caused by inattention, distraction, and fatigue. T here
are many ways to respond to slips, including improving the work environment, speeding up work
appropriately, reducing noise levels, clarifying accountabilities, and explaining the consequences of
every action.
"strong but wrong." Mis-selling to customers due to commercial incentives is a good example of such
mistakes.
understands the right thing to do but decides to act against the rules.
Q.5083 To improve the quality of an operational process and reduce the potential for human error,
the risk management unit should first identify these errors and then apply several methods to assess
and mitigate risks related to these errors. Which of the following statements is i ncorrect in light of
this statement?
A. T he Lean Six Sigma is applied to remove and reduce waste and variation by analyzing
processes and collaborative tasks hence minimizing variations
49
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
B. Six Sigma improves quality by identifying and eliminating causes of errors or defects and
minimizing variability in industrial processes
C. Quality improvement follows the plan, do, study, act (PDSA) cycle or "Dr. Deming cycle."
D. Under the "Dr. Deming cycle", Do refers to analyzing the collected data, comparing the
set targets, and evaluating opportunities for improvement.
T he correct answer is D.
Plan is about setting goals, determining expectations, and deciding what, where, when, and
Study refers to analyzing the collected data, comparing the set targets, and evaluating
Act is about understanding lessons learned and adjusting our expectations for the coming
cycle.
A i s i ncorrect. In Lean Six Sigma, waste and variation are systematically removed and reduced by
analyzing processes and collaborative tasks hence minimizing variations. Lean Six Sigma combines
Lean and Six Sigma techniques which aim at eliminating eight kinds of "waste."
B i s i ncorrect. Six Sigma improves quality by identifying and eliminating causes of errors or
defects and minimizing variability in industrial processes. Both methods apply the define, measure,
C i s i ncorrect. Quality improvement follows the plan, do, study, act (PDSA) cycle or "Dr. Deming
cycle."
50
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5084 Businesses face significant operational risks when they embark on new projects, products,
and initiatives that are unfamiliar or unfamiliar to them. Which of the following statements is
correct in this context?
A. As a best practice, the owner of each new initiative should present a business case to
show the allocation of resources
B. When acquiring new assets, it is easier to assess operational risk than credit risk
C. T he acquired firm should not provide any information as this makes operational risk
assessment even more difficult
D. When projects are merged, the risks of the acquired assets remain with the original firm
T he correct answer is A.
As a best practice, the owner of each new initiative should present a business case to show the
allocation of resources. A good business case covers at least five topics, namely: objective,
B i s i ncorrect. Credit risk can easily be assessed provided the data of collateral, obligors, and terms
and conditions are available. On the other hand, operational risk is very difficult to assess since it is
the risk related to the results of people, systems, and processes over time. T herefore, it may take
time before the inherited operational risk is discovered. Banks should therefore be very keen to
C i s i ncorrect. If a firm is acquired, it should be integrated to provide its own set of additional
operational risks. T he acquired firm should present customer and account platforms, payroll and
D i s i ncorrect. When projects are merged, the acquiring firm inherits the risks of the acquired
assets. When a firm acquires assets, a portfolio, or the entire entity, it inherits all risks associated
51
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5085 Bank A wishes to acquire all the assets of Bank B. T he risk unit of Bank B is therefore
concerned about the possible operational risks that may arise if they go ahead to acquire assets of
Bank A. Which of the following is least likely a correct way in which the risk function of Bank B will
involve in the acquisition of assets of Bank A?
A. Doing a thorough assessment of the operational risk related to the assets of Bank B
B. T he risk unit should ask Bank B to present information on payrolls, customers, payroll and
management systems, and its communication with other companies
C. T he board of directors can create a risk profile to familiarize the management with
potential operational risks related to these new business initiatives.
D. Bank B should provide Bank A with data on collateral, obligors, and terms and conditions in
order for them to assess credit risk
T he correct answer is C.
T he ORM function is what should create a risk profile to familiarize the management with potential
operational risks related to these new business initiatives and not the board of directors.
A i s i ncorrect. It may take time before the inherited operational risk is discovered. T he acquiring
firm (in this case, Bank A) should therefore be very keen to assess operational risks when acquiring
new assets. T he ORM function can support these new initiatives by creating a risk profile to
familiarize the management with potential operational risks related to these new business initiatives.
B i s i ncorrect. Bank B should be requested to present customer and account platforms, payroll and
management systems, and its communications with other companies. T he ORM of Bank A can help
the firm identify these risks through risk identification workshops and work with the integrating
teams to set mitigation measures to address potential risks related to a complex acquisition.
D i s i ncorrect. Bank B should provide Bank A with data on collateral, obligors, and terms and
conditions in order for them to assess credit risk. Credit risk can easily be assessed provided the data
52
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5086 Paul Schering, FRM, works as a risk manager at ABC Bank. Paul wishes to present to the
bank approaches firms should use to mitigate the impact of operational risk events. Which of the
following statements highlighted by Paul is correct?
A. A contingency plan is simply a "Plan B" or an alternative action if the result of a future
event does not go as expected
B. T he first step in business continuity management (BCM) is identifying threats and risks
and linking these risks to the firm's key operational risks
C. In case of a crisis, a firm should have at least two response teams: a technical team, a
media team, and a communications team
D. A communications team to assesses the risk event and restores normal processes
T he correct answer is A.
A contingency plan is simply a "Plan B" or an alternative action if the result of a future event does
not go as expected. Contingency planning is part of business continuity management (BCM), disaster
recovery plans (DRP), and corrective risk management. Contingency planning should clearly state
who does what and when in case of an event. In broader terms, contingency planning involves
initiate the management process. After this, threats and risks should also be identified and linked to
the firm's key operational risks. Once these risks have been identified, actions should be taken to
manage these risks as part of risk management. A business impact analysis is carried out to
determine the terms of risk mitigation. Strategies and plans for mitigating these risks are developed
C i s i ncorrect. In case of a crisis, firms should have at least two response teams:
T he technical team assesses the risk event and restores normal processes as soon as
possible.
Q.5087 T he risk management team of the ABC Bank is presenting the results of event and crisis
53
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
management to the operational risk committee of the bank. In its presentation, the team highlights
the following: Which of the above statements highlighted by the team is incorrect?
A. A firm should demonstrate three qualities when managing a crisis or major operational
event, which include speed, competence, and transparency.
B. We have four phases of a major operational risk event: crisis, emergency response,
recovery, and restoration
C. We have two traditional recovery measures: a Recovery Point Objective (RPO) and
Recovery T ime Objective (RT O)
D. In the event of a crisis, each recovery job should be handled by senior management.
T he correct answer is D.
A i s i ncorrect. In the event of disruptions, the business continuity plan (BCP) will be activated. A
firm should demonstrate three qualities when managing a crisis or major operational event:
Speed: A crisis can spread very fast (e.g., cyberattacks). It is, therefore, crucial to respond
Competence: In the event of a crisis, each recovery job should be handled by a suitable
specialist.
T ransparency: T rust of key stakeholders should be maintained by always telling the truth
and being open and honest even in the face of a large operational loss.
B i s i ncorrect. T here are four typical phases of a major operational risk event:
Crisis: After an incident, the type and scale of the problem become apparent.
Emergency response: Experts must assess the situation and quickly decide how to
proceed.
Recovery: If the plan goes as planned, essential operations will resume in recovery format
54
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
i. A Recovery Point Objective indicates how much data will be lost or have to be re-entered
after an outage.
ii. Recovery T ime Objective measures how much downtime a business can tolerate.
55
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5088 Operational risk can be transferred through external insurance and outsourcing. Which of
the following statements is incorrect regarding risk transfer?
A. T here is a trade-off decision between the insurance premium versus the volatility
B. In external insurance, the risk is not necessarily fully transferred, as the amount of
compensation depends on the premiums paid
T he correct answer is D.
External insurance policies for operational risk are suitable for operational risks that:
T hey are fairly predictable, allowing for proper underwriting and pricing for the insurer,
and
It is easy to transfer both risk exposure and consequences, so risk mitigation is effective
A i s i ncorrect. T here is a trade-off decision between the insurance premium versus the volatility.
Many firms will tend to self-insure small losses or absorb the volatility and only seek external
insurance to cover losses from extreme operational events. Any large potential operational risk
B i s i ncorrect. In external insurance, the risk is not necessarily fully transferred, as the amount of
compensation depends on the premiums paid. In some cases, the firm may experience delays from
C i s i ncorrect. Outsourcing may result in third-party risk since the firm is exposed to the risk of
failure of third-party controls. Furthermore, not all risks are transferable. T he risk of accountability,
for example, is not transferred through this process. Increasingly, outsourcing is perceived as a risk-
sharing and not a risk-transfer method. Reputational damage is another risk that cannot be outsourced
56
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5089 In the definition of operational risk, reputational risk has been left out intentionally. T his is
because reputational risk is not necessarily caused by operational risk. Both internal and external
operational events can cause reputational risk. Operational risk controls and mitigation strategies can
be implemented to protect a company's reputation. Which of the following is least likely a correct
way to prevent reputational risk?
A. T he use of detective controls to identify operational failures and reduce their reputational
effects
T he correct answer is D.
T ransferring responsibility from one party to another in order to limit exposure is one of the four
A i s i ncorrect. One way to prevent reputational risk is to build and maintain customer confidence.
T he use of detective controls to identify operational failures and reduce their reputational effects
are among the methods used to protect against them. Detective controls include monitoring
customer complaints on social media and tracking refund requests or system downtimes.
B i s i ncorrect. Firms should be careful when contracting third parties to avoid the wrong type of
effective reputational management process. An organization's stakeholders are not all equally
57
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5090 Which of the following events will least likely trigger the requirement to notify regulators of
operational risk events?
C. Any event that could affect the firm’s ability to continue to provide adequate services
D. Any event that could result in serious consequences to the financial system
T he correct answer is B.
Any event affecting the firm’s management does not trigger the requirement to notify regulators
unless it affects the firm materially above a certain threshold, its reputation, its resilience, or its
stability.
T he requirement to notify regulators of operational risk events may be triggered by any of the
following criteria:
Any event that could affect the firm’s ability to continue to provide adequate services to
its customers, and that could result in serious detriment to a customer of the firm.
58
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5091 Which of the following is least likely a type of information critical in the operational risk
requirements?
B. Historical losses
T he correct answer is D.
T he risk appetite metrics is one of the main components of operational risk and not a type of
Historical losses.
59
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5092 Which of the following types of information required relates to presenting the governance
and risk management structures that an entity has established to manage and mitigate risk?
B. Historical losses
T he correct answer is A.
Qualitative information on operational risk management relates to ensuring companies present the
governance and risk management structures that they have established to manage and mitigate risk.
B i s i ncorrect. Historical losses requires regulated entities to provide appropriate details on the
C i s i ncorrect. Business indicator and subcomponents entails disclosing the business indicator and
its necessary components, which serve as the basis for the computations of operational risk capital.
D i s i ncorrect. Incidents and near misses is one of the main components of operational risk
reporting.
60
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5093 Which of the following is not one of the main components of operational risk?
T he correct answer is C.
T he frequency and severity per period is one of the areas that need to be reported when reporting
in risk events and near misses. It is not one of the main components of operational risk.
61
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5094 Which of the following components of operational risk reporting involves reporting a list of
the top overall risks?
T he correct answer is C.
T he top-10 risks and risk outlook is one of the components of operational risk reporting that
involves reporting a list of the top overall risks or the 10 most significant risks from the risk register
or risk inventory.
A i s i ncorrect. T he heatmap and risk register provides a two-dimensional visual depiction of the
B i s i ncorrect. Risk appetite metrics is the tracking of risk appetite and the monitoring metrics
that go along with it. It enables the board to assess if the company is functioning within its risk
D i s i ncorrect. Incidents and near misses is one of the most important components of ORM
reporting that involves reporting of risk occurrences, losses, and near misses.
62
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5095 Why are near-miss occurrences included in the reporting of incidents in organizations with
strong risk cultures?
T he correct answer is C.
Organizations with strong risk cultures include near-miss occurrences in the reporting of incidents
A i s i ncorrect because the cost of close calls is not the reason for including near-miss occurrences
B i s i ncorrect because importance is not the specific reason for including near-miss occurrences,
but rather to assess the significance of close calls based on the potential consequence that was
unintentionally avoided.
D i s i ncorrect because the frequency of close calls is not the reason for including near-miss
63
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5096 Which of the following is not one of the three options worth considering when aggregating
qualitative data?
B. Categorization
C. Horizon scanning
D. Worst-case reporting
T he correct answer is C.
Horizon scanning is one of the main components of operational risk reporting that involves finding
new trends and potential risks. It is not one of the three options that need to be considered when
Categorization
Worst-case reporting
64
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5097 Which of the following stakeholder groups is authorized by the board to monitor the
effectiveness of the firm’s risk management framework?
A. T he audit committee
B. T he risk committee
C. Executive committee
T he correct answer is B.
T he board risk committee is authorized by the board to monitor the effectiveness of the firm’s risk
management framework.
A i s i ncorrect. T he audit committee is a subcommittee of the board and is responsible for a third
level of operational risk oversight managed by the firm’s internal audit activities.
board members and senior executives, that prioritizes issues for the full board to address, is
responsible for overseeing board policies, and ensures good governance practices.
D i s i ncorrect. Business-line managers typically monitor the status of their KRIs, the progress of
their action plans, and the nature and severity of operational risk events experienced by their
business lines.
65
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5098 Which of the following stakeholder groups is responsible for collecting all relevant
operational risk information from the business lines to produce aggregated, synthesized reporting and
provide feedback to the business lines?
A. T he risk champions
C. T he audit committee
D. T he executive committee
T he correct answer is B.
T he operational risk committee collects all relevant operational risk information from the business
lines to produce aggregated, synthesized reporting for the operational risk committee and provide
A i s i ncorrect. T he risk champions typically monitor the status of their KRIs, the progress of their
action plans, and the nature and severity of operational risk events experienced by their business
lines.
C i s i ncorrect. T he audit committee is a subcommittee of the board and is responsible for a third
level of operational risk oversight managed by the firm’s internal audit activities.
making between board meetings and/or during times of crisis, prioritizes issues for the full board to
address, is responsible for overseeing board policies, and ensures good governance practices.
66
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
T he correct answer is C.
Addressing the asymmetry of operational risk event data is one of the challenges of non-financial risk
data reporting i.e., A relatively small number of low-frequency, high-severity loss occurrences
A i s i ncorrect. Risk appetite metrics is one of the main components of operational risk reporting.
It involves tracking of risk appetite and the monitoring metrics that go along with it.
B i s i ncorrect. Action plans and follow-up is one of the main components of operational risk
reporting. T hese are risk-reduction strategies created to strengthen the regulatory environment and
D i s i ncorrect. Incidents and near misses is one of the main components of operational risk
reporting. It involves outlining what incidents involving operational risk occurred and how much
67
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5100 Ibrahim Asman, FRM, is the operational risk manager at the Bank of India. In one of his
presentations to the board of directors, Mr. Asman says that a bank should have a wider view of risk
assessment frameworks and capital assessment in addition to its operational risk framework. Which
of the following points highlighted by Asman on risk governance is least likely correct in the context
of ERM?
A. T he first line of defense comprises the staff and management of business lines. It is
responsible for making decisions for managing risks
B. T he second line of defense comprises banks' credit risk management, market risk
management, and operational risk management departments
C. T he board risk committee is responsible for overseeing all risks across a firm
T he correct answer is D.
T he board risk committee is responsible for overseeing all risks across a firm and is independent of
the board of directors. It recommends risk-based decisions, risk exposure, and risk management to
T he three lines of defense define the roles and responsibilities for the overall risk management of a
firm.
A i s i ncorrect. T he first line of defense consists of staff and the management of risk. T he first line
makes risk management decisions. Risk owners identify, measure, mitigate, and report risks. It is the
responsibility of risk owners to make decisions to ensure an appropriate balance between risk and
reward for the firm. Risk owners have the authority to expose the firm to risk within the firm's risk
appetite limits.
B i s i ncorrect. From an ERM view, the second line of defense comprises banks' credit risk
management, market risk management, and operational risk management departments. Also included
are other oversight functions, such as compliance or information security, and parts of hybrid
C i s i ncorrect. T he board risk committee is responsible for overseeing all risks across a firm. T his
68
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
committee is independent of the board of directors and recommends risk-based decisions, risk
exposure, and risk management to the full board. T he term of reference or a committee charter
Q.5101 Risk culture is inseparable from corporate culture and goes beyond the culture of alertness
and reporting of operational risk incidents, as well as the sharing of lessons learned. Which of the
following statements is least likely correct regarding risk culture from an ERM view?
C. A robust and independent risk management function can reduce tail risk exposures at
banks
D. A risk culture is a structure that is put in place to outline a firm's approach to the
management, and control of risk.
T he correct answer is D.
A structure that is put in place to outline a firm's approach to the management, measurement, and
control of risk is referred to as a risk appetite framework and not a risk culture.
A i s i ncorrect. Risk culture is inseparable from corporate culture and goes beyond the culture of
alertness and reporting of operational risk incidents, as well as the sharing of lessons learned. From
risk culture leads to dire consequences, emphasizing the need for firms to establish and maintain a
risk culture.
C i s i ncorrect. Post-financial crisis reports emphasized that a lack of risk culture led to risk
management failure in large financial institutions. According to the seminal paper issued by the
Journal of Finance in 2013, bank holding companies with a higher lagged risk management index have
lower tail risk and higher return on assets. T his aligns with the hypothesis that a robust and
independent risk management function can reduce tail risk exposures at banks.
69
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5102 Which of the following is most likely a role and responsibility of the second line of defense
for the overall risk management of a firm under risk governance?
T he correct answer is B.
T he second line of defense is responsible for establishing risk management methods, tools, models,
and measurement methods, training the first line of defense, raising risk awareness, developing risk
A i s i ncorrect. Making decisions for managing risks is a role of the first line of defense. It
C i s i ncorrect. Overseeing the risk management activities is a role of the third line of defense.
D i s i ncorrect. Reporting independently to the board of directors is a role of the third line of
defense.
70
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5103 A newly hired risk manager is preparing to present to the risk committee on the role of ERM
in financial services in ensuring the solvency and sustainability of an institution through appropriate
capital funding that covers any unexpected losses relating to any of the main risk classes. Which of
the following points highlighted by the risk manager is correct?
A. An enterprise risk management framework and activities consist of regulatory capital and
economic capital only
B. Regulatory capital is the internal capital that firms estimate, reflecting both their risk
profile and potential needs to cover unexpected losses
T he correct answer is D.
Basel regulations bear no legal ground, but rather countries choose to include the Basel standard
A i s i ncorrect. An enterprise risk management framework and activities consist of, but it is not
limited to, regulatory capital and supervision, economic capital, risk-adjusted return on capital
B i s i ncorrect. Regulatory capital is the mandatory minimum level of capital required by banks to
cover credit, market, and operational risks and the minimum liquidity ratio.
71
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5104 T he CEO of a bank has recommended that the bank should calculate RAROC in order to
determine the risk-return trade-off of their products and services. Which of the following is correct
with respect to RAROC?
A. RAROC can be used to provide a quantitative estimate of the bank's funding costs for each
transaction product and type of client
T he correct answer is A.
RAROC is used to provide a quantitative estimate of the bank's funding costs for each transaction
product and type of client, manage scarce capital and expensive resource, and manage commercial
agents of the bank using objectives.
B i s i ncorrect. RAROC Is given by expected after-tax risk-adjusted net income divided by economic
C i s i ncorrect. RAROC is more straightforward for credit activities, while EL can be estimated
using historical data. In contrast, market risk EL is less straightforward and is often set to 0.
D i s i ncorrect. Operational risk is generally not measured with RAROC since it is difficult to
72
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5105 A risk manager of a large bank recommends that the bank should consider not only regulatory
and economic capital requirements but also assess aggregate capital needs. Which of the following
statements is correct regarding capital aggregation and diversification in the ERM context?
B. To /determine the risk capital for a particular business unit within a larger firm, the units
are viewed together
D. We can have large diversification benefits when operational risk is aggregated with other
risks
T he correct answer is D.
It can be observed that credit and market risk correlations tend to increase during a crisis;
operational risk, on the other hand, moves independently. T his implies that we can have large
within each risk class and inter-risk diversification – diversification that involves different risk
classes.
B i s i ncorrect. To determine the risk capital for a particular business unit within a larger firm,
C i s i ncorrect. To achieve diversification, the correlation between different risks should be less
than +1.
73
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5106 A risk manager at a bank proposes that the bank should stress test its activities in order to
determine its stability and resilience. T he manager, however, stated that a number of issues led to
the failure of stress testing during the great financial crisis. Which of the following factors
highlighted by the manager is least likely correct?
A. Scenario selection
T he correct answer is D.
Use of stress testing and integration in risk governance is one of the factors why stress testing failed
during the great financial crisis. Stress tests were not included in a global risk framework as other
businesses doubted the credibility of the analysis. Senior management was not involved enough,
A i s i ncorrect. Scenario selection: Minor severity and missing correlations between scenarios
affected results as they could not comprehensively represent the aggregate risks across the bank.
Scenarios were undertaken at a business level and were unrelated to capital adequacy and liquidity.
B i s i ncorrect. Stress testing of specific risks and products: New complex products or strategies,
such as complex hedging strategies, were not covered under credit risk, liquidity, and contingent risk.
C i s i ncorrect. Stress testing methodologies: Several risk management tools employed historical
statistical relationships to assess risks. Similarly, the banking sector lacked a firm-wide approach and
focused so much on models calibrated on historical data. Historical information revealed that the
74
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5107 T he operational risk manager of a bank wishes to establish a robust operational risk stress-
testing framework. Which of the following is least likely a component of a robust operational risk
stress-testing framework?
D. Regression models
T he correct answer is D.
Regression models is one two methodologies used by banks to model the frequency and severity of
A i s i ncorrect. Expected non-legal loss forecast module: this module consists of a quantitative
model that projects and refines a loss forecast for each risk category depending on expert judgment.
B i s i ncorrect. Legal loss module: T his module forecasts immaterial "bulk" litigation losses,
conditional litigation losses, and incremental litigation losses (the unknown unknowns).
C i s i ncorrect. Idiosyncratic scenario add-on module: the module is developed to cover a bank's
idiosyncratic operational risk profile and bank-specific risk exposures derived from storylines.
75
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5108 T he operational risk manager of a bank has asked a junior analyst to model total operational
risk losses and the frequency and severity of operational risk losses. Which of the following method
would the junior analyst apply?
D. AMA approach
T he correct answer is B.
Generally, banks prefer modeling the frequency and severity of operational risk losses using two
methodologies:
macroeconomic conditions. Here, frequency and severity are modeled separately and
Loss distribution approach (LDA) – some LDA models, e.g., frequency and severity models,
A i s i ncorrect. Reverse stress testing is not used for modeling but seeks to analyze immeasurable
risks by starting from the opposite end and trying to identify circumstances that might cause a firm
to fail.
C i s i ncorrect. Monte Carlo simulation is an approach applied under LDA to project losses.
D i s i ncorrect. AMA approach is used for modeling regulatory and economic capital.
76
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5109 A newly hired risk manager of a bank wishes to implement a robust operational risk stress
testing framework at the bank. Which of the following is a potential challenge the manager is least
likely to face when developing and implementing models used in stress testing Operational risk?
A. Legal risk is characterized by the delay between adverse macroeconomic conditions and
legal losses suffered by banks
T he correct answer is D.
Quantitative–Qualitative Approach Dimension is one of the two stress testing dimensions. A stress
testing taxonomy helps to understand the evolution of stress testing and the range of stress testing
practices.
A i s i ncorrect. T here is a challenge associated with legal risk – Legal risk is characterized by the
delay between adverse macroeconomic conditions and legal losses suffered by banks. It may take
years for business practices that result in litigation to materialize in actual settlement losses.
Consequently, forecasts developed under this module must take into account lags between factors
B i s i ncorrect. To stress severity, a higher percentile of the distribution reflecting the firm's
expectations for average losses per event under stressed conditions is selected based on expert
judgment. T he selected losses are then combined with frequency forecasts through Monte Carlo
simulation. Expert judgment and data can also be combined with conditional LDA. However, it is
C i s i ncorrect. LDAs lack risk drivers thus, they assume that a firm's risk exposure remains the
same over time. T his assumption does not align with the stress testing objectives, which is to
understand how an organization's risk exposure changes with time to reflect the changing
77
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4263 Assume you are the chief systems manager at your local bank. How best would you approach
the issue of cyber security in line with the Basel Committee Report on cyber-resilience among
regulated institutions?
A. To identify all instances of cyber warfare and establish the severity and potential damage
of attacks, and ensure that findings are publicized and acted upon immediately.
B. To single out all potentially crippling cyber-related vulnerabilities that expose the bank to
large-scale monetary or nonmonetary loss
C. Accept that there can be no absolute security and instead work on developing a robust IT
system and build local and international cooperation and information exchange in order to
reduce threat and build resilience
D. To identify all instances of cyber warfare and potential vulnerabilities with an eye on
complete eradication of threats
T he correct answer is C.
T here’s growing acceptance that there can be no ‘absolute security” against cyber weapons. Each
passing day, new data antitheft and anti-malware software are getting developed but cyber threats are
growing as fast. In reality, it is nearly impossible to prohibit the weapons and avenues that may be
used to propagate cyber warfare. It is not possible to identify all potential “attack points.” In fact,
attempts to “root out” and eradicate all potential vulnerabilities maybe counterproductive. T his
Cyber threats can never be truly eliminated; instead, the ultimate goal for institutions should be the
development of a robust, cyber-resilient IT system and building of local and international cooperation
and information exchange in order to reduce threat and protect critical information infrastructures.
78
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4264 In response to the increasing number of threats in the cyber space, the Basel committee has
come up with a report aimed at inculcating cyber resilience across the banking industry. T he cyber
risk resilience framework encompasses all of the following EXCEPT :
A. T hreat anticipation
D. None - All of the above form part of the cyber risk resilience framework
T he correct answer is D.
According to the Financial Stability Board (FSB), cyber resilience is the “ability of an organization to
continue to carry out its mission by anticipating and adapting to cyber threats and other relevant
changes in the environment and by withstanding, containing and rapidly recovering from cyber
incidents.”
79
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4265 Capital Bank just went through a serious system breach that resulted in massive loss of
sensitive customer data. T he information security department is attempting to restore the system as
well as located critical data backups. Unfortunately, it appears no one knows exactly what they are
supposed to do. T he bank also has a rapid recovery plan in place but the relevant personnel do not
know what protocol to follow in the execution process. What’s more, the recovery team is
struggling to put in a well-coordinated effort to carry out specific tasks. Which of the following
vulnerabilities is most likely to blame for this scenario?
T he correct answer is D.
One of the issues raised in the Basel Committee Report on Cyber-Resilience Practices has much to
do with insufficient business continuity testing, and this appears to be the main culprit that has led to
T he report notes that although most regulated entities do have a contingency and recovery plan in
readiness for a serious attack, there’s a general lack of testing to determine if the plan indeed works.
A disaster recovery test would ensure that everyone in the team knows exactly what they are
supposed to do and familiarize everyone with the steps to follow throughout the recovery period.
Options A is incorrect. T hat the bank has a recovery plan means it must have conducted a business
impact analysis, which is essentially an exercise aimed at identifying the most important parts of the
Option B is incorrect. T he bank does have a back-up system only that the recover team is not
C is incorrect. Even with a good and working alternate system, it would be very difficult to use it if
the bank has not conducted tests to make sure that everyone knows how the system works.
80
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4266 Considering commerce and marketing, which of the following is a significant obstacle to
developing cyber resilience among regulated institutions around the globe?
A. Use of technology, including high-level automation and integration with third parties
T he correct answer is D.
T he biggest stumbling block toward inculcating cyber resilience among regulated institutions has
been high-level automation and use of systems that are heavily integrated with third-party service
providers and customers. T his has resulted in an attack surface that is growing by the day and has
only served to increase accessibility from potential adversaries. Increased third party integration
implies that the perimeter of interest to financial sector regulators has gotten bigger, and cloud
81
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4267 According to the Basel Committee report on cyber resiliency among institutions, which of
the following jurisdictions tend to have the least robust regulatory information sharing frameworks?
T he correct answer is B.
sharing mechanisms among banks tend to have less robust policies that have been developed by the
relevant regulators. T his means that the regulators do not feel the need to enforce tough
C and D are incorrect. T here’s no clear and observable link between the regulatory robustness and
82
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4268 T he Basel committee notes that most jurisdictions have adopted some information-sharing
mechanism between banks and regulators. According to the committee’s report, the following are
potential sources of concern EXCEPT ?
T he correct answer is C.
information-sharing mechanisms are in force, key among them being communications among banks,
mostly on a voluntary basis, and communications between banks and regulators. In other words, we
do have bank to bank information sharing and that’s not a real concern at the moment. Option A
presents a potential source of concern. T he committee notes that there is no common standard.
T his could lead to withholding of crucial information on possible threats or indicators of compromise.
Option B presents a potential source of concern. T he report notes that Information-sharing by banks
will in turn lead to positive discourse on matters risk and increase threat awareness.
T he report also notes that most banks favor reactive reporting rather than a more proactive
approach. T his could being about delays in the time taken to develop robust protection
infrastructures.
83
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4269 With respect to cyber security strategy as outlined in the Basel Committee report on cyber-
resilience, all of the following statements are correct EXCEPT ?
A. All regulators expect regulated entities to have a board approved information security
strategy
B. Most jurisdictions have included cyber-risk within their broader risk management
frameworks
C. Most supervisors review regulated entities' information security strategies, but very few
require or evaluate those entities' standalone cyber-security strategies.
T he correct answer is D.
T he committee notes that most regulators do not require regulated entities to have a functional
cyber security strategy, but they do expect them to have a board-approved information security
strategy, policy and procedures under the broad remit of effective oversight of technology (hence
option A is correct)
B is also correct. Many jurisdictions expect that cyber-risk should be covered by the organization-
wide risk management framework and/or information security framework which should be
C is also correct. Although most supervisors do review regulated entities’ information security
frameworks, most of them do not review or evaluate those entities’ standalone cyber-security
strategies
84
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4270 Which of the following regulatory approaches has been adopted by jurisdictions as a way of
enforcing cyber-security strategy requirements among regulated entities?
A. I and II only
B. II only
C. III only
D. All three
T he correct answer is D.
85
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4271 John Henderson, FRM, is the newly appointed chief officer in charge of information systems
and security at Capital Bank. Upon scrutinizing the bank’s cyber-security strategy, he has found that
the bank lacks a well thought out business continuity plan that can be adopted in the event of an
exceptional event or crisis. With the help of other executives, he proceeds to conduct a business
impact assessment and singles out the most critical activities, resources, and services that would be
in need of rapid restoration in the event of a cyber-attack. Which of the following activities would be
most cri ti cal before finalizing and implementing the newly developed plan?
B. Continuity tests
T he correct answer is B.
Although all four choices present possible procedures that should form part of any business
continuity plan, the Basel committee singles out the business continuity test as a key activity that
should be undertaken before implementation begins. T he test is meant to confirm the validity of the
outlined business continuity and crisis response plans. For example, the test can evaluate whether it
86
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4272 According to the Basel Committee Report on Cyber-Resilience Practices, which of the
following is the “least observed practice across jurisdictions” with respect to information sharing?
T he correct answer is B.
T he committee notes that the least observed information-sharing practice occurs among regulators.
T his is a worrying situation especially when we consider that cyber-fraud is increasingly becoming
sophisticated and global. T here’s a need to increase information sharing among regulators so as to not
only increase awareness with regard to emerging risks but also to be able to develop a wholesome
well-coordinated response that does not leave some industry sectors exposed.
87
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4273 Exim Bank has just completed a risk assessment and business impact analysis (BIA) with
respect to cyber-attacks and the latest emerging threats and vulnerabilities in the cyber space.
However, the bank’s information security manager and business department manager don’t seem to
agree on who will ultimately be responsible for detailed evaluation of the results and risk analysis.
Which of the following would be the best cause of action in these circumstances?
A. Acceptance and implementation of the information security manager’s decision on the risk
to the bank
B. Acceptance and implementation of the business department manager’s decision on the risk
to the bank
C. Creation of a new risk assessment and BIA plan to iron out the differences
T he correct answer is D.
Senior management and executives have a critical role to play in the evaluation and management of
cyber risk, and the Basel Committee Report on Cyber Resilience notes as much. Just like with other
risks, the senior management is ultimately responsible for propagating and maintaining cyber
resilience in their institutions. T he senior management has a role to streamline and resolve any
issues that might come up in the process of putting in place a working solution against cyber risk.
88
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4478 In the context of cyber-resilience practices, which of the following is/are considered (a)
third-party(ies)?
B. Computer hardware
C. T rading platforms
T he correct answer is D.
To establish a clear understanding of the practices associated with cyber-resilience, third-parties are
taken as:
Standardized and non-standardized services and products (not considers outsourcing) such
Q.4479 Assume that you are a human resource manager at a reputable bank. Your bank has advertised
the supply chain manager post, which you are entrusted to shortlist the candidates based on their
qualifications. Based on the Basel committee report on regulated institutions, what are the required
qualifications for the candidates you should look for?
T he correct answer is D.
T he personnel who are certified by Certified Information Systems Security Professionals or any
other institutions that complies with ISO 9001 Quality Management System provides an extra
assurance that the personnel have the required qualifications to manage third-party connections. T he
personnel should be able to manage the associated risks beyond compliance.
89
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4480 According to the Basel Committee report on regulated institutions, information sharing from
the banks to regulators has some advantages, which includes:
A. I and II
B. I and III
C. II and III
D. I and IV
T he correct answer is D.
A robust cyber-risk response framework can be developed through the active sharing of
90
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
T he correct answer is C.
Cyber resilience is the ability of an organization to continue to carry out its mission by anticipating
and adapting to cyber threats and other relevant changes in the environment and by withstanding,
containing and rapidly recovering from cyber incidents
Q.4482 Assume that you are a cyber risk manager for a regulated company in a country where
cybersecurity regulations are absent. What is the best course of action you should take to ensure
that your company is secured against cyber threats?
A. Implement the international standard and use prescribed guidance and supervisory
practices
T he correct answer is A.
In areas where specific cybersecurity regulations are absent, the supervisors encourage the
regulated organizations to implement the international standard and use prescribed guidance and
supervisory practices according to hierarchical initiatives of national cyber agencies.
Opti ons C and D are i ncorrect: T he question suggests that there are no cyber regulations in this
91
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4483 In the context of cyber governance, as described in the Basel Committee report on regulated
institutions, one of the following statements is INCORRECT about cyber-security strategy?
D. T he financial institutions might develop their way of cybersecurity strategies, but they
should comply with the principled-based risk management practices
T he correct answer is A.
strategy, policy, and procedures based on the rule of effective oversight of technology.
Opti ons C and D are true: T hey are among the three types of non-mutually regulatory types of
92
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4484 According to the Basel Committee’s report on the regulated institutions, cyber risk
awareness and risk culture is enhanced through:
B. Having effective processes and controls that ensure that employees, contractors, and
third-party dealers understand their roles and responsibilities in the quest to reduce the risk
of theft, fraud, or misuse of the institution’s facilities
T he correct answer is D.
Regulators require that cyber training should be incorporated in all phases of employment-
recruitment to the termination. In some jurisdictions, regulators determine whether the banks have
effective processes and controls that ensure that employees, contractors, and third-party dealers
understand their roles and responsibilities in the quest to reduce the risk of theft, fraud, or misuse of
the institution’s facilities.
Lastly, most of the regulators advocate for the establishment of a common risk culture to ensure
93
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5110 Which of the following is not an example of an involuntary disclosure under the taxonomy of
information security risks?
A. Database loss
B. Virus infection
C. System disruptions
T he correct answer is B.
Virus hacking is an example of data theft/corruption under external causes. Other examples of
theft/corruption include hacking and phishing, theft, and transfer of digital/physical information,
Examples of loss/involuntary disclosure include disaster, systems disruptions, database loss, loss of
devices by staff members, loss of printed documents and errors or accidental mentions of
94
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5111 Which of the following is not one of the five guidelines offered by T he National Institute of
Standards and Technology (NIST ) on cybersecurity standards?
A. Identify
B. Protect
C. Mitigate
D. Recover
T he correct answer is C.
Mitigate is not one of the five guidelines offered by T he National Institute of Standards and
T he National Institute of Standards and Technology (NIST ) provides a framework for cybersecurity,
Identi fy: T his step involves identifying and understanding the risks, threats, and vulnerabilities that
Protect: T his step involves implementing appropriate safeguards to ensure the confidentiality,
Detect: T his step involves continuously monitoring the organization's information and systems to
Respond: T his step involves having a plan in place to respond to any detected cybersecurity events,
Recover: T his step involves Repairing and restoring damaged equipment and network components
after an attack and informing staff and clients of your response and recovery efforts.
95
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
A. Database loss
C. Systems disruptions
T he correct answer is C.
External causes of information security risks are factors that originate outside of the organization
but can still impact the confidentiality, integrity, and availability of information and systems. Examples
of external causes include system disruptions, hacking, phishing, theft, or transfer of digital/physical
information
Opti ons A, B, and D are examples of internal causes of information security risks. T hese are
factors that originate within the organization and can impact the confidentiality, integrity, and
availability of information and systems. Examples of internal causes include database loss, loss of
printed documents, departing employees taking proprietary information, and errors or accidental
96
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5113 Which of the following five guidelines offered by T he National Institute of Standards and
Technology (NIST ) on cybersecurity standards is related to reporting an attack to law enforcement
and other authorities?
A. Recover
B. Respond
C. Protect
D. Detect
T he correct answer is B.
T he respond guideline creates and regularly tests a plan for reporting an attack to law enforcement
A i s i ncorrect. T he recover guideline attempts to ensures that after an attack, there is repairing
and restoring of the equipment and parts of your network that were affected, as well as keeping
C i s i ncorrect. T he protect guideline attempts to ensure that there are controls on who logs into
networks, encryption of sensitive data, updating of security regularly and having formal policies for
97
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5114 Which of the following is not one of the actions under the respond guideline of the National
Institute of Standards and Technology (NIST ) on cybersecurity standards?
T he correct answer is C.
Investigating any unusual activities on your network or by your staff is an action under the ‘detect’
guideline of the National Institute of Standards and Technology (NIST ) on cybersecurity standards.
T here are six actions under the respond guideline of the National Institute of Standards and
Preparing for inadvertent events (like weather emergencies) that may put data at risk.
98
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5115 Which of the following is a category of informational controls that address actions taken by
people when it comes to handling and protecting information?
A. Technical controls
B. Behavioral controls
C. Prevention controls
D. Detection controls
T he correct answer is B.
T here are two broad categories of informational controls: Behavioral and technical controls.
Behavioral controls are a category of informational controls that address actions taken by people
when it comes to handling and protecting information. Behavioral controls are a type of
administrative control that focuses on influencing the behavior of people within an organization to
reduce information security risks. Examples of behavioral controls include security awareness
A i s i ncorrect. Technical controls are controls that use technology to manage information security
C i s i ncorrect. Prevention controls are controls that aim to prevent security incidents from
D i s i ncorrect. Detection controls are controls that aim to detect and respond to security
incidents, such as intrusion detection systems, security monitoring, and incident response plans.
Q.5116 Which of the following is not a requirement for a company to be certified as ISO27001
compliant?
A. Have an Information Security Management System (ISMS) that manages its information
security risks
99
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
controls
T he correct answer is D.
response and recovery from cybersecurity incidents. T his is not a requirement for a company to be
Create and implement an Information Security Management System (ISMS) that manages
information security risks and ensures information confidentiality, integrity, and availability.
Create and implement a risk management strategy to address the identified risks.
Establish and enforce information security controls to keep risks to a manageable level.
Create a process for monitoring, measuring, analyzing, and evaluating the ISMS's
performance.
Improve the ISMS on a continuous basis based on the results of the monitoring and
evaluation process.
Employees should be trained and made aware of the risks to information security and the
Conduct regular internal audits to ensure that the ISMS is working properly and efficiently.
Undergo external audits by an accredited certification body to ensure compliance with the
Create a procedure for responding to and managing information security incidents, as well
100
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5117 A risk manager at a large bank claims that when talking about information control, it is
important to consider the different types or categories of control that exist. T hese categories can
provide a framework for understanding how information is being controlled, who has control over it,
and what the implications of that control may be. Which of the following is a correct category of
information control?
A. Protect
B. Recover
C. Behavioral
D. Detect
T he correct answer is C.
Behavioral controls: T hese involve putting policies, procedures, and training programs in
place to influence the behavior of people who handle sensitive information. T his
solutions are used to manage access to information and protect it from various threats. To
secure information systems and applications, technical controls may be set up at various
levels, including hardware, software, and network layers. Firewalls, intrusion detection and
prevention systems, encryption, access controls, and monitoring tools are examples of
technical controls.
Opti ons A, B, and D are i ncorrect. T hese are guidelines offered by the National Institute of
101
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5118 Which of the following five guidelines offered by T he National Institute of Standards and
Technology (NIST ) on cybersecurity standards involves creating and sharing a company
cybersecurity policy that covers roles and responsibilities of employees?
A. Recover
B. Protect
C. Identify
D. Detect
T he correct answer is C.
T he identify guideline makes a list of all equipment, software, and data used by the company as well
as creating and sharing a company cybersecurity policy that covers roles and responsibilities of
employees.
A i s i ncorrect. T he recover guideline attempts to ensures that after an attack, there is repairing
and restoring of the equipment and parts of your network that were affected, as well as keeping
B i s i ncorrect. T he protect guideline attempts to ensure that there are controls on who logs into
networks, encryption of sensitive data, updating of security regularly and having formal policies for
102
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5119 Which of the following actions does not fall under the ‘protect’ step of the National Institute
of Standards and Technology (NIST ) guidelines?
T he correct answer is C.
Creating a company cybersecurity policy that covers roles and responsibilities of employees is a
step under 'identity' in the National Institute of Standards and Technology (NIST ).
Under the ‘protect’ step of the National Institute of Standards and Technology (NIST ) guidelines, a
company should:
control who logs on to their network and uses your computers and other devices;
have formal policies for safely disposing of electronic files and old devices; and
train everyone who uses your computers, devices, and network about cybersecurity.
103
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
104
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2986 A Russian money launder sends corruption proceeds to a foreign bank account of a
corporation X. A new Russian investment company Y is incorporated where he is appointed a
director. To invest in real estate in Russia, the new company borrows from corporation X. T he
estate is rented out to members of the public and the funds used to repay the loan. What is the
common name given to this method of laundering?
A. Manipulation of loan
C. Loan back
D. Layering
T he correct answer is C.
"Loan back" refers to a money laundering technique in which illicit funds are routed through a front
company before being transferred back to the launderer via a loan or other financial transaction.
T his gives the appearance of a legitimate loan or investment, and the funds can be used for additional
A i s i ncorrect. Loan manipulation is a type of loan fraud in which a borrower provides misleading
or inaccurate information in order to obtain a loan or changes the terms of an existing loan without
B i s i ncorrect. Real estate transactions offsetting refers to a is a legal practice in the real estate
industry in which profits from one real estate transaction are used to offset losses from another.
However, in this case, it refers to using real estate transactions to launder money by drastically
increasing the value of a property, buying and selling properties quickly to generate large profits, or
D i s i ncorrect. Layering is a type of money laundering in which illicit funds are moved through a
complex series of transactions or accounts to conceal their origin and make tracing them difficult.
T here is evidence of funds being moved through multiple accounts in the scenario described, but
there is no evidence of complex transactions or accounts being used to conceal the origin of the
funds.
105
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2987 Which of the following is the main driver behind the Know Your Customer (KYC) programs
outlined in the Basel Committee's papers on customer due diligence for banks?
D. Customer protection.
T he correct answer is A.
T he primary motivation for the KYC programs outlined in the Basel Committee's papers on customer
due diligence for banks is to prevent money laundering, terrorist financing, and other financial crimes
that can jeopardize the banking system's integrity. KYC programs assist banks in identifying and
verifying their customers' identities, assessing the risks associated with their activities, and
counter-terrorism financing, but the Basel Committee develops guidelines for banks to use in their
KYC programs.
C i s i ncorrect. Protecting the integrity of the capital markets is an important consideration for
KYC programs. However, it is not a primary motivation behind the KYC programs outlined in the
D i s i ncorrect. Customer protection is not a primary motivation. KYC programs help banks to
identify and verify the identity of their customers, assess the risks associated with their activities,
106
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2988 What is the most useful report to be used by a bank’s anti-money laundering representative
to inform the senior management concerning the progress of the anti-money laundering program in
the organization?
T he correct answer is D.
Reports on audit and examination results would be the most useful report for informing senior
management about the organization's anti-money laundering program's progress. T his report would
provide an in-depth look at the organization's anti-money laundering program, highlighting its
strengths and weaknesses. It would contain information on any audits or examinations that have
taken place, as well as any findings or recommendations made by auditors or examiners. T he report
would also detail any actions taken in response to these findings, as well as any improvements or
A i s i ncorrect. T hese details are typically related to specific cases and investigations, rather than
B i s i ncorrect. Credit exposure report: A credit exposure report provides information about the
amount of credit risk the bank is exposed to, but it is not necessarily related to the progress of the
C i s i ncorrect. While changes in management can impact the program's effectiveness, this
information does not provide an overview of the program's progress or its strengths and
weaknesses.
107
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2989 A suspected individual in a bank is being investigated for money laundering. T hree of the
following are important financial records the anti-money laundering team should provide to the legal
representatives. Which one is NOT ?
A. All wire transfer for the individual for the said period of time.
C. Security trading activities for the individual during the time provided.
D. T he individual’s monthly statement and transaction activities over the period involved.
T he correct answer is B.
With signature cards, banks can identify rightful signatories for personal or business accounts and is
therefore not sufficient enough record for investigating money launderers.
C. Global presence enabling national and international operations and financial transactions
T he correct answer is B.
T he listing as a government non-profit organization is NOT a feature that can facilitate the misuse of
Terrorists may be drawn to non-profit organizations (NPOs) because they can provide a legitimate-
appearing cover for the transfer of funds. T here are several characteristics that can facilitate the
misuse of NPOs for terrorist financing, but one of them is being listed as a government non-profit
organization. Indeed, being government-listed may subject an NPO to more stringent regulations and
T he other options are characteristics that can facilitate the misuse of NPOs for financing terrorism
108
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2991 Blackest Bank wants to promote an anti-money laundering culture. Which of the following is
an appropriate action by the senior management to enable them to achieve the said task?
B. T he management should have close ties with the anti-money laundering program’s
independent auditors.
C. Employee’s compensation should be based on the how many suspicious activities they
engage in.
T he correct answer is A.
By signing a pact to complying with anti-money laundering procedures, employees are legally liable
for any misconduct regarding corruption and laundering.
109
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3121 A new customer walks into a bank and requests to open a commercial account. In the
process, the customer provides an address for the account located across the city. He reveals that
he is also interested in opening a personal stocks trading account. He goes a head to ask how deposits
can be made into his account and if there are any additional identification documents required, and
how to go about moving balances out of the account using wire transfers. He does not ask any
questions regarding the fees associated with these transactions. What red flags should the account
representative look out for during the onboarding process for this new customer?
A. T he customer provides an address for the account located across the city from the
branch.
C. T he customer asks questions about how to make deposits and move balances out of the
account using wire transfers.
D. T he customer does not ask any questions regarding the fees associated with transactions.
T he correct answer is B.
T he customer expressing interest in opening a personal stocks trading account should be a red flag
for the account representative during the onboarding process for this new customer. T his could be
an indication that the customer is looking to move funds around or engage in other suspicious
activities.
A i s i ncorrect. T he customer providing an address for the account that is across town from the
branch is not necessarily a red flag, as many customers live or work far away from the bank branch
C i s i ncorrect. T he customer inquiring about how to make deposits and transfer balances out of
the account via wire transfers is not necessarily a red flag, as these are legitimate questions that any
D i s i ncorrect. A customer who does not ask questions about transaction fees is not necessarily a
red flag, as some customers may be more concerned with other aspects of their account and are less
interested in the fees. However, the account representative should still make sure that the
110
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3122 Under what circumstances may a bank rely on a third party for customer due diligence
(CDD)?
A. When the third party has an established business relationship with the customer.
B. When the third party is a bank or financial institution, regardless of the nature of the
relationship with the customer.
C. When the third party is subject to different levels of supervision and regulation than the
bank, but is able to demonstrate a strict AML/CFT program.
D. When the bank conducts periodic checks to ensure the third party's CDD process is more
comprehensive than its own.
T he correct answer is A.
A bank may rely on a third party for customer due diligence When the third party has an established
business relationship with the customer and the bank establishes a written document acknowledging
the reliance on the other party's CDD processes.
B i s i ncorrect. In some jurisdictions, banks can only rely on CDD from fellow banks and financial
institutions.
C i s i ncorrect. T he third-party should be subject to the same level of supervision and regulation as
the bank.
D i s i ncorrect. T he bank should conduct periodic checks to ensure that the third party's CDD
111
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3123 A bank in Italy holds a business account for an Italian company that sells suits throughout
Europe and North America. Information provided during the account opening process states that the
purpose of this account is to receive payment for sales. A year-long review of the account shows a
pattern of wire transfers coming from pass-through accounts. T here are also significant transactions
involving purchases of garment and cotton from China and India. T he MOST important factor in
assessing whether money laundering is a threat is that:
C. Account holder maintains raw materials rather than finished pieces of clothing.
T he correct answer is B.
T hat the money comes from third parties through pass-through accounts raises the toughest
questions about the integrity of the account. Pass-through (payable-through) accounts are accounts
through which banking agencies extend money transfer privileges to the customers of other
institutions, often foreign banks. PTAs may be prone to higher risk because banks do not subject the
foreign customers to the same level of due diligence as domestic customers who want to open
checking and other accounts. It’s possible that the money wired into the account comes from illicit
activity.
112
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3124 Which of the following is the main role of supervisors in banks under the Anti-Money
Laundering (AML) and Countering Financing of Terrorism (CFT ) framework put forth by the Basel
Committee?
C. Evaluating whether the reporting entity has an appropriate and reasonable risk
assessment, and an AML/CFT programme that reflects inherent risks.
D. Helping banks to develop a sound AML/CFT risk management system that can keep track
of all customer transactions.
T he correct answer is C.
T he role of supervisors is to independently scrutinize and verify AML/CFT policies and procedures.
T hey have a mandate to ensure that banks in their jurisdiction maintain sound ML/FT risk
management to protect the integrity of both the banks and the financial system as a whole.
A is incorrect. Approval and oversight is the responsibility of the board.
113
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3125 What is the role of the AML/CFT chief officer in the second layer of defense in anti-money
laundering and countering the financing of terrorism?
T he correct answer is B.
T he AML/CFT chief officer is responsible for continuously monitoring the bank's compliance with
AML/CFT duties as part of the second layer of defense in anti-money laundering and countering the
financing of terrorism. T his includes conducting sample testing to ensure compliance and reviewing
exception reports to alert senior management or the board of directors if there are concerns that
A i s i ncorrect. Customer due diligence checks are typically conducted by the first line of defense,
D i s i ncorrect. Reviewing and approving high-risk transactions is typically the responsibility of the
114
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3126 Paul Khan, a risk manager at the bank of India, is presenting to the board of directors on
important AML/CFT considerations including responsibilities of various components of AML/CFT
governance. What is the responsibility of internal audit in the bank's AML/CFT policies and
procedures?
T he correct answer is C.
T he internal audit is responsible for evaluating the effectiveness of risk management and controls in
the bank's AML/CFT policies and procedures. T hey report their findings to the board of directors'
A i s i ncorrect. Monitoring customer transactions is typically the responsibility of the first line of
B i s i ncorrect. Approving new customer accounts is typically the responsibility of the second line
D i s i ncorrect. Developing AML/CFT policies and procedures is typically the responsibility of the
115
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
A. T he supervisor
D. Customer-facing activities
T he correct answer is A.
Line 2: Chief Officer in charge of AML/CFT, the compliance function, and human resources or
technology. T he chief AML/CFT officer should be in charge of continuous monitoring of all ML/FT
objectives.
Line 3: Internal audit office: T he office should regularly perform an independent assessment of the
AML/CFT policies and procedures and seek to find out whether such policies are being followed to
the letter.
Q.3128 What is the reasoning behind implementing a “risk-based anti-money laundering and combating
financial terrorism approach”?
A. It allows banks to focus on selling products that surpass a specified “hurdle” rate of
return.
C. Banks can best detect instances of money laundering by customers where the money
laundering risks are high.
T he correct answer is C.
A bank should consider all the relevant inherent and residual risk factors at the country, sectoral,
bank, and business relationship level, among others, to determine its risk profile. A risk-based
AML/CFT approach ensures that the bank comes up with customers' risk profiles as guided by the
nature and amount of their transactions. T he bank can even place accounts in distinct groups
depending on the level of risk posed, making it easier to identify and flag suspicious activity.
116
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3129 Simon works as the chief risk officer at XYZ Bank. He is looking at the transactions of one of
the bank’s customers, Mr. Lincoln, a commercial account holder and owner of a check cashing
company. Over the last eight months, Mr. Lincoln has made multiple check deposits but not a single
withdrawal of cash against those deposits. Mr. Lincoln also deposited two checks for US$10,000 each
that were issued by an infamous casino in town. When checking the account’s details, Simon finds
out that during account opening, Mr. Lincoln went to great lengths to establish the various fees and
commisions attached to his account. Mr. Lincoln also has a savings account at the bank, but it has had
little activity over the same period. What should arouse Simon’s suspicion the most? Mr. Lincoln:
T he correct answer is D.
Check cashing companies, also known as money services businesses, provide customers with an
easy way to turn their checks into cash without having to rely on a bank account. As such, one would
expect to see deposit activity that’s commensurate with cash withdrawals as the money is released
to the relevant persons. T hat this did not happen for a prolonged period raises questions as to the
source of the check deposits.
117
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3130 A large banking group has an AML compliance program that addresses procedures for filing
Suspicious T ransaction Reports and includes policies, procedures and internal controls for customer
identification, information sharing, account monitoring, and identifying money laundering red flags.
Each of the bank’s 12 branches undergoes mandatory AML/CFT trainings in April and November
each year, all conducted as online conferences via a video link. T he board does not take the Internet
training. Instead, the chief risk officer organizes a luncheon at the head office where an outsider
comes in and trains them. T he program provides for the appointment of a chief ALM/CFT officer,
and twice a year the chief ALM/CFT officer conducts an audit of the ALM/CFT framework. In what
respect does the program need improvement?
B. Employees should be trained in a classroom, not via the internet because physical training
is better.
C. T he group should consolidate the training sessions across its subsidiaries into a single
event.
D. T he AML/CFT program should be tested by an independent party, not the chief ALM/CFT
officer.
T he correct answer is D.
Internal audit, the third line of defense, plays an important role in independently evaluating a bank’s
risk management and controls. T he office should be sufficiently independent so that adherence to the
various policies and procedures is assessed without compromise. Since the chief risk officer doubles
up as the developer and advisor on matters ALM and FT, there could be a conflict of interest if they
were to assess the same policies and procedures that they have developed.
118
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5120 An operational risk manager at the bank is presenting on financial crimes and fraud. He starts
his presentation by defining financial crime. Which of the following is the correct definition of a
financial crime?
T he correct answer is A.
According to the Financial Conduct Authority's (FCA) Handbook of the UK, financial crime refers to
"any kind of criminal conduct relating to money or to financial services or markets, including any
offence involving: fraud or dishonesty; or misconduct in, or misuse of information relating to, a
Q.5121 Different countries may have different laws against money laundering and terrorism
financing. On 20 May 2015, the European Parliament and Council issued a directive to prevent the
use of the financial system for money laundering or terrorist financing. According to the European
Union, which of the following activities are considered money laundering?
119
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
C. Any intentional violation of the law or of internal policies perpetrated by the firm's
employees
D. Getting the money out to use while evading taxes and law enforcement through activities
such as fake payments to employees, fake loans, or dividends to accomplices
T he correct answer is A.
On 20 May 2015, the European Parliament and Council issued a directive to prevent the use of the
financial system for money laundering or terrorist financing. According to article 1 of this directive,
C i s i ncorrect. T his is just a sub-category of internal fraud. Internal fraud can be of two types:
"unauthorized activities" and "theft and fraud." "Unauthorized activities" may lead to loss of money
for the organization, and it also includes any intentional violation of the law or of internal policies
D i s i ncorrect. T his is among the phases of money laundering. i.e., Integration or extraction. Other
120
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5122 A risk manager at a large bank states that the bank has zero tolerance for internal fraud. He
goes ahead to highlight that the bank has a robust framework of controls and measures to mitigate
internal fraud risks. Which of the following is a component of such a framework?
A. Inspections
B. Selection
C. Placement
D. Layering
T he correct answer is B.
T he following are the components of a framework of controls and measures to mitigate internal
fraud risks:
A i s i ncorrect. Historically, the internal audit department was responsible for managing internal
and external fraud for banks. Some banks used to have "inspections," which was a subdivision of the
121
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5123 An operational risk manager at a bank has asked a junior analyst to prepare a presentation on
AML risk management to be presented to the board's risk committee. Which of the following
controls falls under the ''deterrents" step of AML controls?
D. Legal pursuits
T he correct answer is D.
Deterrents are sanctions and actions announced following any act of fraud. Deterrents also
disincentivize employees to commit fraud, thus promoting the risk-reward balance. Deterrents
include escalation to relevant financial intelligence unit (FIU), Legal pursuits, and closure of
accounts.
122
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5124 A newly hired money laundering risk officer is presenting on AML risk management. He
highlights that it is common for criminals to disguise the proceeds of their criminal activities into
legitimate sources of funds in two or three phases. Which of the following is a phase of money
laundering?
A. Placement
B. Deterrent
C. Detection
D. Protection
T he correct answer is A.
It is common for criminals to disguise the proceeds of their criminal activities into legitimate
sources of funds in two or three phases. T he following are the three phases of money laundering:
1. Placement: involves all methods intended to disguise the origins of the funds: cash transfer to
business, false invoicing, use of trusts and offshore companies, "smurfing" (keeping a bank
account or credit card under the AML reporting threshold by making a series of small
transactions rather than a single large transaction), using foreign bank accounts, etc.
2. Layering: involves different placement and extraction strategies to make tracking
transactions as difficult as possible and circumvent AML controls.
3. Integration or extraction: involves getting the money out to use while evading taxes and law
enforcement through activities such as fake payments to employees, fake loans, or dividends
to accomplices.
123
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5125 T he CEO of a bank highlights that the bank is practicing comprehensive AML risk
management. Which of the following statements would justify the CEO's claim that the bank is
practicing comprehensive Anti-Money Laundering (AML) risk management?
C. T he bank has hired a new CEO with extensive experience in AML risk management.
T he correct answer is A.
Comprehensive AML risk management entails developing and putting in place strong policies,
procedures, and controls to prevent money laundering and terrorism financing. Customer due
diligence (CDD) is an important component of AML risk management that requires the bank to
perform background checks and verify customers' identities. T he bank is taking a proactive
approach to mitigating AML risks and complying with regulatory requirements by establishing robust
CDD procedures.
B i s i ncorrect. T he fact that the bank has never had a customer involved in a money laundering
scheme is not sufficient evidence to support the claim that the bank is practicing comprehensive
AML risk management. T he bank may simply have been lucky and not yet detected any such activity.
C i s i ncorrect. T he fact that the bank has hired a new CEO with extensive experience in AML risk
management is not enough to justify the claim that the bank is practicing comprehensive AML risk
management. While having a knowledgeable CEO is important, the bank's policies and procedures
AML risk management. However, it alone is not sufficient evidence to justify the claim that the bank
is practicing comprehensive AML risk management. T he bank must have a robust AML program in
place, including customer due diligence, transaction monitoring, and training for employees.
124
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5126 In its 2022 report, the FCA examines financial crime controls at challenger banks, which are
fully digital and offer customers the ability to open accounts very quickly. Which of the following is a
key finding highlighted by UK regulators in their examination of financial crime controls at challenger
banks in their 2022 report?
A. Challenger banks tend to perform better than traditional banks in identifying higher-risk
customers.
B. Challenger banks need to improve their systems for identifying and verifying customer
information.
C. Challenger banks are not required to follow AML regulations because they operate fully
digitally.
D. T raditional banks are more susceptible to financial crime than challenger banks.
T he correct answer is B.
T he key finding highlighted by the UK regulators in their examination of financial crime controls at
challenger banks in their 2022 report is that challenger banks need to improve their systems for
identifying and verifying customer information. T he report highlights the risk that accounts opening
information may be insufficient to identify higher-risk customers, which makes it difficult for
challenger banks to effectively manage their AML risks. T herefore, the regulators are
recommending that challenger banks improve their systems for identifying and verifying customer
information.
A i s i ncorrect. T he claim that challenger banks tend to perform better than traditional banks in
identifying higher-risk customers is not highlighted in the report. In fact, the report highlights the
risk that accounts opening information may be insufficient to identify higher-risk customers.
C i s i ncorrect. Just like traditional banks, challenger banks are subject to AML regulations and must
D i s i ncorrect. T he claim that traditional banks are more susceptible to financial crime than
challenger banks is highlighted in the report. While the report does not directly compare the
susceptibility of traditional banks and challenger banks to financial crime, it highlights the need for
challenger banks to improve their systems for identifying and verifying customer information to
125
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5127 Which of the following is a lesson learned from the USAA Federal Savings Bank (FSB) case
study, where it was fined $140 million by the Financial Crimes Enforcement Network (FinCEN) and
the Office of the Comptroller of the Currency (OCC) for failing to implement and maintain a
BSA/AML compliance program?
C. Banks should minimize their reporting of suspicious activities to avoid regulatory scrutiny.
D. Banks should shift their compliance focus away from AML to other areas such as
cybersecurity.
T he correct answer is B.
T he USAA FSB case study highlights the importance of implementing and maintaining a robust Bank
was fined $140 million for failing to implement and maintain a BSA/AML compliance program, which
put the bank at risk for money laundering and terrorist financing activities. T herefore, the lesson
learned from this case is that banks should prioritize BSA/AML compliance to avoid penalties and
regulatory scrutiny.
C i s i ncorrect. Banks are required by law to report suspicious activities to regulatory authorities,
D i s i ncorrect. While cybersecurity is a critical area of concern for banks, AML compliance is also
essential for preventing money laundering and terrorist financing activities. Banks must have robust
126
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5128 A junior analyst is analyzing the USAA Federal Savings Bank (FSB) case in which FinCEN and
OCC charged USAA FSB $140 million. Which of the following is the main reason why USAA FSB was
fined $140 million?
T he correct answer is C.
T he main reason why USAA FSB was fined $140 million by FinCEN and OCC was for failing to
implement and maintain a Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program.
Deficiencies pointed out include inadequate internal controls; detection, evaluation, and reporting of
suspicious activity; staffing; training, and third-party risk management, as well as significantly
requirements put it at risk for money laundering and terrorist financing activities.
A i s i ncorrect. Interest rates are not related to the bank's BSA/AML compliance program.
B i s i ncorrect. Customer service is not related to the bank's BSA/AML compliance program.
D i s i ncorrect. While technology can assist with compliance, the failure to invest in innovative
financial technology is not related to the bank's failure to implement and maintain a BSA/AML
compliance program.
127
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2318 T ummers Bank from New York, USA, is considering outsourcing some of its activities to a
third party. Which of the following risks (among others) should the bank consider before making a
final decision?
T he correct answer is B.
Financial institutions should consider the following risks before entering into (and also during)
outsourcing arrangements.
Compliance risks
Concentration risks
Reputational risks
Country risks
Operational risks
Legal risks
128
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2319 A bank based in Texas, USA, is considering outsourcing its human resource activities from an
HR agency. Its risk management team is considering all potential risks that could arise from this
arrangement, particularly compliance risks. Which of the following would qualify as a compliance
risk?
T he correct answer is A.
Compl i ance ri sk arises when a service provider fails to comply with existing laws and regulations.
Advertising jobs without regard to existing labor laws could be interpreted as an act of condoning
integrity and can expose the bank to lawsuits sponsored by the government or some other regulatory
body.
Q.2321 LAB Bank from Los Angeles, USA, is considering outsourcing its IT activities to East IT India,
an Indian company. East IT India would provide the bank with IT services such as database hosting,
software development and maintenance, problem-solving, etc. Which risk should be specially taken
into consideration while making the final decision about this arrangement?
A. Outsourcing risk
B. Operational risk
C. Country risk
D. Competency risk
T he correct answer is C.
Country ri sk s arise when a financial institution engages a foreign-based service provider, exposing
the institution to possible economic, social, and political conditions and events from the country
where the provider is located. In this scenario, the bank would be exposing itself to possible
economic/political/infrastructural risks in India.
129
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2322 New Savings Bank from Texas, USA, recently outsourced its IT services to Novel IT
Service company (NIS) from Los Angeles, USA. NIS has a rich history spanning several decades but
has recently been the subject of public criticism for various legal violations, as well as poor service
delivery, punctuated by costly delays. NIS has most likely exposed the bank to:
A. Outsourcing risk
B. Credit risk
C. Reputational risk
D. Concentration risk
T he correct answer is C.
Reputati onal ri sk s arise when actions or poor performance of a service provider cause the
public to form a negative opinion about a financial institution.
A. After the outsourcing of an activity, all responsibility with regard to outsourced activities
is transferred to the third party.
B. After the outsourcing of an activity, the third party and senior management have partial
responsibility.
C. After the outsourcing of an activity, senior management is still responsible for normal
functioning of the bank.
T he correct answer is C.
T he use of service providers does not relieve a financial institution's board of directors and senior
management of their responsibility to ensure that outsourced activities are conducted in a safe-and-
sound manner and in compliance with applicable laws and regulations. Policies governing the use of
service providers should be established and approved by the board of directors, or an executive
committee of the board. Note that option B is incorrect. T here's nothing like “partial” responsibility
in the context of outsourcing.
130
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2324 WPC performs an audit on financial statements of Anderson Bank. After performing really
well, the bank decides to offer the company an internal audit role in addition to the existing role. T he
move exposes the bank to:
A. Country risk
B. Operational risk
C. Reputational risk
D. Compliance risk
T he correct answer is D.
Compliance risks arise when the services, products, or activities of a service provider fail to comply
with applicable U.S. laws and regulations.
T he Sarbanes-Oxley Act of 2002 specifically prohibits a registered public accounting firm from
performing certain non-audit services for a public company client for whom it performs financial
statement audits.
A. No, because the bank should only be concerned with country risk.
C. Yes, in order to access the financial stability and integrity of the service provider.
T he correct answer is C.
Financial institutions should review the financial condition of the service provider and its closely-
related affiliates. A bad financial condition may be an indicator of potential problems in the future
which could result in interruption of service providing etc.
131
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2326 Sandero bank from Carrington, North Dakota, is considering outsourcing part of its IT
services to a third party. Such a move will most likely involve sharing of some nonpublic personal
information about the bank's customers with the third party. Should the bank go ahead with its plan?
A. No, all outsourcing activities that can reasonably be expected to expose nonpublic
personal information are forbidden.
B. Yes, but the bank should refrain from sharing all nonpublic personal information.
C. Yes, the bank could outsource an activity which requires usage of nonpublic personal
information, but the service provider must comply with applicable privacy laws and
regulation.
D. No, because such a move would open doors to possible lawsuits by aggrieved customers.
T he correct answer is C.
If service providers handle any of the financial institution customer's Nonpublic Personal
Information (NPPI), the service providers must comply with applicable privacy laws and regulations.
132
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2327 Fort Worth Bank from Texas, USA, is considering outsourcing its retail loans collection
process to ICAP, a service provider from Mexico. What should its risk management team do?
T he correct answer is D.
While the activities necessary to implement an effective service provider risk management program
can vary based on the scope and nature of a financial institution's outsourced activities, effective
a. Risk assessments;
b. Due diligence and selection of service providers;
c. Contract provisions and considerations;
d. Incentive compensation review;
e. Oversight and monitoring of service providers; and
f. Business continuity and contingency plans.
133
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2328 A certain bank based in the United States has developed a sound, effective program for
assessment of all outsourcing activities. Some of the elements of the program have a lot to do with
due diligence analyses and the selection of providers. According to good industry practice, due
diligence analyses and selection of providers should include:
T he correct answer is C.
T he overall due diligence process includes a review of the service provider with regard to:
134
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2329 A bank based in Palermo, Italy, is considering outsourcing its IT services and is preparing a
review of financial condition of IAM Systems – the most popular service provider in town. Which of
the following would not form part of the financial review process?
D. T he potential impact of the provider’s past clients on the bank’s financial condition.
T he correct answer is D.
Financial institutions should review the financial condition of the service provider and its closely-
T he service provider's most recent financial statements and annual report with regard to
T he service provider's sustainability, including factors such as the length of time that the
service provider has been in business and the service provider's growth of market share
The potenti al i mpact of the fi nanci al i nsti tuti on's busi ness rel ati onshi p on the
provide the contracted services to the financial institution for the duration of the contract
The adequacy of the servi ce provi der's revi ew of the fi nanci al condi ti on of any
subcontractors
Other current issues the service provider may be facing that could affect future financial
performance
135
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2330 Stroud Bank from Gloucester, UK, is in the process of executing a major merger. T he bank
will be outsourcing the activities related to the relocation of facilities, as required by the merger,
which should take considerable efforts. T he bank is reviewing operations and internal controls of
several service providers in order to make an informed decision. Which of the following should not
be included in the review?
T he correct answer is B.
Financial institutions should evaluate the adequacy of standards, policies, and procedures (of service
providers). Depending on the characteristics of the outsourced activity, some or all of the following
Internal controls;
136
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2331 Coulomb Bank from Montpellier, France, is preparing a contract for outsourcing of several
of its activities. T he bank’s legal staff is describing the scope of contract defining the relationship
between the bank and service provider. Which of the following (among other rights and
responsibilities of each party) should be included in the contract?
A. Terms governing the use of the bank’s property, equipment, and staff.
T he correct answer is C.
Scope: Contracts should clearly define the rights and responsibilities of each party, including:
Contract timeframes;
customers;
Terms governi ng the use of the fi nanci al i nsti tuti on's property, equi pment, and
staff.
137
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2993 Which of the following tasks is NOT necessarily executed by the financial institution in the
course of preparing contingency plans?
A. Ensuring that there is the existence of a disaster recovery and business continuity plan,
regarding the services and products contracted.
B. T he service provider’s disaster recovery and business continuity plan should be assessed
by the financial institution, to ensure they align with that of their own.
C. T he business continuity and contingency plan of the service provider should be tested on
a periodic basis by the financial institution to ensure they are adequate and effective.
D. T he financial institution should ensure that the foreign-based service providers are
complying with their country’s regulations and regulatory guidance.
T he correct answer is D.
Ensuring compliance to the rules and regulations and regulatory guidance in the country which the
financial institution is located, despite being important and done by the financial institution, is not
necessarily executed by the financial institution when preparing contingency plans.
138
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5257 Which of the following best describes the key elements of contracts and agreements related
to the cost and compensation of service providers?
A. Contracts and agreements should only describe the compensation to be paid to the service
provider without addressing any other related expenses.
B. Contracts and agreements should only address the payment of legal, audit, and examination
fees related to the activity performed by the service provider.
C. Contracts and agreements should only address the responsibility for the maintenance of
equipment, hardware, and software related to the activity performed by the service
provider.
D. Contracts and agreements should describe the compensation, variable charges, and any
fees to be paid for non-recurring items and special requests.
T he correct answer is D.
Contracts and agreements should describe the compensation, variable charges, and any fees to be
paid for non-recurring items and special requests, address which party is responsible for the
payment of legal, audit, and examination fees, and address the responsibility for the expense,
purchasing, and maintenance of any related equipment, hardware, or software. T his is according to
the information presented, which states that agreements should describe compensation and fees,
A i s i ncorrect. Agreements should describe not only the compensation but also variable charges,
fees for non-recurring items, and responsibilities for the payment of related fees and the
B i s i ncorrect. Agreements should address not only payment responsibilities for legal, audit, and
examination fees but also compensation and responsibilities for the maintenance of related
equipment.
C i s i ncorrect. Agreements should address not only responsibilities for the maintenance of
equipment but also compensation, fees, and payment responsibilities for legal, audit, and examination
fees.
139
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5129 Which of the following is not a step in the T hird-Party Risk Management life cycle?
A. Remediation
C. Shared Assessments
D. Continuous monitoring
T he correct answer is C.
T he five stages of the professional certification of third-party risk management professionals are:
140
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5130 Which of the five steps in the T hird-Party Risk Management cycle involves choosing a third-
party service provider after evaluating the risk appetite of the firm?
D. Continuous Monitoring
T he correct answer is B.
T he Business model decision step involves making the decision to outsource some activities or keep
them in-house and the choice about a providers’ quality and price are important strategic decisions
A i s i ncorrect. Evaluation, risk rating, is performing due diligence and evaluation of who you will be
C i s i ncorrect. Contracts, service level agreements (SLAs) and contract management involves
clearly defining the responsibilities and expectations of both parties, as well as establish quality and
D i s i ncorrect. Continuous monitoring involves monitoring of service provision, quality SLAs, and
compliance with regulation as well as with the terms of the contract. It also involves setting trigger
141
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5131 Which of the following is a good risk management practice of the remediation or termination
step of the T hird-Party Risk Management life cycle?
T he correct answer is C.
It is good risk management practice under the remediation and termination step of the T hird-Party
Risk Management life cycle to have a grievance procedure as well as an exit strategy or termination
A i s i ncorrect. Defining trigger events for assessment is a good practice under the continuous
B i s i ncorrect. Establishing limits on the outsourcing by third parties is a good practice under the
Contracts, SLAs, and Contract Management step of the T hird-Party Risk Management life cycle.
evaluation, risk rating and due diligence step of the T hird-Party Risk Management life cycle.
142
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5132 Which of the following is not an example of an event that can trigger the reassessment of
contracts with third parties?
A. Data breaches
B. A merger or acquisition
C. Regulatory change
D. Risk appetite
T he correct answer is D.
Risk appetite is not an example of an event that can trigger the assessment of contracts with third
parties. A company’s risk appetite will determine a company’s decision whether to outsource some
Events that could trigger contract reassessment include data breaches or incidents, a change in the
change, changes in services provided, an act of God, a breach of contract or performance failure.
143
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5133 Which of the five steps in the T hird-Party Risk Management cycle requires sound due
diligence and verification of third-party service providers?
A. Remediation or termination
B. Continuous monitoring
T he correct answer is C.
Evaluation, risk rating, and due diligence is the second stage of the T hird-Party Risk Management
cycle. It requires sound due diligence and verification of third-party service providers.
Proportionality of approach is a good risk management practice where there needs an extensive due
diligence for third parties that will have access to sensitive information compared to one that will
not.
A i s i ncorrect. Remediation or termination is the fifth step in the T hird-Party Risk Management
cycle, and it is the ending of contracts either due to them coming to an end or due to termination
B i s i ncorrect. Continuous monitoring involves monitoring of service provision, quality SLAs, and
compliance with regulation as well as with the terms of the contract. It also involves setting trigger
D i s i ncorrect. T he Business model decision step involves making the decision to outsource some
activities or keep them in-house and the choice about a providers’ quality and price are important
strategic decisions that also relate to the risk appetite of the firm.
144
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
A. Service disruption
B. T hird parties
D. Compliance breaches
T he correct answer is B.
T hird parties are not necessarily a common third-party risk. It is the use of third parties that
increases a firm’s exposure to third-party risks. T hird parties are providers of goods and services
Common third-party risks include service disruption, failings in service quality, fraud, accidental data
privacy breach or intentional information leak, compliance breaches, espionage and IP theft, and
reputational damage.
145
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5135 Which of the following is a good practice when addressing fourth-party risk?
T he correct answer is A.
Good practice under SLA and contract management is for the contract to establish standards or limits
on the outsourcing that is done by third-party vendors. T he standards for vendor outsourcing can be a
replication of rules that the firm applies to its own vendors, so the vendors can apply them to their
B i s i ncorrect. Defining trigger events for contract assessment is a good practice under the
C i s i ncorrect. Having an exit strategy is a good strategy under the remediation or termination step
D i s i ncorrect. Having a termination clause if the relationship deteriorates beyond repair is a good
practice to have under the termination or remediation step of the T hird-Party Risk Management
cycle.
146
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5136 Which of the following is not an action that should be undertaken during the wind-down
process of contracts?
T he correct answer is C.
Having audit rights on vendors is a necessity for firms whose third parties also outsource services to
other parties. It is necessary for the firms to verify by themselves the application of rules the
vendors use.
Relationships can be terminated for a number of reasons and firms should plan for a wind-down
process that includes the transmission of intellectual property (IP), a plan to transition to in-house
services or to transfer to another provider, and to provide evidence of data transfer or destruction, if
147
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5137 Which of the following steps of the T hird-Party Risk Management life cycle involves keeping
track of service provision, quality SLAs, and compliance with regulation?
A. Remediation or termination
D. Contract monitoring
T he correct answer is D.
Continuous monitoring involves keeping track of service provision, quality SLAs, and compliance
with regulation as well as with the terms of the contract. It also involves setting trigger events for
B i s i ncorrect. T he Business model decision step involves making the decision to outsource some
activities or keep them in-house and the choice about a providers’ quality and price are important
strategic decisions that also relate to the risk appetite of the firm.
C i s i ncorrect. Evaluation, risk rating, and due diligence involves sound due diligence and
practice where there needs an extensive due diligence for third parties that will have access to
148
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5138 Which of the following is not a mechanism used by regulators for investor protection?
T he correct answer is C.
Requiring firms that buy and sell derivatives to do so through clearinghouses is a regulation
financial crisis.
149
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5139 Which of the following is not one of the activities addressed by the Markets in Financial
Instruments Regulation (MIFIR)?
T he correct answer is C.
Enhanced protection for whistleblowers is issue addressed by the investor protection act - Dodd-
Frank.
T he MIFIR regulation addresses the incentive systems as well as other facets of financial
150
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5140 Which of the following is not a protection provided to investors by the Investor Protection
Act – Dodd-Frank?
B. requires firms that buy and sell derivatives without using clearinghouses
T he correct answer is B.
T he Investor Protection Act – Dodd-Frank required firms that buy and sell derivatives to do so
through clearinghouses.
formed a committee to engage with the Securities and Exchange Commission (SEC)
regarding regulatory priorities surrounding new financial products, fee structures, and
trading methods.
financial stability.
establishes the Volcker Rule that seeks to stop commercial banks from profit-driven
the Consumer Financial Protection Bureau (CFPB) was established under the act as an
151
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5141 Which regulations resulted in the formation of the Consumer Financial Protection Bureau
(CFPB), as an independent financial regulator to regulate consumer finance markets ?
D. T he Volcker Rule
T he correct answer is B.
(CFPB), under the act as an independent financial regulator to regulate consumer finance markets.
that has been in effect throughout the EU since November 2007. It establishes the requirements for
regulatory reporting and transaction transparency as well as the guidelines for the admission of
agency organization, is under the SEC's supervision and controls brokerage firms. It is committed to
D i s i ncorrect. T he Volcker Rule was established by under the Investor Protection Act – Dodd
Frank and it seeks to stop commercial banks from profit-driven speculation and proprietary trading.
152
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5142 Which of the following factors does not contribute to both internal fraud and market abuse
risk?
B. Employee education
T he correct answer is B.
Employee education is an effective measure that ensures that investment activities are carried out
properly. It is not a contributing factor to either internal fraud or market abuse risk.
T he factors that contribute to internal fraud and to market abuse risk include:
153
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5143 Which of the following factors do not contribute to compliance risk in market activity?
T he correct answer is D.
Inadequate resource allocation to corporate units or activities is a factor that contributes to internal
T he asymmetry in information between buyers and sellers. Compared to banks and asset
T raders' conflicts of interest when they trade for the company and for their clients'
books.
Economic factors like spikes in market volatility boost the volume of transactions, which
154
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
T he correct answer is C.
T he Volcker rule intends to prevent commercial banks from engaging in speculative activities and
proprietary trading for profit. It specifically limits banks’ investments in hedge funds and private
equity funds.
All the above choices were as a result of the establishment of the Investor Protection Act – Dodd-
Frank however the results of the Volcker rule intended to prevent commercial banks’ risky
speculative activities.
155
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5145 Which of the following is not an effective measure for ensuring that investment activities
are carried out properly?
T he correct answer is D.
Fair and non-misleading communication with customers is one of the activities that the Markets in
Effective measures for ensuring that investment activities are carried out properly include:
employee education
a culture of ethics that is robust and is maintained by regular onboarding and training
156
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5146 Which of the following is the key issue addressed by the creation of the Markets in Financial
Instruments Directive II (MIFID II)?
T he correct answer is B.
MIFID II added new requirements for the public disclosure of trading activity data as well as for the
addressed by the original Markets in Financial Instruments Directive (MIFID) established in 2004.
D i s i ncorrect. T he oversight and supervision of workers and trades is an effective measure that
157
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5147 Which of the following is a protection provided to investors through the Investor Protection
Act – Dodd-Frank?
A. Employee education
T he correct answer is C.
T he Investor Protection Act – Dodd-Frank established the Volcker rule which seeks to stop
commercial banks from profit-driven speculation and proprietary trading as well as limits banks’
A i s i ncorrect. Employee education is an effective measure for ensuring that investment activities
B i s i ncorrect. Best deal execution for the clients is one of the issues that the Markets in Financial
D i s i ncorrect. Fair and non-misleading communication with customers is another issue that the
158
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4297 Which of the following is a primary way in which models can pose a significant risk to
financial service firms?
T he correct answer is B.
Models that produce inaccurate results may lead to unexpected losses. T he two primary ways in
which models can pose a significant risk to financial services firms:
the firm.
Models can give inaccurate results, which leads to unexpected losses to the firm.
A i s i ncorrect: Model's cost does not pose a significant risk to a financial institution.
C i s i ncorrect: Model's time consumption does not pose any significant risk.
159
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4298 T he following are activities carried out during the data preparation stage of a model
development process, EXCEPT :
A. Data acquisition
B. Data cleaning
C. Data exploration
D. Sample selection
T he correct answer is C.
Data exploration belongs to the data understanding stage. It involves the study of the relationship
between the dependent variable and independent variables. Study of the correlation between
different features
A i s i ncorrect: Data acquisition: Involves acquiring data from the source, which may include: file,
B i s i ncorrect: Data cleaning: Data differs in quality, mainly due to the different sources. Some of
D i s i ncorrect: Sample selection: A useful model requires a carefully selected data set. Outliers
should be handled.
160
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4299 Which of the following gives a reason why a firm should invest in model risk management?
T he correct answer is D.
Appropriate use.
A i s i ncorrect: Model developers don't get incentives to work faster; model development takes
some time, and thus the firm should plan for it in good time to avoid a last-minute rush.
B i s i ncorrect: Model risk management is set up to prevent these losses; however, losses resulting
161
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4303 T CC bank has developed a set of models to analyze liquidity risk, market risk, as well as the
credit risk of borrowers. Which of the following model risk management functions is least likely to
be handled by the developers of these models?
A. Coming up with a clear statement of purpose to ensure that model development is aligned
with the intended use
C. model testing
D. Model validation
T he correct answer is D.
An important aspect of validation is independence from model development and usage. It is generally
recommended that validation be carried out by people who are not responsible for the development
or use of the model and do not have an interest in its validity. Independence is not an end in itself, but
rather ensures incentives are aligned with the goals of model validation.
Options A, B, and C all describe the roles of model developers. Here's a brief explanation of each
role:
purpose) to ensure that model development is aligned with the intended use. Model design,
theory, and logic need to be well documented, supported by literature and industry
In addition, in developing a model, data and other information are of critical importance.
Both the quality and relevance of the data should be evaluated rigorously and adequately
documented. It is imperative that developers show that such data and information are
suitable for the model, and that they are consistent with the theory behind the approach
functioning as intended and whether its various components are working properly. T he
test involves checking the model's accuracy, demonstrating its robustness and stability,
assessing its potential limitations, and examining its behavior given a range of input values.
162
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4304 Model development and implementation in risk management requires various best practices
to ensure that the models are aligned to their intended use. Which of the following alternatives about
these best practices is MOST ACCURAT E?
A. T he merits and limitations of the model methodologies and processing components should
be well explained.
B. Developers should compare their models with alternative approaches and theories.
T he correct answer is D.
It is the most appropriate option as all the other options are best practices for model development
and implementation.
A i s correct: T he model methodologies and processing components that implement the theory,
including the mathematical specification and the numerical techniques and approximations, should be
C i s correct: It is of critical importance to rigorously assess the relevance and the data quality used
to develop a model, and appropriately document it. Developers should be able to demonstrate that
such data are suitable for the model and that they are consistent with the theory behind the approach
163
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4305 Which of the following gives a common error in model use and management across all
industries?
D. Model invalidation
T he correct answer is B.
T his occurs when, during model development, a nonrepresentative set of data was used. T his leads to
wrong model outcomes. Other common errors include:
A, C, and D are i ncorrect: T hey are not errors in model management or usage.
164
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4306 Which of the given options identifies one challenge faced by model risk managers while
designing and delivering effective model risk reporting?
T he correct answer is B.
T here is a need for the appropriate infrastructure to enable the organization, management, and
updating of data, e.g., workflow tools and databases. Model risk reporting is the link to the model risk
limit that the organization can take. Reporting should give an insight into model risk. T he challenges
include:
Determining how to measure the impact of models in a way that allows comparison and
A i s i ncorrect: Doesn't require any extra money to report as that is the job description of model
risk managers.
D i s i ncorrect: T he personnel to test the model are mostly the firm's staff who are available at no
extra cost.
165
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4443 T he following are some of the regulatory requirements of the model validation process,
EXCEPT:
B. Ensure that documentation indicates where the internal model does not work effectively
T he correct answer is C.
As per SR 11-7, only an independent team should be included in the model validation process.
A i s i ncorrect: According to SR 11-7, models should be used for the decision-making process.
B i s i ncorrect: Model documentation should indicate situations where the model might not work
accurately.
D i s i ncorrect.
166
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
C. A spreadsheet with coded probabilistic risk calculation that enables what-if scenarios to be
run each day
D. Both B and C
T he correct answer is C.
Option C describes a model that provides useful outputs to a firm given a set of inputs and can be
reused day by day.
A i s i ncorrect: ‘A spreadsheet that aggregates groups’ trading positions for reporting’ is a tool of a
model that aggregates groups’ trading positions for reporting and not complete to be a model.
B i s i ncorrect: ‘A spreadsheet with what-if calculations for potential buyers’ is also a tool of a
D i s i ncorrect.
167
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4445 T he following are some key areas where model risk can arise from, EXCEPT:
A. Data
B. Interpretation
C. Validation
D. Inventory
T he correct answer is C.
Validation is made to sort out the risk; it is not a source of model risk.
Data: Risk may result from using data that is incomplete, corrupt, or erroneous.
Inventory: Risk due to incomplete or inaccurate model inventories, the use of non-validated models,
168
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4446 Which of the following best describes the importance of an independent validation?
B. It ensures that the bank doesn’t spend much on incentives that model developers may
require to validate the model
T he correct answer is C.
Regulation required that banks should use independent validators. Besides being a requirement, it
helps eradicate the risks as validators are experts; thus, the CRO is comfortable using an independent
team of validators.
A i s i ncorrect: Use of an independent validation does not reduce any cost that was meant for
validation.
D i s i ncorrect.
169
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4447 T he following are key components of the model development process, EXCEPT:
A. Model lifecycle
B. Data preparation
C. Model audit
D. Model assembly
T he correct answer is A.
Model lifecycle is not a component of the model development process; however, model development
is a component of the model lifecycle.
Data preparati on: T his is the first component of the model development process. It entails data
Model audi t: T his is the last component and entails all the activities required for monitoring the
model performance.
Model assembl y: Model assembly is composed of all activities that are required to construct the
model.
170
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
B. Data sources
T he correct answer is B.
Model documentation must contain the data sources, data quality, justification of using such data,
among other important things pertaining to the model development.
A i s i ncorrect: Model documentation does not contain the model validation team; however, the
D i s i ncorrect.
171
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4449 Which one of the following is a challenge faced by banks in the model validation process?
T he correct answer is C.
As per the SR 11-7, all models, both internally developed or purchased, should be validated with the
same rigor. However, there is a lack of vendor transparency to its intellectual property. T his
concern may require banks to relax their rigor in the validation process and just rely on
benchmarking, outcome analysis, among other methods.
B i s i ncorrect: Model developers are not a part of the model validation team. T he team should be
independent.
D i s i ncorrect.
172
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4450 Which of the following is an important element of the model risk management framework?
B. Model risks
C. T hird-party models
T he correct answer is A.
Managing the lifecycle of a model requires consideration of various factors to maintain its quality.
T his component involves understanding the model development, documentation, validation,
inventory, among other things.
C i s i ncorrect: T hird-party models are also not elements of the model risk management
framework.
D i s i ncorrect.
173
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
D. A reporting component
T he correct answer is C.
Data understanding is a component of the model development process. T here are three key
components of a model. T hey include data input components, a data processing component, and a
reporting component.
A data i nput component: A model must obtain data from the user, which is input to the system
A processi ng component: After the data is input, the model processes the data using this
A reporti ng component: T his is the component responsible for giving the outcome or the results
after processing.
174
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4742 T he following are considered by initial model validation to establish the appropriateness of a
proposed model, EXCEPT :
A. Model implementation
B. Model revalidation
C. Model documentation
D. Model testing
T he correct answer is B.
Model revalidation comes in the last step of model validation. Initial model validation should consider:
Conceptual soundness
Model implementation
Model assumptions
Model documentation
A, C, and D are not correct: T hey are considered in the initial model validation process.
175
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4743 Which of the following is a primary element of a strong model validation framework?
A. Good investment
B. Ongoing monitoring
C. Technology advancement
D. T ime efficiency
T he correct answer is B.
Ongoing monitoring is a critical element of a reliable model validation framework. T he main aim of
this element is to confirm the appropriate implementation of the model, in addition to its usage and
performance as intended.
Evaluation of conceptual soundness: it entails the assessment of the quality of model design
and its construction. T here should always be documented evidence to provide support for
Outcomes analysis: T his element highly relies on statistical tests and other quantitative
176
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5148 A risk manager at a bank is presenting to the board of directors about model risk
management. He starts his presentation by defining a model. Which one of the following is the
correct definition of a model in the context of risk management in the modern day today?
D. A tool used for forecasting based on both quantitative and qualitative methods
T he correct answer is D.
According to the Fed, "the term model refers to a quantitative method, system, or approach that
process input data into quantitative estimates. T he definition of a model also covers quantitative
approaches whose inputs are partially or wholly qualitative or based on expert judgment, provided
A i s i ncorrect. T his is the definition used in the early days of model risk management.
B i s i ncorrect. T he definition of a model must include both quantitative and qualitative approaches.
177
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5149 A newly hired risk manager analyzes the types of risk and also wishes to explain different
ways that financial institutions can become exposed to model risk. Which of the following options
best describes the ways that financial institutions can become exposed to model risk?
T he correct answer is C.
Financial institutions can become exposed to model risk by relying too heavily on a single model or
failing to consider alternative models. T his can result in inaccurate or incomplete assessments of
A i s i ncorrect. Investing in low-risk assets may help to minimize some types of risk, but it is not
B i s i ncorrect. Avoiding complex financial instruments may help to reduce some types of risk, but
D i s i ncorrect. Conducting regular stress tests and scenario analysis is an important risk
management practice, but it is not directly related to the ways that financial institutions can become
178
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5150 A junior analyst at a bank wishes to understand more about the role of the model risk
management function and best practices in model risk management. What is the role of model risk
management (MRM) function in financial institutions, and how do they determine the frequency of
model validation?
A. MRM function validates models every year, regardless of their tier, to minimize risks.
B. MRM function specifies the frequency of model validation, but the tier of the model is not
taken into consideration.
C. MRM function is responsible for reviewing and challenging models to minimize risks, and
models are assigned to different tiers based on their risk level.
D. MRM function monitors the performance of models through reports produced by model
owners, but they do not conduct validations.
T he correct answer is C.
MRM function is responsible for reviewing and challenging models to minimize risks, and models are
assigned to different tiers based on their risk level. T he MRM function in financial institutions is
responsible for identifying, assessing, and mitigating model risk, which includes assigning models to
different tiers based on the risk they pose to the firm. T he frequency of model validation is
determined by the tier of the model, with high-tier models undergoing more frequent and detailed
A i s i ncorrect. Not all models are validated every year, and the frequency of validation depends on
B i s i ncorrect. T he tier of the model is an important factor in determining the frequency of model
validation.
D i s i ncorrect. T he MRM function not only monitors the performance of models through reports
179
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5151 What is the role of the first line of defense in the three lines of defense model in model risk
management, and how do first-line QA/QC teams help mitigate model risk?
A. T he first line of defense is responsible for independently assessing the risk and risk
management practices of the second line, while the first-line QA/QC teams monitor the
performance of models.
B. T he first line of defense abdicates its own responsibilities to the second line, while the
first-line QA/QC teams ensure models are validated at the appropriate frequency.
C. T he first line of defense generates the risk to which the organization is exposed and owns
the risk. T he first-line QA/QC teams play a pivotal role in mitigating model risk, especially
execution risk.
D. T he first line of defense is responsible for validating models, while the first-line QA/QC
teams conduct comprehensive backtesting.
T he correct answer is C.
T he three lines of defense model apply in model risk management, with the first line of defense
comprising model developers and model owners who generate the risk to which the organization is
exposed. T he first-line QA/QC teams play a pivotal role in mitigating model risk, especially execution
risk, by ensuring that models are developed and implemented according to best practices.
A i s i ncorrect. T he second line is responsible for independently assessing the risk and risk
management practices of the first line, not the other way around.
B i s i ncorrect. T he first line of defense should not abdicate its own responsibilities to the second
line, and the first-line QA/QC teams do not ensure models are validated at the appropriate frequency.
D i s i ncorrect. T he first line of defense is not responsible for validating models, and the first-line
180
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5152 T he risk committee of a large bank has prepared a report on model risk management
framework. In the report, it is stated that just like operational risk management (ORM), the MRM
applies the three lines of defense model. Which of the following is correct regarding the three lines
of defense in the MRM framework?
A. Model developers and model owners form the first line of defense
B. T he second line of defense works with the first line to assess all the activities of the first
line of defense
D. T he first line of defense oversees all the activities of the second line of defense
T he correct answer is A.
In the context of model risk, model developers and model owners form the first line of defense.
B i s i ncorrect. T he first line owns the risk and should take all necessary steps to mitigate it, while
the second line independently assesses the first line's risk and risk management practices.
D i s i ncorrect. It should be the other way round, i.e., the second line of defense oversees the
181
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5153 A bank's risk manager presents to the risk committee various case studies in which small
errors and ignorance led to or nearly costed the firm huge losses. What lesson related to the collapse
of the CDO market in 2008 did the bank's risk manager present to the risk committee?
T he correct answer is C.
T he collapse of the CDO market in 2008 was mainly attributed to the over-reliance on quantitative
models to evaluate and price the securities. T his led to the underestimation of risks and the creation
of overly complex securities that were ultimately unsustainable. T herefore, the lesson related to
this collapse is the risk of relying solely on quantitative models in investment decisions.
investment management and is not specific to the CDO market collapse in 2008.
B i s i ncorrect. T he significance of credit ratings in selecting securities was also a factor in the
CDO market collapse but this is not the main lesson in this case.
182
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5154 A large bank has hired an expert to look into their newly developed model as good MRM
practice. Which of the following options presents a case study in which banks and model users
suffered huge losses due to their ignorance to assess the newly developed models before fully
adopting them?
T he correct answer is A.
T his case study focuses on the collapse of CDO markets in 2008. In the early 2000s, David X. Li
published a paper on pricing CDOs and how to price pools of assets without considering their
correlations. Li's approach was based on the Gaussian copula and the use of CDS prices to infer the
correlation of assets. Li's pricing model was widely adopted, despite its associated limitations. Both
banks and model users did not care to assess the related limitations before fully adopting the model.
When signs of weaknesses started to materialize in 2008, the correlation implied by the CDSs and the
CDO prices increased dramatically, leading to the collapse of the CDO market.
B i s i ncorrect. In September 2008, Lehman Brothers collapsed, sparking the 2008 global financial
crisis. In one incident not known to many, Barclays Capital almost bought 179 trading contracts from
Lehman Brothers. A junior law associate was asked to convert the Excel files into a PDF for
uploading on the court's website. Unaware of hidden rows, including those listing the 179 trading
contracts that Barclays did not want to buy, he directly converted the files to PDF files. T he mistake
was identified later after the deal had already been approved.
C i s i ncorrect. T his case study relates to the use of inconsistent or wrong units, which costed
practices.
183
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.5155 In September 2008, Lehman Brothers collapsed, sparking the 2008 global financial crisis. In
one incident not known to many, Barclays Capital almost bought 179 trading contracts from Lehman
Brothers by accident. Which of the following lessons can be learned from this incident?
A. MRM should challenge the assumptions and ensure users understand related limitations
B. Even tools and models that seem so simple should be challenged and reviewed properly
C. Even small errors, such as the use of wrong units, can lead to massive losses
D. A good MRM should help minimize the misuse of models by helping users understand the
limitations accompanying a model
T he correct answer is B.
A simple mistake – forgetting to delete the hidden rows almost costed Barclays millions of dollars.
Even though the loss did not materialize in this case, it could materialize in some other cases. T hus,
even tools and models that seem so simple should be challenged and reviewed properly.
A i s i ncorrect. T his is a lesson associated with the collapse of CDO markets in 2008, where users
C i s i ncorrect. T his lesson relates to the NASA Mars Orbiter incident, where the use of
D i s i ncorrect. T his lesson is drawn from the collapse of CDO markets in 2008, in which users
184
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2306 Jim Scott, a risk manager, has been tasked with creating a presentation on capital and liquidity
for students at a high school. His introduction begins with a broad definition of the different types of
capital and liquidity. In this regard, which of the following is not a type of capital/liquidity?
T he correct answer is B.
T here are three kinds of capital and liquidity: 1) the capital/liquidity you have; 2) the capital/liquidity
you need (to support your business activities); and 3) the capital/liquidity the regulators think that
you need.
Q.2307 Which of the following does not represent a stress test exercise by a valid authority?
T he correct answer is C.
Answer C is the only one which is not a stress test exercise, but a mechanism to supply capital to
banks in need. It is also not connected to a particular year, and the correct full name is “U.S.
T reasury’s CAP”.
185
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2308 When modeling a bank’s revenues, losses, and balance sheet, there are some vital measures
to be taken into account. Which of the following is an important measure to the modelers?
A. Asset values
T he correct answer is D.
Modeling a bank’s revenues, losses, and balance sheet makes use of asset values for modeling balance
sheets, accounting and economic profits and losses for modeling losses and cash inflows and cash
outflows for modeling revenues.
A. A function of the expected default likelihood of the counterparty during normal operation.
B. A function of the expected default likelihood of the counterparty under a stress scenario.
T he correct answer is B.
Counterparty credit risk arises when, in a derivative transaction revalued to the stress scenario, the
bank finds itself in the money (i.e., enjoys a derivative receivable) yet cannot be sure that the
counterparty to the transaction will be solvent to make good on the payment. T hus, the value is
discounted, where the discount is a function of the expected default likelihood of the counterparty
under the stress scenario, which presumably is higher than today. Thi s adj ustment i s cal l ed a
credi t val ue adj ustment (CVA), and banks with significant derivative activities manage CVA as a
matter of course.
186
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2311 Regulatory and economic capital models are important instruments for measuring the amount
of capital needed. One of the following statements is not true about regulatory and economic capital
models. Which one?
Regulatory and economic capital models:
C. Have difficulty adapting to financial innovation and rapidly changing macro conditions.
T he correct answer is B.
Both regulatory and economic capital models (and especially the former) evolve very slowly and thus
have difficulty adapting to financial innovation and rapidly changing macro conditions. Indeed, some of
the innovation is motivated by those slowly evolving, one-size-fits-all regulatory capital rules.
187
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2207 A Catalonian bank is looking to expand its business lines. T he management decides that the
primary condition for investment will be the highest RAROC (risk-adjusted return on capital). T he
possibilities being discussed are:
I. Tarragona Construcciones, with an expected net profit of EUR 3,000,000 per year and
economic capital of EUR 50,000,000; and
II. Valencia Bonos, with an expected net profit of EUR 1,500,000 per year and economic capital
of EUR 22,000,000.
Assuming the cost of equity is 0.062, based on RAROC, the bank would most likely invest in:
A. Tarragona Construcciones
B. Valencia Bonos
C. Both projects
T he correct answer is B.
T he RAROC for Valencia Bonos(0.068) is greater than the cost of equity (0.062), thus it is most
188
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2208 During a meeting at a certain bank, manager A reports a RORAC (Return on Risk-Adjusted
Capital) of USD 30, manager B a ROC (Return on Capital) of USD 30, and manager C a RoCaR (Return
on Capital at Risk) of USD 30. T he best manager in terms of performance relative to the risk it is
taking is?
A. Manager A
B. Manager B
C. Manager C
T he correct answer is C.
RoCaR is a risk management metric that measures the return a company earns on the capital it has
put at risk. RoCaR is useful for evaluating a company's risk management practices and determining
A i s i ncorrect. RORAC adjusts for the risks associated with a company's operations, and is
therefore a more sophisticated measure of profitability. RORAC is particularly useful for evaluating
the performance of financial institutions, which typically have complex risk profiles.
B i s i ncorrect ROC is a basic measure of a company's profitability and capital efficiency, and is
useful for comparing companies in the same industry or sector. However, it does not take into
T here is no single "better" metric among return on capital (ROC), return on risk-adjusted capital
(RORAC), and return on capital at risk (RoCaR). Each of these metrics serves a different purpose
and can provide valuable insights into a company's financial performance and risk management.
189
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2210 A bank in Vermont is considering investing in one of four regional factories producing maple
syrup. T he bank intends to make a decision based on RAROC (risk-adjusted return on capital). T he
following information is available:
On the basis of the risk-adjusted return on capital for each factory, the bank will most likely pick:
A. Factory A
B. Factory B
C. Factory C
D. Factory D
T he correct answer is D.
(expected revenues − costs − expected losses − taxes + return on risk capital + / − transfers
RAROC =
economic capital
190
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
A. Regulatory capital only applies to a few closely monitored industries like banking and
insurance.
C. Aggregate risk capital and regulatory capital may be equal at firm level, but different at
business lines level.
T he correct answer is D.
Risk capital is necessary across all risk-taking businesses but regulatory capital only applies to a few
industries where protection of the interests of investors/depositors is paramount. In addition, risk
capital is determined by the nature of a firm’s investments but regulatory capital is based on a
standardized, industry-wide formula. Furthermore, even though risk capital and regulatory capital can
have similar aggregate figures as viewed at the firm level, you will most likely come across
significant differences at the department level. Some departments or business lines may be subject
to more regulatory measures than others.
191
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2212 Kimberley Excavations, a diamond-mining company from South Africa, has implemented a
RAROC (risk-adjusted return on capital) system for future strategic investments. Kimberley
Excavations owns several diamond mines which have been showing signs of a decrease in yield, with
sharp rises and drops. Management of the mines is deeply dissatisfied with the new system,
complaining that RAROC is lacking fairness in attributing economic capital (EC) to their businesses –
namely that the EC is too high. What is the correct course of action for senior management in this
case?
A. Neglect dissatisfaction in the local management and enforce the RAROC system at all
costs.
C. Disregard RAROC and return to the old, tried and proven risk management system.
T he correct answer is B.
Answer B, being part of the recommendations for implementing the RAROC system, is the only
acceptable answer in this instance. Answer A is wrong because good communication should always
be placed above forceful implementation. Answer C is wrong because RAROC is not just a common
language of risk, but a quantitative technique. We can also think of a RAROC-based capital budgeting
process as akin to an internal capital market in which businesses are competing with one another for
scarce balance sheet resources - all with the objective of maximizing shareholder value. T his makes
RAROC a useful tool for capital allocation, both for banks and for nonbank corporations. Answer D is
outside the scope of this course.
Q.2213 An Indian bank is in the process of calculating its risk capital. T he main purpose of risk
capital calculation is:
A. To show the level of expected losses that the bank could absorb.
T he correct answer is C.
Risk capital should be calculated in such a way that the institution can absorb unexpected losses up
to a level of confidence in line with the requirements of the firm's various stakeholders.
192
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2214 A certain bank is calculating RAROC for some of its business lines. T he available data gives
information on: expected revenues, costs, taxes, return on risk capital, transfers, and economic
capital. What type of data is missing?
A. Sharpe ratio
B. Expected losses
D. VaR (Value-at-risk)
T he correct answer is B.
(expected revenues − costs − expected losses − taxes + return on risk capital + / − transfers
RAROC =
economic capital
193
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2215 A certain bank is in the process of developing a differentiated mortgage product targeting a
market segment that has previously been overlooked because it's in a different geographical location
from where the bank operates. Which method should the bank adopt to estimate default probabilities
with regard to the new business line? T he point-in-time approach or the through-the-cycle approach?
A. Point-in-time approach
B. T hrough-the-cycle approach
T he correct answer is B.
A point-in-time (PIT ) probability of default is reasonable for calculating near-term expected losses
(EL) and for pricing financial instruments that are subject to credit risk.
A through-the-cycle (T T C) PD, which is largely the approach taken by the rating agencies, is more
reasonable for calculating economic capital, current profitability, and strategic decisions regarding
products, geographies, and new business ventures.
Further explanation: A “through the cycle” process requires assessment of the borrower’s riskiness
bases on a worst-case, “bottom of the cycle scenario” (i.e., its condition under stress). T his makes a
lot more sense for a new business line since this business line is likely to go through “bottom of the
cycle scenario” at some point.
194
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2734 Determine the RAROC using the following information about a loan.
A. 10.00%
B. 10.50%
C. 11.00%
D. 12.50%
T he correct answer is A.
250, 000 − 60, 000 − 60, 000 + 10, 000 − 100, 000
RAROC = = 10%
400,000
Q.2735 Given that the RAROC on a project is 12%, the risk-free rate is 4%, the return on the
market portfolio is 10%, and the firm’s equity beta is 1.25, calculate the adjusted RAROC for the
project and determine whether it should be accepted or rejected.
A. 6.4%; rejected
B. 4.5%; accepted
C. 6.0%; accepted
D. 6.0%; rejected
T he correct answer is B.
195
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
RAROC is a profitability measure for analyzing risk-adjusted financial performance. For acceptance, a
project must earn a return that's higher than the firm's hurdle rate - a benchmark rate of return set
taking into account the firm's cost of both common and preferred equity. However, exclusively
accepting only the projects whose RAROC > hurdle rate can result in a portfolio of high-risk
projects that could ultimately result in losses and reduce the value of the firm. What's more lower
return projects that have a RAROC < hurdle rate (rejected projects) also come with low risk that
could provide steady returns and increase the value of the firm.
For these reasons, we adjust RAROC for systematic risk, giving rise to ARAROC, where:
Where:
R f = risk-free rate
196
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
A. 0.7867
B. 0.4537
C. 0.6279
D. 0.8794
T he correct answer is C.
T herefore:
197
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3136 Sigma Inc. has an equity beta of 1.18. In addition, the risk-free rate is 2%, the expected
market return is 7.932% and the RAROC on the proposed project is 10%. If the beta of the proposed
project is the same as that of Sigma Inc, then, in order to increase the shareholders' wealth,
ARAROC should increase by more than?
A. 1.446%
B. 1.592%
C. 0.0000%
D. 2.000%
T he correct answer is C.
Shareholders’ wealth increases when ARAROC is greater than the risk-free rate
ARAROC can be computed using the following formula:
In order for shareholders to increase the value of their wealth, ARAROC should be greater than the
risk-free rate. Clearly, this condition has been met and, therefore there is no need to increase it.
198
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3206 Samar Vance is an equity strategist at Jumbo Capital. She has been given with the following
information about an investee banking company whose:
A. 30%.
B. 23%.
C. 12%.
D. 11%.
T he correct answer is D.
Expected revenues − Costs − Expected losses − Taxes + Return on risk capital ± T ransfers
RAROC =
Economic Capital
(12 − 2.3 − 1.6 − 0 + 0.7 ± 0)
=
80
= 0.11 or 11%
199
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3207 Larry Sing is considering to invest in an Oil Marketing Company stock named Hudson
Petroleum. If its RAROC is 17%, the company's beta is 1.2, the return on the market is 12%, and the
risk-free rate is 8% what will be the adjusted RAROC for a Hudson?
A. 13.2%.
B. 16%.
C. 12.2%.
D. 5.9%.
T he correct answer is C.
200
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3209 Henry Campbell is equity analyst at Four Brothers Financials. He is currently analyzing a
new project for expanding in new markets. His calculated RAROC is 13%, the risk-free rate is 6%,
the market return is 14%, the firm's required return on equity is 12%, and the firm's beta is 1.5.
What is the ARAROC and should the project be accepted?
A. 11%; accept.
B. 5.5%; reject.
C. 6.2%; accept.
D. 1.0%; reject.
T he correct answer is D.
201
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2216 T he main challenge faced by financial institutions while choosing the risk measure to use for
economic capital purposes is that:
B. Most risk measures are too complex, which means implementation and eventual
communication to stakeholders can be quite difficult.
C. T here is a general lack of relevant and reliable data that can be used to assess risks.
T he correct answer is D.
Although there seems to be some kind of a general agreement on the properties that should guide
institutions while choosing a risk measure for economic capital assessment, there is no single
measure that could be considered ideal for every firm. None is ‘head and shoulders’ above the others.
Every institution, therefore, has to choose its risk measure in light of specific circumstances.
Q.2217 While developing an economic capital framework, it is important to come up with the
aggregate risk facing the institution as a whole. However, aggregate risk can be erroneous and
inaccurate in light of certain circumstances. T hese include:
T he correct answer is D.
In most organizations, most risks are evaluated on a standalone basis without regard to possible
interactions between them, which indeed exist in real life, e.g. interaction between market risk and
credit risk. Failure to recognize this correlation during aggregation can result in gross
underestimation of the total risk facing the organization. Too many autonomous units or the use of
different modeling methodologies would not by themselves introduce errors as long as the models
have been validated and tested for suitability. Recognizing diversification would actually improve risk
aggregation.
202
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
I. Validation serves to increase confidence among users that modeling assumptions are
consistent with market conditions
II. Validation techniques are equally powerful in sensitivity testing and overall absolute
accuracy
III. Only one validation technique should be applied to a given model; combining techniques is
always counterproductive
B. I only
C. I and III
D. II only
T he correct answer is B.
Validation provides a degree of confidence that modeling assumptions are appropriate, hence
increases the confidence of users dependent on the model’s outcome. Moreover, a range of
validation techniques – as opposed to just one – can provide more substantial evidence for or against
the use of a particular model. However, validation techniques are more powerful in some areas such
as risk sensitivity but not in other areas such as absolute accuracy.
Q.2219 When examining a firm’s capital adequacy, it’s always important to establish the dependency
(correlation) between obligors. However, correlation estimates provided by current models are
usually inaccurate and unstable – mainly because of:
T he correct answer is C.
To determine appropriate levels of economic capital for a bank, it’s absolutely necessary to estimate
the correlation between obligors. Unfortunately, most models currently in use do not provide
accurate/stable correlation estimates mainly because they still depend heavily on explicit/implicit
model assumptions.
203
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2220 A bank-wide view of counterparty credit risk for economic capital purposes can be a
challenge mainly because:
A. It involves large-scale gathering of data and transactions monitoring, which can easily
strain human resources.
C. It relies heavily on independent opinions of credit rating agencies, some of which can be
compromised.
D. It requires cooperation among all business divisions, some of which could be autonomous.
T he correct answer is A.
Measurement of counterparty credit risk presents a complex exercise as it involves the gathering of
data across multiple systems and continuous monitoring of multiple risk exposures, sometimes
numbering millions. Moreover, while some transactions conclude overnight, some might run for tens
of years. Such exercises can easily strain resources.
Q.2221 One of the main challenges in the calculation of economic capital for interest rate risk in the
banking book relates to:
T he correct answer is A.
It’s difficult to determine the level of economic capital required to mitigate interest rate risk
because most assets and liabilities have long holding periods, and interest rate projections 10-20
years into the future are, at best, speculative.
204
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2222 Which of the following financial products would pose the greatest challenge to the
determination of the economic capital of a bank?
A. Ordinary stocks
B. Preference shares
T he correct answer is C.
Embedded optionality in banking brings about indeterminate cash flows on both the asset and liability
sides. It’s normally not easy to predict whether or not outstanding options will be exercised. Such
products pose risks that are significantly greater than most measures suggest.
B. T he amount of reserve cash held by a bank, which is used to absorb losses resulting from
credit risk.
C. Practices that allow institutions to assess risk and attribute capital to the economic
effects of risk-taking activities.
D. Practices that allow institutions to set aside sufficient funds to mitigate risks emanating
from future uncertainties.
T he correct answer is C.
Economic capital can be defined as the method or practices that allow financial institutions to
consistently assess risk and to financially prepare for the economic effects of risk-taking activities.
205
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2965 Fidelity Bank uses models based on the asymptotic single risk factor (ASRF) model for credit
risk. In particular, the model is based on Basel II risk weights. What is the effect to the capital charge
for an exposure based on this ASRF model?
A. T he capital charge depends on the composition of the portfolio to which the exposure is
added.
B. T he capital charge for an exposure depends on risk characteristics of the exposure only.
C. T he capital charge captures general types of tendencies as opposed to the Gaussian copula
models.
T he correct answer is B.
ASRF models are derived from “ordinary” credit portfolio models by the law of large numbers. When
a portfolio consists of a large number of 5 relatively small exposures, idiosyncratic risks associated
with individual exposures tend to cancel out one-another and only systematic risks that affect many
exposures have a material effect on portfolio losses. In the ASRF model, all systematic (or system-
wide) risks, that affect all borrowers to a certain degree, like industry or regional risks, are modeled
with only one (the “single”) systematic risk factor.
T his modeling approach permits the use of banks’ correlation estimates or multiple systematic risk
factors for correlations to be addressed.
Q.2967 Copulas combine the marginal probability distributions into a joint distribution. Which of the
following is an advantage of copulas as a form of risk aggregation methodology?
B. T he method is easy to use as it easily estimates inter-risk correlations and does not
capture nonlinearities.
C. Simulation of common drivers provides for calculating the distribution of outcomes and
economic capital risk measure.
D. Is more flexible than a covariance matrix and allows for nonlinearities and higher-order
dependencies.
T he correct answer is D.
T hrough flexibility in copulas as a means of combining marginal probability distribution into joint
distribution as compared to a covariance matrix, nonlinearities and higher-order dependencies are
allowed.
206
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2968 Broadways Bank uses the unit of account as a component of risk aggregation methodology.
Which of the following is NOT a characteristic of the unit of risk accounting?
A. Risk metric
B. Confidence level
C. Complex simulation
D. T ime horizon
T he correct answer is C.
T he measured risk’s horizon (in risk aggregation, it’s selection is of crucial importance)
207
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2969 Which of the following risk measures is the least commonly used measure in the practice of
risk management?
A. Standard deviation
C. Value at risk
D. Expected shortfall
T he correct answer is B.
Spectral risk measures are a newer class of risk measures that allow for different weights to be
assigned to the quantiles of a loss distribution, rather than assuming equal weights for all
observations, as is the case for Expected shortfall. However, spectral and distorted risk measures
are not widely used in practice and are currently largely of academic interest.
Q.3211 Which of the following categories of BIS recommendations specifically refers to the need to
consider using additional methods, such as stress testing, to help cover all exposures?
A. Risk aggregation.
C. Netting
T he correct answer is D.
When deciding between the available methods of measuring counterparty credit risk, there are trade-
offs to be considered . Additional methods, such as stress testing, need to be adopted to help cover all
exposures.
208
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2224 Oak Creek bank, part of a Bank Holding Company (BHC), is preparing for its annual CCAR
(Comprehensive Capital Analysis and Review). After careful consideration, analysts have identified a
wrongly implemented principle of capital adequacy process in the bank. Which of the following
principles is not part of the CCAR?
C. Adequate IT resources
T he correct answer is C.
209
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2225 T he Great Falls Bank of Montana, USA, part of a Bank Holding Company (BHC), is performing
an annual CCAR (Comprehensive Capital Analysis and Review). During the process, it is revealed that
one of the existing models has not been appropriately validated nor independently reviewed. Which
principle of effective capital adequacy has been violated?
D. Effective governance
T he correct answer is A.
Principle 6 of an effective capital adequacy process has much to do with robust internal controls,
including change control; model val i dati on and i ndependent revi ew; comprehensive
documentation; and review by internal audit.
Q.2226 Minnetonka Bank, part of a Bank Holding Company (BHC), is involved in comprehensive
capital analysis and review. During the process, it is confirmed that one of their processes for
translating risk measures into estimates of potential losses does not encompass a satisfactory range
of stressful scenarios and environments. Which principle of an effective capital adequacy process
has been violated?
C. Effective governance
T he correct answer is D.
Principle 2 of an effective capital adequacy process has much to do with effective loss-estimation
methodologies. It states that the BHC should have effective processes for translating risk measures
into estimates of potential losses over a range of stressful scenarios and environments and for
aggregating those estimated losses across the BHC.
210
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2227 A certain bank based in New York is assessing risks as part of its preparation for the annual
CCAR (Comprehensive Capital Analysis and Review). During the process of stress-testing, several
risk categories are defined, particularly those that are difficult to quantify or not directly attributable
to any of the specific integrated firm-wide risk categories. Which of the following risks would not fall
under such a category?
A. Compliance risk
B. Credit risk
C. Reputational risk
D. Strategic risk
T he correct answer is B.
Given the scope of operations and the associated breadth of risks facing large, complex BHCs –
including the risk of losses from exposures and of reduced revenue generation – they are often
exposed to risks, other than credit or market risk, that are either difficult to quantify or not directly
attributable to any of the specific integrated firm-wide scenarios that are evaluated as part of the
BHC's scenario-based stress testing ("other risks"). Examples of these other risks include
reputational risk, strategic risk, and compliance risk.
Q.2228 Cloverdale Bank in Idaho, USA, forms part of a Bank Holding Company (BHC). It has just
ventured into a new business line that requires the proper estimation of losses, revenues and
expenses as part of scenario analysis. Bearing this in mind, what would be the most appropriate data
for modeling purposes?
A. Internal data
B. External data
D. None - the new models should take into account only future data generated by the
business line
T he correct answer is B.
Generally, BHCs should develop and use internal data to estimate losses, revenues, and expenses as
part of an enterprise-wide scenario analysis. However, in certain instances, it may be more
appropriate for BHCs to use external data to make their models more robust. In this case, the BHC
lacks sufficient, relevant historical data.
211
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2229 Fairgrounds Bank forms part of a Bank Holding Company (BHC). T he bank has been very
successful in a business line that was established about 6 months ago. T he bank intends to stress test
models for the business line for a longer period. As part of best practice during stress testing, the
bank should:
B. Test a wide range of adverse effects reaching outside the established data patterns.
C. Only use the data which reflects the most positive outcomes.
D. Only use the data which reflects the most negative outcomes.
T he correct answer is B.
Given the uncertainty inherent in a forward-looking capital planning exercise, the Federal Reserve
expects BHCs to apply generally conservative assumptions throughout the stress testing process to
ensure appropriate tests of the BHCs' resilience to stressful conditions. In particular, BHCs should
ensure that models are developed using data that contain sufficiently adverse outcomes. If a BHC
experienced better-than-average performance during previous periods of stress, it should not assume
that those prior patterns will remain unchanged in the stress scenario. BHCs should carefully review
the applicability of key assumptions and critically assess how historically observed patterns may
change in unfavorable ways during a period of severe stress for the economy, the financial markets,
and the BHC.
212
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2230 Clayton bank forms part of a Bank Holding Company (BHC) and has been requested, by the
Federal Reserve, to compile documentation regarding its estimation practices. What are the main
guidelines that should be followed by the bank while documenting its estimates?
A. Extremely detailed explanations of key methodologies with every bit of data available
being presented.
T he correct answer is D.
T he Federal Reserve expects BHCs to clearly document their key methodologies and assumptions
used to estimate losses, revenues, and expenses. BHCs with stronger practices provided
documentation that concisely explained methodologies, with relevant macroeconomic or other risk
drivers, and demonstrated relationships between these drivers and estimates. Documentation should
clearly delineate among model outputs, qualitative overlays to model outputs, and purely qualitative
estimates. BHCs with weaker practices often had limited documentation that was poorly organized
and that relied heavily on subjective management judgment for key model inputs with limited
empirical support for and documentation of these adjustments.
Q.2231 Highlands Bank forms part of a Bank Holding Company (BHC). T he bank is computing loss
estimates on a number of its business lines. What are the components that the bank should take into
account when estimating losses?
A. Probability of default (PD), time value of money (T M), and loss given default (LGD).
B. Probability of default (PD), loss given default (LGD), and exposure at default (EAD).
C. Probability of default (PD), time value of money (T M), and exposure at default (EAD).
D. Loss given default (LGD), exposure at default (EAD), and credit rating (CR).
T he correct answer is B.
Under the expected loss approach, losses are estimated as a function of three components-
probability of default (PD), loss given default (LGD), and exposure at default (EAD). PD, LGD, and
EAD can be estimated at a segment level or at an individual loan level, and using different models or
assumptions.
213
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2232 Fetterman Bank is in the process of estimating revenue and expenses for the following time
period. What is the length of time required for the estimation of revenue and expenses by the
Federal Reserve’s Capital Plan Rule?
A. Nine quarters
B. Eight quarters
C. T welve quarters
T he correct answer is A.
T he Capital Plan Rule requires BHCs to estimate revenue and expenses over the nine-quarter
planning horizon.
Q.2233 What are the internal control methods included in an internal capital planning process?
T he correct answer is D.
As with other aspects of key risk-management and finance area functions, a BHC should have a
strong internal control framework that helps govern its internal capital planning processes. T hese
controls should include (1) regular and comprehensive review by internal audit; (2) robust and
independent model review and validation practices; (3) comprehensive documentation, including
policies and procedures; and (4) change controls.
214
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2234 Bank of Elmwood, part of a Bank Holding Company (BHC), is preparing for independent model
review and validation. What’s included in such a process?
C. An “outcome analysis”
T he correct answer is D.
an "outcomes analysis"
Q.2235 A BHC is having a supervisory review performed on its modeling practices for capital
planning. Following the review, the company receives very positive feedback regarding its model
documentation as part of risk management. What could be the reason for the positive feedback?
T he correct answer is B.
Maintaining an updated inventory of all models used in the modeling process is one of the
(documentation) practices that are exhibited by well-performing and financially stable BHCs.
215
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2236 Campbell bank, part of a Bank Holding Company (BHC), has not had its risk infrastructure,
nor its loss-estimation methodologies reviewed for more than a year. Which principle of an effective
capital adequacy process does this violate?
C. Effective governance
T he correct answer is C.
In order for a BHC to be considered to have effective governance, there should be effective
oversight of the capital adequacy process by the board and senior management, including peri odi c
revi ew of the BHC's ri sk i nfrastructure and l oss- and resource-esti mati on
methodol ogi es; evaluation of capital goals; assessment of the appropriateness of stressful
scenarios considered; regular review of any limitations and uncertainties in all aspects of the CAP;
and approval of capital decisions.
A. Models outsourced from external sources for the purpose of performance comparison
with internal models.
B. Models used to produce projections or estimates that can then be used in another model to
generate final figures for expected losses, expenses and revenue.
C. Models whose outcome has been disputed by experts and analysts at firm level.
D. Models used to generate the final projected figures for losses, expenses, and revenues.
T he correct answer is B.
BHCs should maintain an inventory of all models used in the capital planning process, including all
input or “feeder” models that produce projections or estimates used by the models that generate the
final loss, revenue or expense projections.
216
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2238 A BHC in Mississippi, USA, was recently subjected to a supervisory review of its model risk
management. Following the exercise, the company received negative feedback. Which of the
following could have led to such an outcome?
B. Using benchmark or challenger models to help assess the reasonableness of the primary
model output.
D. Being too transparent about the validation status of all models used for capital planning.
T he correct answer is A.
Recommended practices in BHCs capital planning include: being transparent about the validation
status of all models used for capital planning and appropri atel y addressi ng any model s that
have not been val i dated (or those that have i denti fi ed weak nesses) by restri cti ng thei r
use, or using benchmark or challenger models to help assess the reasonableness of the primary
model output. Also, there should be independent validation staff mandated with critical review of
models to assess their suitability.
Q.2970 Bank Holding Company (BHC) models review and validation process should include all the
following, EXCEPT :
D. An outcomes analysis
T he correct answer is C.
T he process of reviewing and validating a BHC model must have an evaluation of conceptual
soundness. In addition, there should be an ongoing monitoring that includes verification processes and
benchmarking. Furthermore, an outcomes analysis needs to be done. However, there are no policies
and procedures in the model review and validation processes.
217
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2971 Internal controls in bank holding companies (BHCs) should ensure that there is integrity of
reported results and the documentation, review, and approval of all material changes to the capital
planning process and its components. Such controls as ensured by BHCs should exist at all levels of
the capital planning process, with specific control measures to perform all the following roles apart
from:
A. Making sure that there is sufficient robustness in MIS for capital analysis and decision
making to be supported, with sufficient flexibility to run ad-hoc analysis whenever
necessary.
B. Provide for reconciliation and data integrity process for all key reports.
D. Ensure that the documentation provides evidence that results and recommendations can
be challenged by the Board.
T he correct answer is D.
Options A, B, and C are all specific control measures for performing the aforementioned roles.
However, for option d, there is no direct link to the specific control measures by ensuring that
evidence provided by documents resulting from recommendations can be challenged by the Board.
218
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2334 In 1992, Germany was under Basel I regulations. Eintracht Bank from Frankfurt has had the
following portfolio structure (in USD):
A. $700 million
B. $1 billion
C. $500 million
D. $1.2 billion
T he correct answer is A.
219
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2335 In 1992, Italy was under Basel I regulations. Scala Bank from Milan had the following portfolio
structure (in USD):
Loans to corporations: $1.5 billion ($600 million in commercial real estate)
OECD countries government’s exposures: $300 million
Cash, balance with a central bank: $500 million
A. $1.2 billion
B. $1.5 billion
C. $2.3 billion
D. $1.65 billion
T he correct answer is B.
220
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2336 Arrenberg bank from Rotterdam, Netherlands, has to calculate its RWA under Basel I for its
exposure in an over-the-counter FX swap agreement. T he data on the swap exposure is as follows:
Add-on factor – 1%
Notional amount – EUR 500 million
Current value – EUR 1 million
Risk-weighted factor for counterparty – 100%
B. EUR 6 million
D. EUR 1 million
T he correct answer is B.
221
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2337 Calc Bank from Frankfurt, Germany, had to calculate its risk-weighted assets (RWA) under
Basel I for its exposure in over-the-counter interest rate swap agreement. T he data on the swap
exposure is as follows:
Add-on factor: 1.5%
Notional amount: EUR 1 billion
Current value: EUR -2 million
Risk-weighted factor for counterparty: 100%
A. EUR 13 million
B. EUR 0
C. EUR 15 million
D. EUR 1 billion
T he correct answer is C.
RW A = (notional amount × add-on factor + max (current value; 0)) × risk weighted factor
= (1b × 1.5% + 0) × 100% = EUR 15 million
222
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2338 Kediray Bank from Izmir, T urkey is calculating its regulatory capital under Basel I
regulations. It has the following capital instruments: equity, noncumulative perpetual preferred
stocks, and subordinated debt with a maturity of over 5 years. What is the structure of its regulatory
capital?
A. T ier 1 capital includes equity, noncumulative perpetual preferred stocks, and subordinated
debt.
B. T ier 1 capital includes equity, and T ier 2 capital includes noncumulative perpetual
preferred stocks and subordinated debt.
C. T ier 1 capital includes equity, and T ier 2 includes noncumulative perpetual preferred
stocks; subordinated debt is not included in regulatory capital.
D. T ier 1 capital includes equity, noncumulative perpetual preferred stocks, and T ier 2
includes subordinated debt.
T he correct answer is D.
1. T ier 1 – T his consists of items such as equity and noncumulative perpetual preferred stock.
(Goodwill is subtracted from equity.)
2. T ier 2 – T his is sometimes referred to as Supplementary Capital. It includes instruments
such as cumulative perpetual preferred stock, certain types of 99-year debenture issues, and
subordinated debt (i.e. debt subordinated to depositors) with an original life of more than five
years.
223
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2339 Banat Bank from T imisoara, Romania, is calculating its regulatory capital under Basel I
regulations. It has the following structure of capital instruments (in EUR):
Equity: 150m
Subordinated debt (over 5 years maturity): 50m
Cumulative preferred stocks: 20m
D. T ier 1: 170m
T he correct answer is B.
1. T ier 1: T his consists of items such as equity and noncumulative perpetual preferred stock.
(Goodwill is subtracted from equity.)
2. T ier 2: T his is sometimes referred to as Supplementary Capital. It includes instruments such
as cumulative perpetual preferred stock, certain types of 99-year debenture issues, and
subordinated debt (i.e. debt subordinated to depositors) with an original life of more than five
years.
In this example, T ier 1 = Equity (150m); and T ier 2 = Subordinated debt (50m) + Cumulative
224
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2340 Osijek Commercial Bank from Croatia has to calculate its T ier 1 and T ier 2 capital under
Basel I regulations. It has the following capital structure (in EUR):
Equity: 50m
Subordinated debt (over 5 years maturity): 30m
Cumulative preferred stocks: 5m
Noncumulative preferred stocks: 10m
T he correct answer is A.
Q.2341 Basel II introduced a capital requirement for one “new” risk in Pillar 1. Which one?
C. Operational risk
D. Credit risk
T he correct answer is C.
Capital requirement for credit risk was introduced in ther Basel I Capital Accord (which if the reason
why D is not the correct answer). T he capital requirement for market risk was introduced in Basel I
Amendment from 1996 (which if the reason why B is not the correct answer). T he capital
requirement for operational risk was introduced in Pillar 1 of Basel II.
225
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2342 NYC Bank from New York, USA, is one of the largest banks in the USA. At the moment of
the introduction of Basel II standards in the USA, it was free to choose the approach to use so as to
meet credit risk capital requirements. What options did the bank have in this regard?
A. Standardized approach, Internal rating based approach, and Advanced IRB approach.
T he correct answer is D.
T he United States chose to apply Basel II only to large banks and decided that only the Foundation
IRB approach could be used since only the probability of default data was required from the banks as
compared to the advanced IRB approach that required all the three values, i.e, the probability of
default, the exposure at default and loss given default data.
Q.2343 PSV Bank, a small regional bank from Eindhoven, Holland, is in process of calculating its
capital requirements. Which of the following statements is true?
B. T he bank can choose between standardized, IRB, and advanced IRB approaches under EU
regulation.
T he correct answer is B.
T he Basel II capital requirements applied to "internationally active" banks. In the United States,
there are many small regional banks and the U.S. regulatory authorities decided that Basel II would
not apply to them. (T hese banks are regulated under what is termed Basel IA, which is similar to
Basel I.) In Europe, all banks, large or small, were regulated under Basel II. Furthermore, the
European Union required the Basel II rules to be applied to securities companies as well as banks.
226
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2345 Bethlenbank from Kecskemet, Hungary, has to calculate its capital requirement for credit
risk. T he bank has decided to use the standardized approach and has managed to gather data on:
exposure, collateral, probability of default, and credit rating of the debtor. Which piece of data is
missing so as to proceed with the required calculations smoothly?
C. None
D. Maturity
T he correct answer is C.
Under the standardized approach (Basel II), risk-weighted assets are calculated as the product of
exposure and a weighted factor which depends on credit rating of the debtor. LGD and maturity are
used for the calculation of capital requirement for credit risk under the IRB approach.
Q.2346 Astoria Bank from Marseille, France, has chosen the IRB approach to calculate its capital
requirement for credit risk. In line with standard practice, the bank should calculate its:
A. Value at risk with a time horizon of 1 year and a confidence interval of 99.9%.
B. Value at risk with a time horizon of 1 year and a confidence interval of 99%.
C. Value at risk with a time horizon of 1 month and a confidence interval of 99.9%.
D. Value at risk with a time horizon of 10 days and a confidence interval of 99%.
T he correct answer is A.
Regulators base the capital requirement on the value at risk calculated using a one-year time horizon
and a 99.9% confidence level. T hey recognize that expected losses are usually covered by the way a
financial institution prices its products. (For example, the interest charged by a bank on a loan is
designed to recover expected loan losses.) T he capital required is, therefore, the value at risk minus
the expected loss.
227
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
(in $ million)
Cash 50
T reasury bills 100
Loans to corporations 750
Uninsured Residential mortgages 100
A. $850 million
B. $700 million
C. $750 million
D. $800 million
T he correct answer is D.
228
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2738 Which of the following approaches is NOT appropriate for calculating credit risk capital
under Basel II?
A. Standardized Approach
T he correct answer is D.
Basel II provides three approaches for calculating the credit risk capital of a bank. T hese include the
standardized approach, the foundation IRB approach, and the advanced IRB approach. T he advanced
measurement approach is used for calculating the operational risk of a bank.
Q.2739 Under the Foundation IRB approach for measuring credit risk under Basel II, all of these are
provided by the supervisor, except:
A. PD
B. EAD
C. LGD
D. M
T he correct answer is A.
In the Foundation IRB approach for the measurement of credit risk, the bank only calculates the
probability of default. All other measures for the calculation of capital charge (LGD, EAD, and M) are
prescribed by the supervisor.
229
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2740 All of these are pillars of sound bank management under the Basel II framework, except:
C. Supervisory review
D. Market discipline
T he correct answer is B.
T he three pillars of sound bank management under the Basel II framework include Minimum Capital
Requirements, Supervisory Review, and Market Discipline.
230
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2994 Suppose that G&R Bank’s assets are made up of $267 million of corporate loans, $17 million
of OECD government bonds, and $79 million of residential mortgages. We are also given that
corporate loans have a risk weight of 100%, loans to government agencies and banks in OECD
countries carry a risk weight of 20%, and mortgages have a risk weight of 50%. Compute the total
risk-weighted assets.
A. $520.7 million
B. $306.5 million
C. $267.4 million
D. $487.6 million
T he correct answer is B.
Recall that the total risk-weighted assets for N on the balance-sheet items is given by the following
expression:
N
∑ L iW i
i=1
T herefore:
Note: Cash and securities issued by governments of OECD countries (members of the Organisation
of Economic Co-operation and Development) are considered to have virtually zero risk and have a
risk weight of zero. It is loans to banks and government agencies in OECD countries that have a risk
weight of 20%.
231
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2995 T he following table shows a portfolio of three derivatives (in EUR million) possessed by a
bank with a particular counterparty:
A. 0.74
B. 0.63
C. 0.80
D. 1.31
T he correct answer is C.
Recall that:
max(∑N
i=1 Vi, 0)
N RR =
∑N
i=1 max(Vi, 0)
95 + 80 − 35 = 140
95 + 0 + 80 = 175
T herefore:
140
N RR = = 0.8
175
Q.3232 Jinshi & Houshi Corporation is a large commercial bank operating in mainland China. It has
232
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
adopted the Basel I framework and makes use of the following add-on factors for derivatives:
(b) A three-year interest rate swap with a notional principal of $170 million and a current value of $7
million.
(c) A four-month derivative on a commodity with a principal of $80 million that is currently worth $4
million.
Using this information, estimate the risk-weighted assets for the bank under Basel I if the
counterparty is a corporation (the risk weight for corporations is 0.5). Assume no netting.
A. $7.9825 million
B. $12.925 million
C. $25.850 million
D. $8.925 million
T he correct answer is D.
To calculate the risk-weighted assets for an off-balance sheet item, we must first establish the item’s
credit equivalent amount (CEA). T he credit equivalent amount is then multiplied by the risk weight
For interest rates swaps and other over-the-counter (OT C) derivatives, the credit equivalent amount
is calculated as:
CEA = max(V , 0) + a × L
233
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
where:
a = add-on factor
L = principal amount
T he bank is transacting with a corporation and as per Basel guidelines (as pointed out in the question)
T hus,
Q.3233 Jinshi&Houshi Corporation is a large commercial bank operating in mainland China. It has
adopted the Basel I framework and must maintain at least 8% capital to risk-weighted assets. T he
bank makes use of the following add-on factors for derivatives:
234
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
(b) A three-year interest rate swap with a notional principal of $170 million and a current value of $7
million.
(c) A four-month derivative on a commodity with a principal of $80 million that is currently worth $4
million.
Using this information, estimate the capital requirment for the bank under Basel I if the
counterparty is a corporation (the risk weight for corporations is 0.5). Assume no netting.
A. $1.034 million
B. $2.068 million
C. $0.517 million
D. $1.535 million
T he correct answer is A.
For interest rates swaps and other over-the-counter (OT C) derivatives, the credit equivalent amount
is calculated as:
CEA = max(V , 0) + a × L
where:
a = add-on factor
L = principal amount
235
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
T he bank is transacting with a corporation and as per Basel guidelines (as pointed out in the question)
T hus,
Q.3234 Jinshi&Houshi Corporation is a large commercial bank operating in mainland China. It has
adopted the Basel I framework and had made the following transactions during the year:
(a) A seven-year interest rate swap with a notional principal of $400 million and a current market
value of -$3 million.
(b) A three-year interest rate swap with a notional principal of $170 million and a current value of $7
million.
(c) A four-month derivative on a commodity with a principal of $80 million that is currently worth $4
million.
Given the above information, what is the net replacement ratio (NRR) under Basel I assuming that
the 1995 netting amendment applies?
A. 1.375
B. 1.000
C. 0.727
D. 0.636
T he correct answer is C.
max (∑N
i=1 (Vi, 0))
N RR =
∑N
i=1 (Vi, 0)
8
= = 0.727
11
236
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3235 Jinshi&Houshi Corporation is a large commercial bank operating in mainland China. It has
adopted the Basel I framework and had made the following transactions during the year:
(a) A seven-year interest rate swap with a notional principal of $400 million and a current market
value of -$3 million.
(b) A three-year interest rate swap with a notional principal of $170 million and a current value of $7
million.
(c) A four-month derivative on a commodity with a principal of $80 million that is currently worth $4
million.
Based on this information, what’s the credit equivalent amount with netting agreements and without
netting respectively under Basel I assuming that the 1995 netting amendment applies?
T he correct answer is D.
T he total of the add-on amounts is 1.5% × 400 + 0.5% × 170 + 10% × 80 = $14.85 Million
N N
∑ max (Vi , 0) + (0.4 + 0.6 × N RR) ∑ ai L i
i=1 i=1
237
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3236 Jinshi& Houshi Corporation is a large commercial bank operating in mainland China. It has
adopted the Basel I framework and had made the following transactions during the year:
(a) A seven-year interest rate swap with a notional principal of $400 million and a current market
value of -$3 million.
(b) A three-year interest rate swap with a notional principal of $170 million and a current value of $7
million.
(c) A four-month derivative on a commodity with a principal of $80 million that is currently worth $4
million.
Given this information, what is the risk-weighted asset amount under Basel I if the counterparty is an
OECD Bank assuming that the 1995 netting amendment applies and also in the case that the
amendment does not apply?
T he correct answer is B.
T he credit equivalent amount when netting agreements are in place is given by:
N N
∑ max (Vi, 0) + (0.4 + 0.6 × N RR) ∑ aiL i
i=1 i=1
Since the counterparty is an OECD bank so that the risk weight is 0.2.
RWA with netting is 0.2 × 20.42 = $4.084 million.
238
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3238 Paul Hales is a risk consultant at Kimpala Leasing Bank. T he assets of the bank consist of
$690 million retail loans (not mortgages), mostly fleets of multinational companies financed by
Kimpala. T he bank’s actuary has projected that the probability of default (PD) is 1% and the loss
given default (LGD) is 40%.
Based on this information, what is the worst-case default rate at 99.9% certainty and the expected
loss under the Basel II IRB approach? (Note: In this case, correlation ρ = 0.1216.)
T he correct answer is A.
WCDR (T,X) Or WCDR(X, T ) indicates the Xth percentile of the default rate distribution during a
period of length T. Its components are as follows:
−1
−1
√ρN (X)
W CDR = N [N (P D) + ]
√1 − ρ
P D = probability of default
ρ = correlation parameter
For a problem like this, you would likely be provided with the values for N −1(P D) and N −1(X ), but it
Perhaps to interpret this, we want to find values of z such that P (Z < z) = 0.01, and P (Z < z) = 0.999
Using a table that only shows the right-hand side of the standard normal Z-lookup we would be able to
see that:
P r(Z < 2.33) = 99%, then P (Z < −2.33) = 1 − 99% = 1% . [a consequence of symmetry, i.e, equal
halves]
239
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
T hus,
√0.1216 × 3.09
W CDR = N [−2.33 + ] = N (−1.18031)
√1 − 0.1216
N (−1.1803) = 1– N (1.1803) = 1– P (Z < 1.1803)
= 1– 0.88100 = 0.1190
EL = ∑ EADi × LGDi × P Di
= 690 × 0.4 × 0.01 = 2.76
Q.3239 Paul Hales is a risk consultant at Kimpala Leasing Bank. T he assets of the bank consist of
$690 million retail loans (not mortgages), mostly fleets of multinational companies financed by
Kimpala. T he bank’s actuary has projected that the probability of default (P D) is 1% and the loss
given default (LGD) is 40%. T he correlation parameter is 0.1216 Based on the Basel II accord, what
is the default rate at the 99.9th percentile for the bank?
A. 0.9547
B. 0.0453
C. 0.9531
D. 0.1190
T he correct answer is D.
−1
−1
√ρN (0.999)
DR99.9 = N [N (P Di ) + ]
√1 − ρ
P D = probability of default
ρ = correlation parameter
240
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
For a problem like this, you would likely be provided with the values for N −1(P D) and N −1(X ), but it
Perhaps to interpret this, we want to find values of z such that P (Z < z) = 0.01, and P (Z < z) = 0.999
Using a table that only shows the right-hand side of the standard normal Z-lookup we would be able to
see that:
P r(Z < 2.33) = 99%, then P (Z < −2.33) = 1 − 99% = 1% . [a consequence of symmetry, i.e, equal
halves]
T hus,
√0.1216 × 3.09
DR99.9 = N [−2.33 + ] = N (−1.18031)
√1 − 0.1216
N (−1.1803) = 1– N (1.1803) = 1– P (Z < 1.1803)
= 1– 0.88100 = 0.1190
241
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3240 Python Commercial Bank uses the standardized approach to arrive at an estimate of total risk-
weighted credit risk exposure. An external credit rating agency assigned the following weights to the
bank's risk exposures.
According to the Basel II Accord, as a rough approximation, the bank is mandated to maintain a
minimum capital of:
A. $51.6 million.
B. $1.792 million.
C. $4.128 million.
D. $5.920 million.
T he correct answer is C.
Minimum capital required = 0.08 × (0.80 × $24 million + 1.20 × $12 million + 0.70 × $18 million
+ 0.30 × $17 million + 0.10 × $3 million)
= 0.08 × $51.6 million
= $4.128 million.
According to the Basel II Accord, the bank is mandated to maintain a capital of at least 8% of total
risk-weighted assets.
242
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4216 Which of the following statements gives one of the reasons for the introduction of Basel I
accord?
A. T he continuity of international financial transactions even after the Herstatt Bank failure
B. T he growing competition between the banks in different countries due to the varied level
of capital requirements
T he correct answer is C.
due to growing cross-border financial transactions after the failure of Herstatt bank, and the G10
countries had a common objective that the banks should possess enough equity to cover for the
extreme losses.
Moreover, there was growing competition between banks in different countries due to the
difference in capital requirements. For instance, the banks with the lowest capital requirements
created a perception that they had a competitive advantage. T herefore, BCBS developed a level
243
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
B. Maintenance of sufficient capital for the banks to remain solvent in time of distress
C. Raising the solvency level of small banks to match that of a big bank
T he correct answer is B.
T he Basel I was created to ensure that the financial institutions would possess enough assets to
maintain their solvency in times of distress. T he sufficiency of the capital required was computed
using risk-adjusted capital ratios to establish a level playing field for global financial institutions.
Opti on A i s i ncorrect: Basel I ensured that sufficient capital is maintained the currency to which a
Opti on C i s i ncorrect: T he Basel I accord was aimed at establishing a level playing field for the
financial institutions.
244
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4218 Which of the following ratios did the Basel I used to establish the capital sufficiency of the
banks?
A. Leverage ratio
T he correct answer is B.
T he Basel I accord used a risk-based ratio, which is the ratio of capital to risk-weighted assets
(RWA). T his ratio included the assets on the balance sheets (based on accounting conventions) and
Opti on A i s i ncorrect: T he leverage ratio (ratio of capital to book value of assets) disadvantaged
the banks with low-risk portfolios and advantage those with high-risk portfolios since banks vary in
Q.4219 Under the Basel I framework, what is the required value of the ratio of T ier 1 capital to risk-
weighted assets (RWA)?
A. Greater than 4%
B. Less than 4%
C. Greater than 8%
D. Less than 8%
T he correct answer is A.
Basel, I required a financial institution to maintain the ratio of T ier 1 capital to RWA greater than
T ier 1 Capital
>4
RWA
245
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4220 Based on the Basel I framework, which of the following expressions is incorrect?
T he correct answer is D.
T ier 1 Capital
> 4%
RWA
⇒ T ier 1 capital > 4% (RWA)
Total Capital
> 8%
RWA
⇒ Total capital > 8% (RWA)
Opti on C i s correct: Under the Basel I framework, the Total capital is equivalent to the sum of the
246
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4221 According to Basel I classification of capital, which of the following is NOT a constituent of
T ier 2 capital?
A. Undisclosed reserves
B. Common equity
C. Hybrid instruments
T he correct answer is B.
According to the Basel I framework, T ier 1 Capital includes common equity and disclosed reserves
minus goodwill.
247
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4222 According to Basel I, to create a risk-sensitive ratio, the risk-weighted assets are used as the
denominator. Which of the following is assigned a risk weight of 0%?
T he correct answer is C.
0% weight was assigned to OECD governments such as bonds since it was assumed that no OECD
Opti on A i s i ncorrect: Uninsured residential mortgages were assigned a risk weight of 50%.
Opti on B i s i ncorrect: Exposures such as commercial and consumer loans were assigned a risk
weight of 100%
Opti on D i s i ncorrect: Claims on OECD banks and public sectors were assigned a risk weight of
20%.
248
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4223 T he constituents of an American bank are $200 million of American government bonds, $500
million of loans to corporations, $300 million of uninsured residential mortgages, and $250 million of
residential mortgages issued by the public sector. What is the value of risk-weighted assets (RWA)
based on Basel I accord?
A. $1250 million
B. $600 million
C. $700 million
D. $850 million
T he correct answer is C.
Using the weight ratios under the Basel I accord, the RWA is given by:
249
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4224 According to Basel I, conventional off-balance sheet exposures were converted to an on-
balance sheet equivalent using credit conversion factors. Which of the following off-balance-sheet
category was assigned a credit conversion factor of 100%?
T he correct answer is C.
T he guarantees on loans and bonds, banker's acceptance, and equivalents were assigned a credit
Opti on A i s i ncorrect: Loan commitments with original maturity less than one year were assigned
Opti on B i s i ncorrect: Loan commitments with an original maturity greater than or equal to 1
Opti on D i s i ncorrect: Standby letters of credit of transactions related to credit transactions were
250
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4225 T he derivatives book of a Canadian bank consists of C$500 million notional value of interest
rate swaps and with C$200 million having a maturity of 6 months, C$100 million having the maturity
of one and half years, and the rest having a maturity of 3 years. T he market value of the derivatives
book is C$50 million. According to Basel I accord, what is the credit equivalent amount of the
derivatives book using the current exposure method?
A. C$40.90 million
B. C$49.90 million
C. C$52.30 million
D. C$51.50 million
T he correct answer is D.
According to the current exposure method, credit equivalent is got by adding the amount of changes
contracts future value to the market value of the contract. For the interest-rate swap, the amount of
changes to the future value depends on the maturity of the interest rate swap; zero for maturities
less than one year, 0.5% for remaining maturities five years or less, and 1.5% for more than five
years.
251
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4226 T he constituents of an American bank are $200 million of American government bonds, $500
million of loans to corporations, $300 million of uninsured residential mortgages, and $250 million of
residential mortgages issued by the public sector. If T ier I capital of the bank is $42 million, does the
bank have sufficient capital under Basel I accord?
T he correct answer is A.
Under Basel I accord, for a bank to maintain sufficient capital, the following condition must be met:
T ier 1 Capital
> 4%
RWA
So that:
T ier 1 Capital 42
= = 0.06 = 6% > 4%
RWA 700
252
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4227 Under the Basel I framework, which of the following is one of the methods of measuring
market risk?
T he correct answer is C.
T he amendment of Basel I in 1996 provided ways two methodologies of market risk measurements: a
Options A and B are incorrect because they are the methods of calculating credit equivalent amounts
Option D in incorrect because it is one of the methods for calculating the minimum capital
253
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4400 Which one of the following statements is true concerning the Solvency II capital framework
for insurance companies?
B. When an insurance company breaches Solvency II's minimum requirements, the company
is still allowed to take up new policies.
T he correct answer is C.
In the case, an insurance company breaks the Solvency II minimum capital requirement (MCR), the
supervisors may decide to stop the stressed firm from writing new policies or put the insurer into
resolution
Opti on A i s i ncorrect: Solvency II uses both standardized and internal model-based approaches to
compute SCR.
T hings to Remember:
254
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4401 T he Solvency II uses both standardized and internal model-based approaches to compute SCR.
However, if an insurance company decides to use internal models, the models must satisfy certain
conditions. Which of the following is one of the conditions?
T he correct answer is B.
T he internal models used must take into consideration the following factors:
255
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4403 A bank majors in four business lines whose corresponding multipliers and gross income (in
millions) for three years are given in the table below:
Based on the Basel II accord, what is the value of the required capital for operational risk under the
Basic Indicator approach?
A. 7.2
B. 4.0
C. 10.2
D. 10.5
T he correct answer is D.
T his method computes the capital for the operational risk as the 15% of the bank’s average annual
gross income over the past three years while ignoring years that resulted in negative gross income.
So,
Note that the multiplier column has been excluded since we do not need it here. T herefore, the
65 + 71 + 74
0.15 [ ] = 10.5 million
3
256
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4404 T he Basel Committee defined operational risk as the risk that occurs due to inadequate or
failed internal processes, people and systems or from external events. Which of the following
methods of determining capital required for operational risk is incorrectly described as per Basel II
accord?
A. Basic Indicator Approach: computes the capital for the operational risk as 15% of the
bank’s average annual gross income over the past three years while ignoring years that
resulted in negative gross income
B. Standardized approach: computes bank’s average annual gross income over the past three
years while ignoring years that resulted in negative gross income using the same multiplier
across assets
C. Advanced Measurement Approach (AMA): computes the required capital for operational
risk as 99.9% VaR measured using internal models less expected operational losses
T he correct answer is B.
T he standardized approach computes bank’s average annual gross income over the past three years
while ignoring years that resulted in negative gross income using the di fferent mul ti pl i ers i n
each asset. Opti ons A, C are i ncorrect: T he methods are correctly described.
257
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4405 A Canadian bank has assets consisting of CAD 300 million BB-rated drawn loans. T he
probability of default is estimated (PD) to be 0.01, the LGD is 30%, and DR is estimated to be 0.10.
What is the RWA for the bank with regard to the Basel II accord?
T he correct answer is D.
Recall that retail exposures were calculated similarly to that of advanced IRB only that there is no
maturity adjustment. So,
Note:
Under Basel II, banks are required to maintain a total capital ratio (T ier 1 + 2 + 3) of
minimum 8%. 12.5 is the inverse of 8%. T he multiplier has the effect of turning a capital
DR = the default rate at the 99.9th percentile for a large portfolio of assets of type i.
258
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4406 T he bank’s probability of default (PD) is estimated to be 0.01. What is the approximated value
of the asset correlation in the context of the Basel II framework?
A. 0.1562
B. 0.1453
C. 0.1928
D. 0.2341
T he correct answer is C.
1 − e−50PD 1 − e−50PD
ρ = 0.12 [ ] + 0.24[1 − ]
1 − e−50 1 − e−50
Since we are given PD=0.01, then the asset correlation is given by:
1 − e−50×0. 01 1 − e−50×0. 01
ρ = 0.12 [ ] + 0.24 [1 − ] = 0.1928
1 − e−50 1 − e−50
Q.4408 Assume that a bank has a portfolio of four derivatives with two counterparties, as shown in
the table below:
What is the value of the credit equivalent of the derivative portfolio based on the 1995 netting
amendment?
A. 60.23
B. 62.45
C. 42.54
D. 35.2
259
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
T he correct answer is D.
According to the 1995 amendment of Basel I, the Credit equivalent amount is given by
N
CEA = max (∑ Vi , 0) + ∑ (0.4 × Dj + 0.6 × Dj × NRR)
i=1 j
max (∑N
i=1 Vi, 0)
NRR =
∑N
i=1 max (Vi, 0)
Now,
N
max (∑ Vi , 0) = max (0, 10) = 10
i=1
Note that the current exposure portion of the credit equivalent is 10 for counterparty 1 because -5
exposure on the first interest rate is netted against 15 on the second interest rate. Moreover, the
current exposure for counterparty 2 is 0 current since exposure cannot be negative (-10).
Now,
max (∑N
i=1 Vi, 0) Current exposure 10
NRR = = = = 0.6667
∑N
i=1 max (Vi, 0) sum of positive Exposure15
T he add-on factor for the potential future exposures is calculated for each derivative
So,
260
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
T herefore:
N
CEA = max (∑ Vi, 0) + ∑ (0.4 × Dj + 0.6 × Dj × NRR) = 10 + 25.2 = 35.2
i=1 j
261
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Reading 120: Solvency, Liquidity and Other Regulation After the Global
Financial Crisis
Q.2347 BastaBank from Bari, Italy, has just adopted Basel II.5 regulations after years of Basel II
compliance. T he bank’s risk management team wants to bring the directors up to speed, particularly
with regard to the new requirements under Basel II.5. T he team has prepared a report highlighting
the main changes. T hese most likely have a lot to do with:
A. Calculation of capital requirement for liquidity risk, calculation of stressed VaR, and a new
methodology of capital calculation.
B. Calculation of stressed VaR, a new incremental risk charge, and a comprehensive risk
measure for instruments dependent on credit correlation.
C. A new incremental risk charge, a comprehensive risk measure for instruments dependent
on credit correlation, and a new methodology of capital calculation.
D. A new incremental risk charge, new requirements for IRB parameters calculation, and
new requirements for liquidity measurement.
T he correct answer is B.
Q.2348 Cosomora Bank from Eindhoven, Holland, is one of the largest European banks with a large
trading book. T he bank has been under Basel II and is currently in the later stages of Basel II.5
implementation. What will be the main effect of shifting from Basel II to Basel II.5?
T he correct answer is C.
T he main effect of the implementation of Basel II.5 (from Basel II) is greatly increasing the market
risk capital that large banks are required to hold.
262
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2349 With the introduction of Basel II.5, the Basel Committee requires banks to calculate the so-
called stressed VaR. Stressed VaR was introduced mainly because of:
T he correct answer is B.
T he 2003-2006 period was one where the volatilities of most market variables were low. As a result,
the market risk VaRs calculated during this period for regulatory capital purposes were also low.
Furthermore, the VaRs continued to be too low for a period of time after the onset of the crisis,
because much of the data used to calculate them continued to come from a low-volatility period.
Q.2353 Katerini Bank from Greece is in the process of implementing Basel III regulations. One of the
first assignments of its risk management team is to calculate the required regulatory capital. In line
with Basel III, the bank should have the following categories of capital, except:
A. T ier 1 capital
B. T ier 2 capital
C. T ier 3 capital
T he correct answer is C.
263
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
B. Share capital
C. Goodwill
T he correct answer is B.
T ier 1 equity capital (also referred to as core T ier 1 capital) includes share capital, retained
earnings, and a limited amount of minority interest and unrealized gains and losses. Goodwill or
deferred tax assets are deducted. It must be adjusted downward to reflect defined benefit pension
plan deficits but is not adjusted upward to reflect defined benefit plan surpluses. Changes in retained
earnings arising from a bank's own credit risk or securitized transactions are not counted as part of
the capital for regulatory purposes.
Q.2356 In Basel III, the Basel Committee introduced, among others, a new requirement named
leverage ratio. T he main reason for its introduction was that:
B. Banks had too much discretion in the way risk-weighted assets were calculated.
D. Banks would have unlimited discretion while calculating their regulatory capital.
T he correct answer is B.
T he Basel Committee introduced the leverage ratio because regulators thought that banks had too
much discretion in the way risk-weighted assets were calculated. T hey have far less discretion in the
way “total exposure” is calculated.
264
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2358 Berthold Bruhne, a risk manager for the bank of Salzburg, was attending a board meeting
where he presented the results of the liquidity coverage ratio (LCR) calculation. According to him,
the bank’s LCR stood at 152% as of December 31st, 2016, safely above the required minimum. His
conclusion was that the bank could survive liquidity disruptions in the next:
A. 1 year
B. 60 days
C. 30 days
D. 15 days
T he correct answer is C.
T he liquidity coverage ratio is an important part of the Basel Accords, as they define how much liquid
assets have to be held by financial institutions. Because banks are required to hold a certain level of
highly liquid assets, they are less able to lend out short-term debt. T he LCR focuses on a bank's
ability to survive a 30-day period of liquidity disruptions.
C. Ratio between high-quality liquid assets and net cash outflows in a 30-day period.
D. Ratio between stable funding and net cash outflows in a 30-day period.
T he correct answer is C.
T he LCR focuses on a bank's ability to survive a 30-day period of liquidity disruptions. It is defined as:
High-quality liquid assets / Net cash outflows in a 30-day period
265
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2360 CIB Bank from Oklahoma City, USA, is a G-SIB, as classified by the Financial Stability Board.
T his implies that:
C. T he bank has a global reach and has been successful for an extended period.
T he correct answer is B.
T he term G-SIB stands for global systemically important bank. T heir failure could be nearly
catastrophic, triggering a market-wide disruption that could lead to a financial crisis. T he systemic
importance of a bank or other financial institution depends on the effect that its failure could have on
the global financial system. T his, in turn, depends on the nature of its activities and the contracts it
has entered into with other financial institutions globally.
Q.2361 Catalina Insurance from T ucson, Arizona, is identified as a SIFI. It is, however, not a D-SIB.
Why is that so?
D. Catalina Insurance is above the capital threshold designated by the Basel Committee.
T he correct answer is C.
T he term SIFI (systemically important financial institution) is used to describe both banks and
nonbanks that are considered to be systemically important. T he popular view of SIFis is that they
are "too big to fail," and have been identified as the financial institutions that will have to be bailed
out if they run into financial difficulties. National regulators designate some banks that have not been
classified as G-SIBs as domestic systemically important banks (D-SIBs).
266
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2741 All of these are changes that were implemented through Basel 2.5, except:
D. Calculation of the net stable funding ratio (NSFR) and the liquidity coverage ratio (LCR).
T he correct answer is D.
Basel 2.5 introduced three major changes; these include distressed VaR, incremental risk charge, and
a comprehensive risk measure for instruments dependent on credit correlation.
Basel III contains two entirely new liquidity requirements: the net stable funding ratio (NSFR) and
the liquidity coverage ratio (LCR).
267
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2743 Which of the following correctly describes the time horizon considered by the Liquidity
Coverage Ratio (LCR) and the Net Stable Funding Ratio (NSFR)?
T he correct answer is D.
T he Liquidity Coverage Ratio (LCR) focuses on the ability of a bank to survive a 30-day period of
liquidity disruptions. On the contrary, the NSFR focuses on the long-term liquidity management of
LCR is an obligation under Basel III for banks to maintain liquid assets sufficient to fund cash
outflows for 30 days. LCRs aim to anticipate market-wide shocks and ensure financial institutions
have the capital necessary to withstand short-term liquidity disruptions. As part of the rule, banks
must have enough high-quality liquid assets (HQLA) on hand to match net cash outflows over 30 days
in a scenario of market stress in which creditors withdraw funds. As a rule of thumb, an asset can be
considered as HQLA if it is low risk, has a high likelihood of remaining liquid during a crisis, is
actively traded on secondary markets, is not subject to excessive price volatility, is easily valued, and
In contrast, the NSFR takes a longer-term perspective and aims to create “additional incentives for a
bank to fund its activities with more stable sources of funding on an ongoing structural basis.” Banks
are required to maintain a minimum amount of stable funding backing their assets for a year or
longer. Various types of funding and assets are given different weights to reflect their stability and
liquidity under stressed conditions. A stable funding source is defined as one that can be relied upon
under stress. It is classified by type, counterparty, and maturity date. T he NSFR requires the highest
level of stable funding for assets that do not qualify for HQLA under the LCR.>/p>
268
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.2997 Goodwill Bank’s balance sheet contains the following items. T he available stable funding
(ASF) and required stable funding (RSF) factors for each category of funding capital are also
provided:
ASF factor
Retail Deposits 35 90%
Wholesale Deposits 50 50%
T ier 2 Capital 5 100%
T ier 1 Capital 10 100%
RSF Factor
Cash 7 0%
Mortgages 38 65%
T reasury Bonds 6.5 5%
Small Business Loans 54 85%
Fixed Assets 12 100%
A. 84.9%
B. 86.2%
C. 83.1%
D. 88.0%
T he correct answer is B.
Recall that:
And:
T herefore:
71.500
N SF R = = 0.862 = 86.2%
82.925
269
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3237 Exim Bank estimates its stable funding to be $100 million. Further, net cash outflows over
the coming 30 days are estimated to hit $155 million. Exim bank has capital of $10 million and its total
exposure stands at $150 million. T he bank's high-quality liquid assets are valued at $140 million.
Determine the bank’s liquidity coverage ratio (LCR) as stipulated in Basel III.
A. 0.9032
B. 0.875
C. 1.1
D. 1.4
T he correct answer is A.
According to Basel III rules, the bank needs a minimum liquidity coverage ratio (LCR) of 100%. T he
LCR focuses on the bank’s ability to see it through a 30-day period of disrupted liquidity. T he LCR
formula is as follows:
In this case,
$140 million
LCR = = 0.9032 = 90.3%
$155 million
It's evident that Exim bank has not met the minimum 100% requirement and is in violation of the
rule.
270
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3242 A bank has a previous-period stressed VAR of $20 million, a multiplication factor (M) of 4, and
a stressed VAR average over the previous 60 trading days of $7 million. Which of the following values
is the correct stressed VAR amount for this bank?
A. $28 million
B. $20 million
C. $48 million
D. $8 million
T he correct answer is A.
T he RSF for the assets are 0%, 5%, 50%, 65%, 85% and 100% respectively. T he ASF for the
liabilities are 90%, 80%, 50% 100%, 100% and100% respectively. Given the balance sheet
information, what is the net stable funding ratio?
A. 0.81
B. 1.23
C. 0.89
D. 1.12
271
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
T he correct answer is D.
77.5
N SF R = = 1.12
69.45
Note that:
272
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
273
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3245 T he Royal Bank of Neptune has average capital and total exposure for the period ended June
30, 2018 as follows:
For the period ended June 30, 2018, the average Exposure for Neptune Bank is $78 Billion
Using the Basel III framework, which of the following is the best estimate of the bank’s current
leverage ratio?
A. 5.77%
B. 4.74%
C. 3.08%
D. 4.10%
T he correct answer is C.
Note that, T ier 1 Equity Capital is also known as Core T ier 1 Capital
274
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Based Basel III capital requirements and solely on the above information, the tier 1 and tier 2 capital
numbers are, respectively:
A. $730,000,000 and $0
T he correct answer is D.
T ier 1 capital consists of equity plus unrealized gains/losses less goodwill = 730+33-92 = $671
million.
275
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3247 As a result of the credit crisis, the Basel Committee revised the market risk framework and
introduced a stressed V aR requirement. A bank uses the internal models approach for market risk
and has generated the following risk measures for the current trading book positions at 99%
confidence level:
Latest Available 10-day V aR = $289
T he supervisory authority has set the multiplication factors for both the V aR and stressed V aR
values to 3. What is the capital requirement for general market risk?
A. $5,502
B. $1,390
C. $1,756
D. $4,987
T he correct answer is A.
276
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3250 Steve Warne is an advisor at a local Bank which is attempting to transition to the new Basel
III standards. Specifically, they are wondering if their liquidity and funding ratios meet the updated
requirements as specified by the Basel Committee. Given the following information, what is the
bank's current liquidity coverage ratio?
A. 48.46%
B. 86.45%
C. 206.3%
D. 115.67%
T he correct answer is B.
$236
Bank's liquidity coverage ratio = = 0.8645 = 86.45% .
$273
277
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4285 After the global financial crisis, it was realized that the minimum capital charges under the
market risk amendment were not sufficient to address trading book risks. Which of the following is
one of the significant changes implemented in 2011 to address these trading book risks, which was
later known as Basel 2.5?
B. A portion of operational risk was required on top of credit and market risk
C. T he risk weights in credit risk formulas were to be based on modern credit risk and banks’
internal measures
D. It was ruled out that the T ier 1 capital was necessary for the preservation of
maintenance, while T ier 2 capital was to be used for the recapitalization of a financial
institution in resolution and decrease the level of failures on the depositors
T he correct answer is A.
After the global financial crisis of 2007-2009, the minimum capital charges made on the market risk
were insufficient to underlying trading-book risks. As a result, the Basel committee instituted the
changes that the VaR calculations were to include the stressed VaR component, addition of capital for
incremental risk, and comprehensive risk requirements for securitizations and related instruments.
T his came to be known as Basel 2.5.
Opti ons B and C are i ncorrect: T hese are the extra innovations that Basel II made on top of the
Basel I requirements.
Opti on D i s i ncorrect: It is one of the assumptions made while defining the components of capital
278
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4286 Which of the following statements is correct about the stressed VaR in Basel 2.5?
A. Stressed VaR is calculated by multiplying 1-day VaR from the recent daily variation in
values by √10
B. Stressed VaR is drawn from one year from the most recent seven years that exhibited
stress in its current portfolio
C. Stressed VaR is drawn from one year from the most recent ten years that exhibited stress
in its current portfolio
T he correct answer is B.
A bank was required to identify a one-year (that is, 250 trading days) period from the latest seven
years that was most stressful for its current portfolios.
Opti on A i s i ncorrect: T his was the method of calculating the market risk amendment using the
Opti on C i s i ncorrect: Basel 2.5 required banks to identify one year from the latest seven years
(not ten years) that was most stressful for its current portfolios.
Q.4287 T he 99% 10-day VaR for ABC Bank is $800. T he average 99% VaR for the recent 60 days is
$360. Over the past seven years, the most stressful 10-day 99% VaR is $950 and the most stressful
60-day average 99% VaR is $370. T he multiplier on the average 99% VaR for the recent 60 days is
2.5, and that of the most stressful average 99% VaR for the recent 60 days over the past seven years
is 2.2. What is the estimated market risk capital charge for this bank under Basel 2.5?
A. $1,850
B. $1,160
C. $1,320
D. $2,460
T he correct answer is A.
279
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Where:
VaR t−1 =traditional 10-day, 99% VaR drawn from the previous day
mr and ms are the respective multipliers of VaR avg and SVaR avg respectively
280
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4288 Which of the following is one of the variants of calculating incremental default risk charge
(IDRC) as proposed by Basel 2.5?
T he correct answer is D.
T he Basel Committee proposed adding IDRC to specific risk which through two forms:
An internal model of default risk tailored to 99.9th percentile at one-year time horizon
When the internal model is unavailable, either standardized or current exposure approach
Q.4289 Which of the following are the components of T ier 1 capital in the context of Basel III
capital definition?
T he correct answer is A.
In the context of Basel III, T ier 3 capital was eliminated, and the T ier 1 capital divided into T ier 1
equity capital and Additional T ier 1 capital.
Opti ons B and C are i ncorrect: Common equity, Retained earnings, Unrealized gains and losses
Opti on D i s i ncorrect: Goodwill is usually subtracted from the T ier 1 equity capital.
281
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4290 Assume that a bank has common equity of $100 million, retained earnings of $80 million,
minority interest and unreleased gains and losses of $20 million, and goodwill and other intangibles of
$5 million. What is the value of T ier 1 equity capital in the context of the Basel III accord?
A. $190 million
B. $195 million
C. $205 million
D. $100 million
T he correct answer is B.
In the context of Basel III, T ier 1 equity capital consists of common equity, retained earnings, and a
limited amount of minority interest and unrealized gains and losses less goodwill and other intangibles.
So, in this case:
Q.4291 T he estimated risk-weighted assets of a bank is $200 million. In the context of Basel III, the
Core T ier 1 (T ier 1 Equity Capital) of the bank is at least:
A. $10 million
B. $4.5 million
C. $9 million
D. $12 million
T he correct answer is C.
Basel III changed the minimum capital requirements such that the Core T ier 1 capital must be at
least 4.5% of the risk-weighted assets (RWA). So, in this case, the Core T ier 1 must be at least:
282
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4292 T he estimated risk-weighted assets of a bank stand at $400 million. In the context of Basel III,
what is the bank's minimum T ier 1 capital?
A. $18 million
B. $12 million
C. $16 million
D. $24 million
T he correct answer is D.
T he minimum T ier 1 capital increases from 4% in Basel II to 6%, applicable in 2015, over RWAs.
T his 6% is composed of 4.5% of CET 1, plus an extra 1.5% of Additional T ier 1 (AT 1). So in this case,
T ier I capital must be at least $24 million:
Q.4293 In the context of Basel III, the T ier 2 capital is designed to address the losses after failure and
thus protects the depositors and other creditors of the bank. Which of the following is NOT a
component of T ier 2 capital?
A. Subordinated debt
T he correct answer is D.
According to Basel III, T ier 2 capital was structured to cover the losses after a failure, thus
protecting the depositors and other creditors. T ier 2 consisted of: (I). Subordinated debt, which
included unsecured, unguaranteed, debt instruments subordinated to depositors and subordinated
debt, with five or more years maturity, and callable only after five or more years. (II). General loan
loss reserves. T hese were not allocated to absorb losses on specific positions. T hey included capital
limited at 1.25% of standardized approach RWAs or 0.6% of IRB RWAs.
283
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4295 Which of the following statements correctly describes Systemically Important Financial
Institutions (SIFIs)?
B. T hey are entities whose failure or distress will affect the whole market or the whole
economy.
C. T hey are the entities whose failure affects only its stakeholder but not the broader
market system or the economy
D. T hey are the market entities whose failure can be reversed by government financing
without affecting its stakeholders
T he correct answer is B.
SIFIs are entities whose failure impacts the whole financial market or the whole real economy.
Opti on A i s i ncorrect: SIFIs are usually subject to numerous supervisions and regulations
Opti on C i s i ncorrect: T he failure of a SIFIs is usually felt, first by the stakeholders and then the
support continuously.
284
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.4296 T he liquidity coverage ratio (LCR) of a bank is approximated to be 1.30. Under Basel III
liquidity requirements, does the bank fulfill the required LCR?
T he correct answer is B.
Since the LCR for this bank is 1.30, then it meets the requirements.
285
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3092 T he following are motivations for revising the Basel III framework EXCEPT :
A. To align definitions with the internal ratings-based approach (IRB) by introducing a new
definition for default.
B. To expand banks’ borrowing powers to enable them mitigate market risk in periods of
stress.
C. To improve liquidity by requiring banks to hold liquid assets sufficient to run the bank for
30 days during times of stress.
D. To limit procyclicality by requiring banks to hold sufficient retained earnings that can be
drawn down during periods of economic stress.
T he correct answer is B.
A focal point in the revised Basel III framework has much to do with banks’ use of leverage. Market
analysis has revealed that banks have had tendencies to borrow high amounts of money that only
exacerbate financial pressure in time of stress. As a result, the revised requirements further
restrict the use of debt among banks.
286
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3093 Which of the following changes have been set forth by Basel III with reference to the
changes credit risk?
B. I, III, and IV
C. II and III
D. I, II, and IV
T he correct answer is D.
III is incorrect. For retail exposures, a more granul ar treatment applies, which distinguishes
between different types of retail exposures.
287
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3094 Which of the following is not an approach for calculating credit risk capital?
A. Standardized approach
T he correct answer is D.
Banks are required to adopt the following methods while calculating credit risk capita
Under the IRB approach, banks are allowed to use their internal rating systems conditional on
T he advanced IRB approach (i.e., use their internal estimates of risk parameters such as
T he foundation IRB approach (i.e., use only their internal estimates of PD).
Q.3095 Capital Bank, a hypothetical a global systematically important bank (G-SIB) based in Europe, is
subject to a 5% risk-weighted higher-loss absorbency requirement. In line with Basel III reforms,
the bank would be subject to a leverage ratio buffer requirement of:
A. 5%
B. 10%
C. 2.5%
D. Zero: the bank has already surpassed the required 3% risk-weighted higher-loss
absorbency requirement
T he correct answer is C.
To mitigate against the externalities or rather the ripple effect associated with the failure of G-SIBs,
the leverage ratio is set at 50% of a G-SIB’s riskweighted higher-loss absorbency requirements.
T herefore, a G-SIB with a 5% risk-weighted higher-loss absorbency requirement would be subject to
a leverage ratio buffer of 2.5%.
288
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3096 Prime Bank’s risk-weighted assets stood at $200 million as of December 2018. What is this
bank’s common equity requirement plus the capital conservation buffer, according to Basel III?
A. $9,000,000
B. $14,000,000
C. $12,000,000
D. $16,000,000
T he correct answer is B.
Under Basel III, Common Equity T ier I (CET I) risk-weighted requirements consist of a capital ratio
of 4.5% plus an additional capital conservation buffer of 2.5%, making up a CET ratio of 7%. With
risk-weighted assets of $200 million, therefore, the bank’s CET I requirement will be $14 million (=
7% × $200m)
Q.3097 T he Basel III reforms announced in 2017 require banks to calculate Credit Value adjustment
risk using all of the following methods EXCEPT :
B. T he standardized approach
T he correct answer is A.
T he updated guidelines remove the use of an internally modeled approach and instead emphasize the
use of two main methods: (I) the standardized approach (SA-CVA), and (II), the simpler basic approach
(BA-CVA).
289
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3098 T he new standardized approach for determining a bank’s operational risk capital
requirements assumes that:
A. I only
B. II only
C. Both I and II
D. Neither I nor II
T he correct answer is B.
As per the new standardized approach, operational risk capital requirements based on two
components: (i) a measure of a bank's income; and (ii) a measure of a bank's historical losses.
Furthermore, it assumes: (i) that operational risk i ncreases at an i ncreasi ng rate with a bank's
income; and (ii) that banks which have a history of operational risk losses are more likely to
experience operational risk losses in the future.
290
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
T he bank’s supervisor has set an internal loss multiplier of 1. T he capital requirement for
operational risk for the bank, using the standardized approach, is equal to:
A. 10.00
B. 10.64
C. 5.76
D. 12.00
T he correct answer is B.
where:
αi is the BI coefficient for business line i, and BIi is the business line indicator
T hus, value of the capital requirement = (48 × 0.08) + (44 × 0.10) + (20 × 0.12) = 10.64
291
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3100 Basel III reforms replace the existing Basel II floor with a floor based on the revised Basel III
standardized approaches. T he revised floor sets the minimum level of:
A. leverage
B. equity
C. capital
T he correct answer is C.
Consistent with the original floor as outlined in Basel II, the revised floor places a lower bound/limit
on the regulatory capital benefits that banks using internal models can derive relative to the
standardized approaches. In effect, the output floor acts as a ri sk -based back stop that attempts to
level the playing field by limiting the extent to which banks using internal models can lower their
capital requirements relative to the standardized approaches.
Q.3101 A hypothetical a global systematically important bank (G-SIB) based in Europe, is subject to a
$200 million risk-weighted higher-loss absorbency requirement. In line with Basel III reforms, the
bank would be subject to a leverage ratio buffer requirement of:
A. $100 million
B. $50 million
C. $200 million
D. $400 million
T he correct answer is A.
T he leverage ratio among G_SIBS is set at 50% of the bank’s riskweighted higher-loss absorbency
requirement. T herefore, a G-SIB with a $200m risk-weighted higher-loss absorbency requirement
would be subject to a leverage ratio buffer of $100m.
292
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3102 Bank A has $200 million in tier 1 capital and $100 million in tier 2 capital. Bank A loaned $50
million to XYZ Corporation, which has 30% riskiness, and $100 million to Brighter World, Inc., which
has 50% riskiness. T he bank’s capital adequacy ratio is equal to:
A. 3.52
B. 1.51
C. 2.20
D. 4.61
T he correct answer is D.
Bank A has risk-weighted assets of $65 million($50 million × 0.3 + $100 million × 0.50).
$300 million
Its resulting capital adequacy ratio is 4.61 ( ).
$65 million
293
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3103 Four European banks, A, B, C, and D have the following capital amounts and risk weighted
assets (in $m):
Bank A B C D
T ier I capital 5 8 15 25
T ier II capital 3 3 5 10
Risk-weighted assets 30 40 240 230
Which of the four banks is in violation of the capital adequacy requirements as set out in the Basel
III reforms announced in 2017?
A. Bank A
B. Bank B
C. Bank C
D. Bank D
T he correct answer is C.
According to the revised Basel III guidelines, the minimum capital adequacy ratio, including the
capital conservation buffer, is 10.5%. As can be seen from the calculations below, only bank C has
Bank A B C D
T ier I capital 5 8 15 25
T ier II capital 3 3 5 10
Risk-weighted assets 30 40 240 230
CAR (Capital adequacy ratio) 26.7% 27.5% 8.3% 15.2%
294
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
T he bank’s supervisor has set an internal loss multiplier of 1. T he capital requirement for
operational risk for the bank, using the standardized approach, is equal to:
A. 67
B. 80
C. 51
D. 45
T he correct answer is C.
where:
αi is the BI coefficient for business line i, and BIi is the business line indicator
T hus, value of the capital requirement = (100 × 0.12) + (200 × 0.15) + (50 × 0.18) = 51
295
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3105 In the most recent global financial crisis (2007/2008), banks suffered huge losses resulting
from CVA risk – losses related to the deterioration of a counterparty’s creditworthiness in derivative
contracts. In the aftermath of the crisis, the Basel Committee has enhanced the CVA framework with
a view to:
A. Keep losses associated with CVA risk at less than 10% of the total value of the derivatives.
B. Totally eliminate CVA losses by conducting due diligence on all counterparties before a
contract comes into force.
C. Enhance the risk sensitivity of the framework by recognizing more risk drivers.
D. Limit derivative contracts at not more than 20% of the total capital for a bank.
T he correct answer is C.
To enhance ri sk sensi ti vi ty
T he revised CVA framework takes into account the exposure component of CVA risk as
T he updated guidelines remove the use of an internally modeled approach and instead
emphasize the use of two main methods: (I) the standardized approach (SA-CVA), and (II),
the simpler basic approach (BA-CVA). In addition, banks with minimal engagement activities
in derivative transactions can use their credit counterparty risk (CCR) capital
T he standardized and basic approaches of the revised CVA framework have been revised to
be consistent with the approaches used in the revised market risk framework.
296
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3106 T he Basel Committee has agreed on various additional enhancements to the IRB approaches
to further reduce unwarranted RWA variability. Which of the following correctly outlines a measure
that has been put forth for adoption by banks?
A. Secured exposures: increasing the haircuts that apply to the collateral; Unsecured
exposures: reducing the LGD parameter from 45% to 40% for exposures to non-financial
corporates.
B. Secured exposures: reducing the LGD parameters; Unsecured exposures: reducing the
LGD parameter from 25% to 20% for exposures to non-financial corporates.
C. Secured exposures: decreasing the haircuts that apply to the collateral; Unsecured
exposures: reducing the LGD parameter from 45% to 40% for exposures to non-financial
corporates.
D. Secured exposures: increasing the LGD parameters; Unsecured exposures: increasing the
LGD parameter from 40% to 50% for exposures to non-financial corporates.
T he correct answer is A.
Adjustments have been made to the supervisory specified parameters in the Foundation – Internal
ratings based approach (F-IRB), including: (i) for exposures secured by nonfinancial collateral,
increasing the haircuts that apply to the collateral and reducing the LGD parameters; and for
exposures that are unsecured, reducing the LGD parameter from 45% to 40% for exposures to non-
financial corporates.
Q.3107 T he initial phase of the Basel III framework focused, in part, on increasing the quality of
bank regulatory capital to cover unexpected losses. As such, the Minimum T ier I capital:
T he correct answer is A.
T he initial phase of the Basel III framework focused, in part, on the following objectives increasing
the quality of bank regulatory capital to cover unexpected losses. Minimum T ier I capital rose from
4% to 6%.
297
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3108 T he initial phase of the Basel III framework was announced in 2010. Which of the following
is not one of the objectives it focused on?
A. To constrain banks’ borrowing rate (leverage) hence avoid a build-up of debt which would
exacerbate financial pressure during a downturn.
B. To improve liquidity by requiring banks to hold liquid assets sufficient to run the bank for
180 days during times of stress.
D. To limit procyclicality by requiring banks to hold sufficient retained earnings that can be
drawn down during periods of economic stress.
T he correct answer is B.
One of the objectives Basel III focused on is to improve liquidity by requiring banks to hold liquid
assets sufficient to run the bank for 30 days during times of stress.
A. In 2010
B. In 2014
C. In 2015
D. In 2017
T he correct answer is D.
T he initial phase of the Basel III framework was announced in 2010. However, the Basel III reforms
were announced in 2017.
298
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3111 A Bank holding company based in Germany has two subsidiaries, A and B. T he business
indicator values of each are given in the table below:
Bank A B
BI €800 million €1.2 billion
A. Bank A would be expected to calculate operational risk capital based on the Advanced
Measurement Approach while Bank B would employ the standardized measurement
approach.
B. Only Bank B would be expected to set aside capital for operational risk.
D. Neither Bank A nor Bank B would be expected to set aside some capital for operational
risk.
T he correct answer is C.
For firms with BI levels less than €1bn, the ILM is set to 1, and therefore internal loss data does not
affect the capital calculation. However, for banks with BIs of more than €1bn (bucket 2-3), internal
loss experience must be taken into account while calculating operational risk capital.
Options A, B, and D are all incorrect. As per the Basel III reforms announced in 2017, all banks are
required to use the standardized approach in operational risk capital calculations.
Q.3112 In light of Basel III reforms, which of the following items must be excluded from gross loss
calculations following an operational risk event?
B. Fees paid in exchange for legal counsel following a breach of client data.
T he correct answer is A.
Internal or external expenditures used to enhance the business after an operational risk event must
be excluded from gross loss calculations. System upgrades fall under that category.
299
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3113 T he following information has been extracted from the P&L of a European bank over a 3-
year period:
Using the Standardized Measurement Approach, the bank’s Business Indicator (BI) for the year ended
31 Dec 20X8 is closest to:
A. €4.45 billion
B. €1.9 billion
C. €2.6 billion
D. €500 million
T he correct answer is A.
Under the standardized measurement approach, SMA, a bank’s BI has three components: the
interest, leases and dividends component (ILDC), the services component (SC), and the financial
component, FC. To determine the value of BI, we must sum up the 3-year average of each of these
components:
T hus,
Q.3114 T he chief risk officer at an international bank would like to determine the bank’s operational
risk capital in line with Basel III reforms under the Standardized Measurement Approach. T he
following information is available:
Business Indicator, BI: €36 billion
Loss Component, LC: €5.8 billion
A. €4.35 billion
B. €5.62 billion
300
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
C. €5.55 billion
D. €1.01 billion
T he correct answer is B.
To answer this question, it’s important to have the BI ranges and the marginal BI coefficients – as
outlined in Basel III reforms – at your fingertips.
Recall that
ORC = BI C × I LM
Where
BI C = ∑ (α i × BI i )
And,
0. 8
LC
I LM = ln [exp (1) − 1 + ( ) ]
BI C
BI Bucket 1 2 3
BI Range ≤ 1 bn €1 bn < BI ≤ €30 bn €30 bn
Marginal BI Coefficient 0.12 0.15 0.18
BI of € 40 €1bn × 12% € = (30 − 1) × 15% = €(36 − 30) × 18%
= €0.12bn = €4.35bn = €1.08bn
BIC=sum of Buckets 1-3 = €5.55bn
5.8 0. 8
I LM = ln [exp (1) − 1 + ( ) ] = 1.0131
5.55
301
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3115 T he following are verified historical loss data for an international bank over a 10-year period
(in billions of Euros)
[3.8, 2.9, 2.8, 2.8, 0.6, 0.4, 0.1, 0.2, 0.1, 0.2]
Determine the bank’s Internal Loss Multiplier as computed under the Standardized Measurement
Approach (T he bank’s Business Indicator Component is €18 billion)
A. 1.39
B. 0.9288
C. 1.0
D. 1.0449
T he correct answer is D.
0. 8
LC
I LM = ln [exp (1) − 1 + ( ) ]
BI C
Where LC = 15 times a bank's average historical losses over the preceding 10 years.
T hus,
20.85 0. 8
ILM = ln[exp (1) − 1 + ( ) ] = 1.0449
18
Q.3116 T he following are verified historical loss data for a large established bank over a 10-year
period (in billions of Euros)
[0.8, 0.9, 0.7, 0.8, 0.06, 0.04, 0.10, 0.09, 0.03, 0.0]
Determine the bank’s operational risk capital, ORC, as computed under the Standardized
Measurement Approach
A. €115 million
B. €3.52 million
302
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
C. €361 million
D. €100 million
T he correct answer is A.
Recall that
ORC = BI C × I LM
Where
BI C = ∑ (α i × BI i )
And,
0. 8
LC
I LM = ln [exp (1) − 1 + ( ) ]
BI C
Also recall that for firms with BI levels less than €1bn, the ILM is set to 1, and therefore internal
T hus, the operational risk capital in his case is a function of the business Indicator Component only.
With a BI of €960 million, the bank falls under bucket 1 of the Basel guidelines and therefore the
So,
Q.3117 T he following information has been extracted from the P&L of a European bank over a 3-
year period:
303
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
T he bank’s Loss Component, LC, is €0.9 billion. Using the Standardized Measurement Approach,
calculate the bank’s operational risk capital:
A. €0.11 billion
B. €0.6375 billion
C. €0.708 billion
D. €4.5 billion
T he correct answer is C.
Recall that
ORC = BI C × I LM
Where
BI C = ∑ (α i × BI i )
And,
0. 8
LC
I LM = ln [exp (1) − 1 + ( ) ]
BI C
Under the standardized measurement approach, SMA, a bank’s BI has three components: the
interest, leases and dividends component (ILDC), the services component (SC), and the financial
component, FC. To determine the value of BI, we must sum up the 3-year average of each of these
components:
T hus,
304
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
BI Bucket 1 2 3
BI Range ≤ 1 bn €1 bn < BI ≤ €30 bn €30 bn
Marginal BI Coefficient 0.12 0.15 0.18
BI of € 4.45bn €1bn × 12% = €0.12bn € = (4.45 − 1) × 15% = €0.5175bn
0.9 0. 8
I LM = ln [exp (1) − 1 + ( ) ] = 1.1105
0.6375
305
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3118 T he following information has been extracted from the P&L of a European bank over a 3-
year period:
Using the Standardized Measurement Approach, the bank’s Business Indicator (BI) for the year ended
31 Dec 2010 is closest to:
A. €3.9 billion
B. €6.5 billion
C. €3.0 billion
D. €5.6 million
T he correct answer is B.
Under the standardized measurement approach, SMA, a bank’s BI has three components: the
interest, leases and dividends component (ILDC), the services component (SC), and the financial
component, FC. To determine the value of BI, we must sum the average over three years: t, t − 1
and t − 2,
T hus,
306
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3119 An international lender based in Dubai has a Business Indicator of €34.5 billion. Determine
the Business Indicator Component for the bank.
A. €0.12bn.
B. €4.35bn.
C. €35bn.
D. €5.28bn.
T he correct answer is D.
To answer the question, it’s important to have the BI bucket divisions and corresponding marginal
coefficients as outlined in Basel III reforms.
BI Bucket 1 2 3
BI Range ≤ 1 bn €1 bn < BI ≤ €30 bn €30 bn
Marginal BI Coefficient 0.12 0.15 0.18
BI of € 40 €1bn × 12% € = (30 − 1) × 15% = €(34.5 − 30) × 18%
= €0.12bn = €4.35bn = €0.81bn
BIC=sum of Buckets 1-3 = €5.28bn
307
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3120 A hypothetical European Bank has a business indicator (BI) of EUR 40 billion. T he bank’s loss
component is EUR 1.2 billion. Using the information in the following table, calculate the bank’s
operational risk capital.
BI Bucket 1 2 3
BI Range ≤ 1 bn 1 bn < BI ≤ 30 bn 30 bn
Marginal BI Coefficient 12% 15% 18%
A. €0.63 billion
B. €0.55billion
C. €4.30 billion
D. €4.5 billion
T he correct answer is C.
ORC = BI C × I LM
BI C = ∑ (α i × BIi)
BI C = (12% × €1) + (15% × (€30 − €1)) + (18% × (€40 − €30)) = €6.27
0. 8
LC
I LM = ln[exp (1) − 1 + ( )
BI C
1.2 0. 8
I LM = ln [exp(1) − 1 + ( ) ] = ln1.98 = 0.6855
6.27
Finally,
308
© 2014-2023 AnalystPrep.
We provide latest Study Material for CFA, FRM and Financial Modeling. Please drop us an email at guru.ghantal987@gmail.com
Q.3204 Florence Charles is an operational risk analyst at Namibian National Bank. In the notes to the
financial statements specifically focused on the P&L, Namibian Bank reveals the following amounts
associated with several line item components:
When examining the standardized measurement approach (SMA) for operational risk, the total
amount that should be excluded from the business indicator (BI) component calculation will be
closest to:
A. $108.1 million
B. $79.7 million
C. $101.7 million
D. $90 million
T he correct answer is D.
T he BI component calculation will exclude each of the following: impairments ($16.7 million), fixed
asset expenses ($29.4 million), depreciation tied to non-operating leases ($13.6 million), premiums
paid for insurance policies ($17.3 million), corporate income tax($10.9 million) and income from
reinsurance businesses($2.1 million) = $16.7 + $29.4 + $13.6 + $17.3 + $10.9 + 2.1 = $90 million.
309
© 2014-2023 AnalystPrep.