Answer-first summary for fast verification
Answer: Require an independent review of the bank's operational risk management framework.
## Explanation **C is correct.** The board of directors of a bank should ensure that the bank's framework is subject to independent review by audit or other appropriately trained parties. This is consistent with Basel II and Basel III guidelines for operational risk governance. **A is incorrect.** Banks should view risk transfer tools, such as outsourcing and insurance, as complementary to a process of thorough internal operational risk controls. Outsourcing should not be viewed as a replacement for internal controls or to relieve management of the responsibility to manage operational risk. In addition, outsourcing can actually introduce operational risk to the bank. **B is incorrect.** The standardized approach does not require the use of an internal model, and in fact, the new Basel recommendation of the standardized approach for all banks phased out the earlier Advanced Measurement Approaches, in which some large banks developed internal models to determine their regulatory capital. **D is incorrect.** Risk owners are those responsible for the consequences of the risks they generate or supervise and, as such, their assessment and mitigation. This refers to the business lines, which should serve as the primary owners of the risk taken within their business lines, and not the risk management function. Instead, the risk management function should develop and maintain policies to manage operational risk, review the business lines' risk management activity and have the power to challenge the relevance and consistency of the business unit's implementation of risk management controls. These responsibilities do not make the risk management function the primary owner of the risk, however.
Author: LeetQuiz .
Ultimate access to all questions.
No comments yet.
The board of directors of a midsize bank has recommended that the bank improve its processes for managing operational risk. The CEO asks an enterprise risk manager to review the bank's tools and processes for managing operational risk and to suggest improvements that are consistent with Basel II and Basel III guidelines for operational risk governance. The bank also plans to adopt the new Basel III standardized approach (SA) to determine its regulatory capital for operational risk. Which of the following actions should the manager recommend that the bank take?
A
Use third-party outsourcing agreements to replace most internal controls performed by senior managers and business line managers.
B
Develop an internal approach to model the distribution of operational risk losses and use it to determine the bank's regulatory capital.
C
Require an independent review of the bank's operational risk management framework.
D
Designate the risk management function as the primary owner of risk exposures within each business line.