An enterprise risk manager at a large bank is reviewing the results of a recently completed firm-wide risk control self-assessment (RCSA). The RCSA indicates that there are multiple classes of risk for which the bank should improve its risk controls, and the manager believes the firm should consider transferring some of these risks. The manager identifies the types of risks the bank should transfer, and also assesses the impact of different risk transfer strategies on the bank's risk profile and its regulatory capital calculation. Which of the following actions should the manager recommend for the bank to take?