Ultimate access to all questions.
Answer-first summary for fast verification
Answer: Acquire insurance against cyber risks and business interruptions from an insurance company.
## Explanation **C is correct.** For a large bank, insurance is appropriate for exposures in which the operational risk is quite predictable and known in their distribution of likelihood and impacts, and where the potential risk is large enough to have a significant effect on the bank's profit and loss profile (i.e., tail risk). Both cyber risk and business discontinuity are risks that are significant enough but yet well understood enough to be transferred through insurance. **A is incorrect.** Captive insurance or self-insurance are most appropriate for large organizations to use in transferring smaller exposures below a certain threshold, not for transferring tail risk. **B is incorrect.** Insurance recoveries (not premiums) can be deducted from gross losses to calculate net losses, which also influences the capital calculation and decreases required capital but not on a one-to-one basis. Premiums are not deducted. **D is incorrect.** For a large traditional bank, core credit-related activities are not typically outsourced. It is also inappropriate for any bank to outsource its account review process as the bank itself must perform due diligence on all potential customers to effectively manage fraud risk as well as money laundering and financial terrorism risk. Activities that are typically outsourced include non-core activities such as IT server management, cloud computing, or call centers. **Section:** Operational Risk and Resilience **Learning Objective:** Describe methods for the transfer of operational risks and the management of reputational risk, and assess their effectiveness in different situations. **Reference:** Global Association of Risk Professionals, Operational Risk and Resilience (New York, NY: Pearson, 2022). Chapter 5 – Risk Mitigation
Author: LeetQuiz .
No comments yet.
An enterprise risk manager at a large bank is reviewing the results of a recently completed firm-wide risk control self-assessment (RCSA). The RCSA indicates that there are multiple classes of risk for which the bank should improve its risk controls, and the manager believes the firm should consider transferring some of these risks. The manager identifies the types of risks the bank should transfer, and also assesses the impact of different risk transfer strategies on the bank's risk profile and its regulatory capital calculation. Which of the following actions should the manager recommend for the bank to take?
A
Use a captive insurance subsidiary to cover the bank's tail risk exposure.
B
Increase the bank's insurance coverage in order to benefit by deducting the cost of the premiums from the bank's required Basel operational risk capital.
C
Acquire insurance against cyber risks and business interruptions from an insurance company.
D
Transfer credit risk and fraud risk by outsourcing core operations such as loan pricing and review of new account applications.