Answer-first summary for fast verification
Answer: Business line managers, as part of the first line of defense, should have the authority to take on risk exposures within the bank's risk appetite limits.
**Correct Answer: B** **Explanation:** Business line managers are part of the first line of defense. As the primary risk owners, they should have the authority to expose the bank to risks within its risk appetite limits. This aligns with the proper implementation of the three lines of defense model in an ERM framework. **Why other options are incorrect:** - **A is incorrect:** The risk management function, which is part of the second line of defense, should have this responsibility. The third line of defense is an independent review of the firm's risk management framework by internal or external auditors. - **C is incorrect:** Risk culture indicators are effective metrics to include as part of an ERM program to track the current state of and trends in risk culture. However, they cannot accurately quantify losses due to culture failings. - **D is incorrect:** The third line of defense, not the second line of defense, is responsible for performing an independent review of the design and effectiveness of the firm's risk management framework. This review should be performed by internal or external auditors who are independent of the risk management function or the firm's senior management.
Author: LeetQuiz .
Ultimate access to all questions.
No comments yet.
A community bank uses the three lines of defense approach to manage its operational risk exposures. The bank is in the process of implementing an enterprise risk management (ERM) framework, and the CRO decides to extend the three lines of defense approach to its implementation of ERM. The CRO also wants to ensure that the ERM framework appropriately reflects the bank's risk appetite and risk culture. Which of the following actions should the CRO recommend for the bank to take?
A
The third line of defense should continuously monitor the bank's implementation of its ERM framework to ensure its effectiveness.
B
Business line managers, as part of the first line of defense, should have the authority to take on risk exposures within the bank's risk appetite limits.
C
The bank should implement a set of risk culture indicators as part of its ERM framework in order to accurately quantify the losses that could occur due to failures of risk culture.
D
As part of the second line of defense, the executive committee should perform an independent review of the bank's risk management framework.