Answer: The bank considers independent review and audit of the risk processes and systems as the third line of defense.

## Explanation According to Basel II and Basel III operational risk governance frameworks: - **Option A is incorrect**: Identification and management of risk is the **first line of defense** (business units), not the second line. - **Option B is correct**: Independent review and audit of risk processes and systems is indeed the **third line of defense** under Basel frameworks. The three lines of defense are: 1. First line: Business units that own and manage risks 2. Second line: Risk management and compliance functions 3. Third line: Internal audit - **Option C is incorrect**: Damaged reputation due to a failed merger is typically considered a **strategic risk**, not operational risk. Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people, and systems or from external events. - **Option D is incorrect**: Destruction by fire or other external catastrophes is explicitly included in the definition of operational risk under Basel frameworks as "external events." The correct answer is B because it accurately reflects the Basel operational risk governance framework where independent audit functions serve as the third line of defense.

Author: LeetQuiz .