Answer-first summary for fast verification
Answer: Require an independent review of the bank's operational risk management framework.
## Explanation Based on Basel II and Basel III guidelines for operational risk governance, the correct recommendation is **Option C: Require an independent review of the bank's operational risk management framework**. ### Analysis of Each Option: **Option A**: Using third-party outsourcing to replace internal controls by senior managers and business line managers is **incorrect**. Basel guidelines emphasize that operational risk management is primarily the responsibility of the bank's management and board, not external parties. Outsourcing should not replace internal governance and oversight. **Option B**: Developing an internal approach to model operational risk losses for regulatory capital is **incorrect** because the bank plans to adopt the Basel III standardized approach (SA). The standardized approach does not allow banks to use internal models for regulatory capital calculation - it uses a prescribed formula based on business indicators. **Option C**: **CORRECT** - Requiring an independent review of the operational risk management framework is consistent with Basel guidelines. Both Basel II and III emphasize the importance of independent validation and review of risk management frameworks to ensure effectiveness and compliance. **Option D**: Designating the risk management function as the primary owner of risk exposures is **incorrect**. Basel guidelines specify that business line managers are the primary owners of operational risk exposures, while the risk management function provides oversight, challenge, and independent risk assessment. ### Key Basel Principles: - **Three Lines of Defense Model**: Business units own risks (1st line), risk management provides oversight (2nd line), and internal audit provides independent assurance (3rd line) - **Independent Review**: Regular independent assessment of operational risk frameworks is required - **Standardized Approach**: Uses business indicator component rather than internal models - **Management Responsibility**: Senior management and business lines retain primary responsibility for risk management Therefore, the manager should recommend an independent review of the operational risk management framework to ensure compliance and effectiveness.
Author: LeetQuiz .
Ultimate access to all questions.
No comments yet.
The board of directors of a midsize bank has recommended that the bank improve its processes for managing operational risk. The CEO asks an enterprise risk manager to review the bank's tools and processes for managing operational risk and to suggest improvements that are consistent with Basel II and Basel III guidelines for operational risk governance. The bank also plans to adopt the new Basel III standardized approach (SA) to determine its regulatory capital for operational risk. Which of the following actions should the manager recommend that the bank take?
A
Use third-party outsourcing agreements to replace most internal controls performed by senior managers and business line managers.
B
Develop an internal approach to model the distribution of operational risk losses and use it to determine the bank's regulatory capital.
C
Require an independent review of the bank's operational risk management framework.
D
Designate the risk management function as the primary owner of risk exposures within the bank.