Answer-first summary for fast verification
Answer: Internal and external auditors should evaluate the bank's risk controls to ensure that they are effective in managing ML/FT risk as well as compliant with regulations.
## Explanation In the three lines of defense model: - **First line**: Business units that own and manage risks - **Second line**: Risk management and compliance functions that oversee and challenge the first line - **Third line**: Internal audit that provides independent assurance Option C correctly positions internal and external auditors in the **third line of defense**, where they should independently evaluate the effectiveness of ML/FT risk controls and regulatory compliance. This aligns with Basel Committee guidelines and industry best practices. **Why other options are incorrect:** - **Option A**: ML/FT risk management should be embedded in business lines (first line), not centralized under a single chief officer managing daily operations across all business lines. - **Option B**: While the CRO may interact with regulators, the primary point of contact for ML/FT issues should typically be the compliance function or designated ML/FT officer, not necessarily the CRO. - **Option D**: Employee screening is typically a first-line responsibility (HR function), not a second-line function. CORF (Chief Operational Risk Function) should oversee and challenge these processes, not perform them directly. The third line's independent assurance role is crucial for validating that ML/FT risk controls are both effective and compliant with regulatory requirements.
Author: LeetQuiz .
Ultimate access to all questions.
A regional bank follows the three lines of defense approach for managing its operational risk. The CRO of the bank is concerned that several competing banks have recently received regulatory fines resulting from poor management of risks related to money laundering and financing of terrorism (ML/FT), and wants to improve the bank's management of these risks. The CRO reviews the Basel Committee guidelines for the management of ML/FT risks and suggests that the bank adopt industry best practices for different business functions in each line of defense. Which of the following would be most appropriate for the CRO to recommend addressing ML/FT risks?
A
The chief officer in charge of ML/FT risk should be responsible for monitoring and managing these risks within each of the business lines on a daily basis.
B
The CRO should serve as the primary point of contact with regulatory supervisors on any issues related to ML/FT risk.
C
Internal and external auditors should evaluate the bank's risk controls to ensure that they are effective in managing ML/FT risk as well as compliant with regulations.
D
The CORF should screen current and prospective employees as part of the second line of defense in managing ML/FT risk.
No comments yet.