
Explanation:
B is correct. Business line managers are part of the first line of defense. As the primary risk owners, they should have the authority to expose the bank to risks within its risk appetite limits.
A is incorrect. The risk management function, which is part of the second line of defense, should have this responsibility. The third line of defense is an independent review of the firm’s risk management framework by internal or external auditors.
C is incorrect (See Foundations of Risk Management, chapter 8). As discussed in the Foundations section, risk culture indicators are effective metrics to include as part of an ERM program to track the current state of and trends in risk culture. However, they cannot accurately quantify losses due to culture failings.
D is incorrect. The third line of defense, not the second line of defense, is responsible for performing an independent review of the design and effectiveness of the firm’s risk management framework. This review should be performed by internal or external auditors who are independent of the risk management function or the firm’s senior management.
Ultimate access to all questions.
A
The third line of defense should continuously monitor the bank’s implementation of its ERM framework to ensure its effectiveness.
B
Business line managers, as part of the first line of defense, should have the authority to take on risk exposures within the bank’s risk appetite limits.
C
The bank should implement a set of risk culture indicators as part of its ERM framework in order to accurately quantify the losses that could occur due to failures of risk culture.
D
As part of the second line of defense, the executive committee should perform an independent review of the bank’s risk management framework.
No comments yet.