
Explanation:
C is correct. For a large bank, insurance is appropriate for exposures in which the operational risk is quite predictable and known in their distribution of likelihood and impacts, and where the potential risk is large enough to have a significant effect on the bank’s profit and loss profile (i.e. tail risk.) Both cyber risk and business discontinuity are risks that are significant enough but yet well understood enough to be transferred through insurance.
A is incorrect. Captive insurance or self-insurance are most appropriate for large organizations to use in transferring smaller exposures below a certain threshold, not for transferring tail risk.
B is incorrect. Insurance recoveries (not premiums) can be deducted from gross losses to calculate net losses, which also influences the capital calculation and decreases the required capital but not on a one-to-one basis. Premiums are not deducted.
D is incorrect. For a large traditional bank, core credit-related activities are not typically outsourced. It is also inappropriate for any bank to outsource its account review process as the bank itself must perform due diligence on all potential customers to effectively manage fraud risk as well as money laundering and financial terrorism risk. Activities that are typically outsourced include non-core activities such as IT server management, cloud computing, or call centers.
Ultimate access to all questions.
No comments yet.
A
Use a captive insurance subsidiary to cover the bank’s tail risk exposure.
B
Increase the bank’s insurance coverage in order to benefit by deducting the cost of the premiums from the bank’s required Basel operational risk capital.
C
Acquire insurance against cyber risks and business interruptions from an insurance company.
D
Transfer credit risk and fraud risk by outsourcing core operations such as loan pricing and review of new account applications.