
Ultimate access to all questions.
Explanation:
C is correct. The board of directors of a bank should ensure that the bank’s framework is subject to independent review by audit or other appropriately trained parties.
A is incorrect. Banks should view risk transfer tools, such as outsourcing and insurance, as complementary to a process of thorough internal operational risk controls. Outsourcing should not be viewed as a replacement for internal controls or to relieve management of the responsibility to manage operational risk. In addition, outsourcing can actually introduce operational risk to the bank.
B is incorrect. The standardized approach does not require the use of an internal model, and in fact, the new Basel recommendation of the standardized approach for all banks phased out the earlier Advanced Measurement Approaches, in which some large banks developed internal models to determine their regulatory capital.
D is incorrect. Risk owners are those responsible for the consequences of the risks they generate or supervise and, as such, their assessment and mitigation. This refers to the business lines, which should serve as the primary owners of the risk taken within their business lines, and not the risk management function. Instead, the risk management function should develop and maintain policies to manage operational risk, review the business lines’ risk management activity and have the power to challenge the relevance and consistency of the business unit’s implementation of risk management controls. These responsibilities do not make the risk management function the primary owner of the risk, however.
No comments yet.
A
Use third-party outsourcing agreements to replace most internal controls performed by senior managers and business line managers.
B
Develop an internal approach to model the distribution of operational risk losses and use it to determine the bank’s regulatory capital.
C
Require an independent review of the bank’s operational risk management framework.
D
Designate the risk management function as the primary owner of risk exposures within each business line.