Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

FSC > DNU - OLD > Flashcards

DNU - OLD Flashcards

(139 cards)

Start Studying
1
Q

Describe the risk opportunity management matrix

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the 3 sides to the COSO ERM cube?

A

Top: the categories of organisational objectives

Front: the risk management process

Side: the top down implementation process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe the IRM model of risk objective setting

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 7 weaknesses of Basel II?

A
  1. The accords provisions didn’t adequately assess risk capital
  2. Assets could belong to the banking book or the trading book
  3. Treatment of market risk failed to capture the effects of excess concentration of credit exposure in the trading book
  4. Failed to recognise the effect of liquidity on bank securitisation practices
  5. Inadequate calibration of risk weights and risk assessments
  6. A lack of understanding of the correlation between risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the 3 primary risk management standards?

A
  1. IRM (2002) Model
  2. COSO ERM Cube
  3. ISO 31000 (2018)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the disadvantages of the PESTLE risk classification system?

A

Disadvantages

o Can over simplify

o Needs to be regularly done to be effective

o Requires different people’s perspectives

o Difficult to anticipate external events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the key differences between Basel II and III

A
  1. Risk weighted assets Basel II: Banks should set aside 2.5% of the RWA Basel III: Banks should set aside 7% of the RWA
  2. Balance sheet: Basel III introduced a leverage ratio to limit bank activities and balance sheet
  3. Liquidity Basel III introduces stress testing for 30 days Basel III introduces macro-prudential issues Basel III requires systemically important banks to raise extra capital
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the 8 Rs of Hazard Risk management

A
  1. Recognition of risks, incl. the nature and trigger
  2. Rating of risks in terms of magnitude and likelihood of producing the risk profile in the risk register
  3. Ranking of current level of risk against the established appetite
  4. Responding to significant risks
  5. Resourcing controls to ensure introduction of sustainable control activities
  6. Reaction planning, e.g. BCM
  7. Reporting of risk performance, actions and events, incl. communicating risk issues
  8. Reviewing the risk management system, including internal audit procedures, review of the risk architecture, strategy and protocols
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the key points to remember when managing cyber risks?

A
  1. establishing processes that can deliver information about cyber security – and the benefits of investment in this area – up to board level
  2. establishing good communication between risk managers and information managers (e.g. between the chief risk officer and chief information officer)
  3. identifying the critical information systems that may be most at risk from cyber attacks
  4. developing multiple layers of defence which place more obstacles in the way of potential attackers
  5. developing controls that will detect attacks quickly
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the IRM definition of ‘risk management’

A

Risk management is the process which aims to help organisations to understand, evaluate and take action on all their risks with a view to increasing the probability of success and reducing the likelihood of failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the 5 over-arching principles of the COSO ERM framework?

A
  1. Governance and culture. Governance sets the tone for the organisation and establishes oversight responsibilities for ERM. Culture relates to ethical values, behaviours and understanding of risk
  2. Strategy and objective setting. ERM strategy and objective setting work together. Appetite and objectives should be aligned
  3. Performance. Risks that can impact the achievement of strategy and business objectives need to be identified and prioritised in the context of severity and appetite, so that responses can be selected
  4. Review and revision. By reviewing entity performance an organisation can consider how well ERM components are functioning over time, including after substantial changes, and decide what revisions are needed
  5. Information, communication and reporting. ERM requires a continual process for obtaining and sharing information, from internal and external sources, and that flows up and down through an organisation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Internal models is a requirement for Solvency 2. Under Solvency II an insurer must pass six tests covering what?

A
  • Statistical quality standards – demonstrating that the methodology assumptions and data underlying the model are sound Calibration standards – demonstrating that the model is calibrated to a level equivalent to the Standard Formula for the purposes of the SCR calculation
  • Validation standards – substantiating a sound control environment around the model
  • Documentation – enabling a third party to reproduce the model from the documentation of the model
  • Profit and loss attribution – demonstrating an ability to reconcile the sources of variance (or profit and loss) in the results of the model with the risks included in the model
  • Use test – demonstrating that the internal model is used within the business for a wider range of purposes than just calculation of regulatory capital.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Credit Risk?

A

credit risk

o the borrower (counter-party) may fail to meet it’s obligations (to pay interest, or the credit itself)

o the largest risk faced by most banks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are Market Risks?

A

Market risk is losses arising through movement of market prices as a result of:

  • interest rate risk; where long term assets (e.g. mortgage) falls lower than short term liabilities (e.g. deposits)
  • equity risk; adverse change in the price of stock foreign exchange risk (fluctuations in the value of foreign cash)
  • credit price risk (adverse market prices move a change in the risk of a loan)
  • commodity risk (risk of change in the prices of commodities – such as: • agricultural (wheat or corn) • industrial (metals) • energy (gas and oil)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is CCAR?

A

Comprehensive Capital Analysis and Review (CCAR) is a United States regulatory framework introduced by the Federal Reserve to assess, regulate, and supervise large banks and financial institutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Describe the S&P ERM calculator miodel

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the HM Treasury definition of ‘risk management’

A

Risk management is all the processes involved in identifying, assessing and judging risks, assigning ownership, taking actions to mitigate or anticipate them, and monitoring and reviewing progress

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are Operational Risks?

A

operational risk

  • risk of loss resulting from inadequate or failed internal controls, people, processes, systems, or legal risk
  • the least understood risk and the most challenging to measure, monitor and manage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the 8 non-core functions of a bank?

A
  1. Cash management
  2. Investment and securities
  3. Derivatives trading
  4. Loan commitment fees
  5. Letters of credit fees
  6. Insurance services
  7. Trust services
  8. Risk management services fees
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the factors that affect ERM implementation?

A
  • The start position
  • The commitment from the top
  • The size and complexity of the organisation
  • The extent to which the enterprise is a global actor
  • The resources available to support implementation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the 7 features of CCAR (Comprehensive Capital Analysis and Review)

A
  1. Sound financial risk management
  2. Effective loss estimation methodologies
  3. Solid resource estimation methodologies
  4. Sufficient capital adequacy impact assessment
  5. Comprehensive capital policy and capital planning
  6. Robust internal controls
  7. Effective governance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What does good Risk Management do?

A
  1. Enable better strategic decision making. Because risks associated with different options will be fully analysed
  2. Improve tactics. Because consideration will have been given to selection of the tactics and risks involved in the alternatives available
  3. Improve operations. Because events that can cause disruption will be identified in advance And actions taken to reduce likelihood and limit damage
  4. Enhance compliance. Because the risks associated with failure to achieve customer and statutory obligations will be recognised
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the Financial benefits of ERM (FIRM):

A

Financial

  1. Reduced cost of funding and capital
  2. Better control of CapEx approvals
  3. Increased profitability for organisations
  4. Accurate financial risk reporting
  5. Enhanced corporate governance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are the 4 levels of risk sophistication

A
  1. Inform – unaware of obligations
  2. Reform – awareness of non compliance
  3. Conform – actions to ensure compliance
  4. Perform – achieve business opportunities
  5. Deform – inactivity caused by obsession
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What internal control policies can help manage operational risk?
1. anti-money laundering 2. recruitment policies 3. compliance policies 4. conflicts of interest policies 5. human resources, in particular recruitment and retention policies 6. control policies for key internal processes, such as underwriting
26
Describe the 3 ISO wheels of principles, framework and process
27
What are the 5 Cs of assessing potential loan credit?
1. character – the reputation of the company 2. capital – how the company is currently financed 3. conditions – of the sector and country where the company operates 4. capacity – of the company to repay the loan 5. collateral – assets that the bank could claim if the company could not repay the loan.
28
Describe a Risk Matrix
29
What are non-primary risk management standards?
* Basel III * Solvency II * IAIS * Standard and Poors * Moody’s * Fitch Ratings * Dodd-Frank; U.S. securities * IFRS * COBIT * SEC
30
Describe the target levels of risk model
31
What are the features of Risk Appetite?
* Risk appetite and risk exposure are considered as consequences of business decisions rather than a driver of those decisions. * Questions about risk appetites can only be answered within the context of the strategy tactics operations and compliance activities within the firm. * Risk appetite is the total value of the corporate resource is that the board of the organisation is willing to put at risk
32
What are examples of derivatives?
Swaps, options, forwards; value/change in value of goods to bonds, stocks or commodities.
33
Why group banking and insurance together?
1. The risks are similar (credit, market and operational etc) 2. Both are heavily regulated and are important to the world’s economy 3. Regulators seek harmonisation of financial markets (Basel III and Solvency II) 4. People now move between both, leading to transfer of knowledge 5. Both have advanced risk management approaches 6. Both need to understand and respond to changing technologies, including those that provide threats and opportunities
34
What are the 3 sub-types of wholesale banks?
1. commercial banks (specialised loans to businesses, fund raising intermediaries) 2. correspondent banks (banks lending to other banks) 3. investment (or merchant) banks (advisors to government and firms about raising funds in capital markets, privatising public assets)
35
What is the COSO definition of ERM?
ERM is process, effected by a board, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential risks that may effect the entity, manage risks to be within it’s risk appetite, and to provide reasonable assurance regarding the achievement of entity objectives
36
What are the 3 aims of COBIT?
* Help optimise IT enabled investments * Ensure service delivery * Provide a measure to judge when things go wrong
37
What % impact should Infrastructure risks be benchmarked at under FIRM?
* ½ day impact on normal operations * 10% budget increase on operations
38
What are the 3 sub-types of retail banks?
1. retail banks (banks, cooperatives, savings and loans companies (incl. building societies), credit unions 2. private banks (wealth management, tax and investment) 3. postal banks
39
Name some of the sources that can be used to get information on risk trends, best-practice or research
• PwC banana skins • WEF Global Risks report • HM Treasury Orange Book • CIMA risk report on RBS and Tesco • PRA Handbook • BCBC Guidelines and Principles • IIA • Financial Reporting Council • IRM • COSO
40
What does ICCAP emphasise?
* The importance of stress testing * The ability of regulatory capital to absorb losses in times of stress * Long term capital requirements (through future cycles) * Also, how quickly assets could be liquidated to meet requirements
41
What are the central (strategic) roles a bank has in facilitating economic activity?
1. financial intermediation channelling savings from depositors to borrowers 2. asset transformation creating loans from deposits 3. money creation the process of generating additional money through repeated lending, through the fractional reserve banking system, the original deposit to a bank
42
What are the Marketplace benefits of ERM (FIRM):
Marketplace 1. Commercial opportunities maximised 2. Better marketplace presence 3. Increased customer satisfaction (and spend) 4. Higher ratio of business success 5. Lower ratio of business disasters
43
What key events are there within the timeline of good Risk Management?
* 2022 - Basel III implementation date * 2017 - Basel III changes published * 2016 - Implementation of Solvency II * 2010/11 - Basel III publication date * 2004 - Basel II adopted * 1997 - VaR widely adopted * 1995 - Early risk management frameworks are adopted * 1989 - Chair of JP Morgan calls for daily 4.15 Report * 1988 - Basel I adopted * 1973 - Solvency I adopted
44
What are the 3 Lines of Defence?
1. Business lines management 2. Independent operational risk management function 3. Independent review and challenge (audit)
45
What are the principal reasons for the 2007-2009 financial crash?
1. Banks assumed that re-packaged debts (incl. sub prime mortgages) would continue to be tradable commodities 2. Banks assumed that short term borrowing on the wholesale money markets would continue to be available 3. Regulators and bankers did not understand how important shadow banking institutions had become to the everyday functioning of financial markets 4. Banks did not always understand the risks of securitisation 5. Over reliance on ratings agencies
46
What is the side of the COSO ERM cube?
The top down implementation process, incl. - * Subsidiary * Business unit * Division * Entity level
47
What are the features and differences of Compliance, Hazard, Control and Opportunity Risks?
1. Compliance risks; should be minimised, cannot be fragmented 2. Hazard risks; only negative outcomes, linked to insurance, can only inhibit the mission, can be mitigated 3. Control risks; unknown or unexpected events, difficult to quantify, approach is based on managing uncertainty of events. Cause doubt about the ability to achieve the organisation’s mission. Most difficult to describe. Usually dependant on the successful management of people and thee effective implementation of processes, to be managed 4. Opportunity risks; relate to risk vs. return, approach based on investment. Usually deliberately sourced or embraced. Most important risk for future success.
48
What are the 5 steps in the credit risk assessment process?
1. Identify opportunity 2. Evaluate prospective borrower 3. Make credit decision 4. Disburse credit 5. Monitor credit
49
Explain Corrective risk controls (from PCDD)
Corrective * To correct a risky situation * Often simple and effective, and don’t require elimination of processes. But can be difficult to quantify. * Costs can be disproportionate to benefits. * Often meet regulatory requirements
50
Why analyse risks?
1. Prioritise risks for treatment 2. Compare risks with the risk appetite 3. Achieve consistent perceptions of significance 4. Inform decisions for resource management 5. Inform decisions about risk strategy execution 6. Ensure capital adequacy
51
What is the RIMS definition of ERM?
ERM is a strategic business discipline that supports the achievement of an organisation’s objectives by addressing the full spectrum of it’s risks and managing the combined impact of those risks as an interrelated risk portfolio
52
What are the 3 steps to implementing ERM?
1. Employ a CRO to oversee implementation 2. Align with PACED 3. Assess benefits through FIRM
53
What are the 8 PRA Fundamental Rules for Firms:
* Rule 1: A firm must conduct its business with integrity. * Rule 2: A firm must conduct its business with due skill, care and diligence. * Rule 3: A firm must act in a prudent manner. * Rule 4: A firm must at all times maintain adequate financial resources. * Rule 5: A firm must have effective risk strategies and risk management * Rule 6: A firm must organise and control its affairs responsibly and effectively. * Rule 7: A firm must deal with its regulators in an open and cooperative way and must disclose to the PRA appropriately anything relating to the firm of which the PRA would reasonably expect notice. * Rule 8: A firm must prepare for resolution so, if the need arises, it can be resolved in an orderly manner with a minimum disruption of critical services.
54
What was the European financial crisis of 2009-2013
* Caused by a sovereign debt crisis, caused by unsustainable spending/borrowing by governments in 17 countries * Outcomes incl. understanding of how government finances impact banking performance, and uncertainty as to who was responsible for resolving banking crises and how this can deepen the problem
55
Describe the COSO ERM cube
56
What are the 6 steps in the process of evaluating a prospective borrower, within the context of the wider 5 step credit risk assessment process?
Evaluate prospective borrower 1. Internal bank records 2. Historical and current financial accounts 3. Management accounts and projections 4. External credit ratings 5. Company websites and brochures 6. Group structure and board information
57
What are the key FS regulatory bodies?
* FINMA (Switzerland) * BMA (Bermuda) * Federal Reserve (US) * Financial Reporting Council (UK) * FCA (UK) * PRA (UK) * Credit agencies * Financial Accounting Standards Board (US) * National Association of Insurance Commissioners (US)
58
What is PCDD?
PCDD is a list of risk controls
59
What % impact should Marketplace risks be benchmarked at under FIRM?
0.5% impact on balance sheet 1% annual profit impact loss
60
What control measures can a bank take to improve a weakening credit situation?
1. Apply a higher rate of interest 2. Diversify it’s portfolio to reduce concentration risk 3. Sell some loans to third parties 4. Syndication 5. Credit default swaps (known as hedging) to share the risk with another party 6. Securitisation
61
What are the 5 key reasons for outsourcing?
1. streamlining operations 2. cost control 3. freeing up resources for other work 4. improving quality and service 5. resources not available internally
62
What are the 3 pillars of Solvency II?
1. Quantitive requirements, incl. - Level of capital an insurer is expected to hold (e.g. solvency capital requirement; SCR) - Absolute minimum capital level before regulatory intervention (minimum capital requirement; MCR) 2. Qualitative requirements, incl. - Governance - Supervisory review - Own risk and solvency assessment (ORSA) 3. Reporting and disclosure requirements, incl. - To the regulator, through the solvency and financial condition report (SFCR) - To the supervisors
63
What are the 7 key issues facing financial services firms
1. International bank regulation 2. Interconnectivity and contagion 3. Shadow banking 4. Economic performance trends (Banana skins) 5. Geographical issues 6. Climate change 7. New technologies
64
What are the 3 features of the Dodd-Frank Act (2010)
* Strengthens supervisory oversight * Gives regulators additional powers to tackle fraud, conflicts of interest, corruption and insider trading * Requires stress testing on 3 different (not prescribed) financial scenarios
65
What is the front side of the COSO ERM cube?
The risk management process, incl. * Internal environment * Objective setting * Event identification * Risk assessment * Risk response * Control activities * Information and communication * Monitoring
66
What is Risk Appetite?
Risk appetite is the immediate or short term willingness of an organisation to undertake an activity that involves risk. Risk attitude represents a longer term view of risk.
67
Basel II made operational risk a key priority, and required firms to do what?
* Quantify operational risk * Measure operational risk * Allocate capital
68
What financial crises have been most influential?
* Argentinian currency revaluation of 2001 * Wall St crash of 1920s * Black Wednesday 1992 * Asian financial crisis of 1997 * UK property crisis of 1970s * Swedish banking crisis of 1990s * European financial crisis of 2009-2013
69
What are Liquidity Risks?
liquidity risk o the risk that the bank may not be able to meet it’s own obligations to repay deposits or other funding
70
What are the 3 parts to RASP?
Risk Architecture. Defines roles, responsibilities, communication and structure Risk Strategy. Risk strategy, appetite, attitudes and philosophy Risk Protocols. Risk protocols are defined in the risk guidelines Includes rules and procedures and methodologies and tools and techniques
71
Why is risk analysis difficult?
Information has to be gathered from many sources Different methods are needed to gather the information Generating reliable likelihoods and impacts is difficult
72
What are the 7 Basel committee principles for enhancing corporate governance?
1. The role of the board and senior managers 2. The qualifications and composition of the board 3. The importance of an independent risk management function (incl. CRO) 4. The importance of monitoring risks on a firmwide and individual entity basis 5. The board’s oversight of compensation systems 6. The board and senior management understanding of the bank’s operational structure and risks 7. The importance of supervisors regularly evaluating the bank’s corporate governance policies and their implementation
73
What % impact should Reputational risks be benchmarked at under FIRM?
10% fall on share price National TV event
74
What are the key questions to ask when reviewing a control?
* Is the control we chose to implement really the best control for the risk? * Is that control effective in practice? * Does the control provide good value for money?
75
Describe the risk vs. reward model
76
What are the advantages of the PESTLE risk classification system?
Advantages: * Simple * Wider business focus * Encourages external and strategic thinking * Helps to identify opportunities
77
What is the business model for an insurance company
Profit = + (earned premiums + investment income) – losses (incurred losses + underwriting expenses)
78
What are the 4 key operational risk controls that are especially important to FS organisations?
1. insurance and risk transfer 2. business continuity planning 3. outsourcing (also a form of risk transfer) 4. cyber risk
79
What are the deposits requirements in Basel III?
* Deposits for individuals/SMEs go out at 5 or 10% * Deposits from banks go out at 100% * Deposits from corporates go out at 25% or 7%, depending on the existence of an operational relationship with the corporate
80
Where can you find the 3 main definitions of 'risk management'
* ISO / BS31100 * IRM * HM Treasury
81
What does good ERM do?
1. Provides a top down strategic approach 2. Provides a process for identifying threats to businesses 3. Helps to understand and articulate business risk appetite/tolerance
82
What is ICCAP?
The Internal Capital Adequacy Assessment Process (ICAAP), from PRA, allows firms to assess their capital adequacy and requires them to have appropriate risk management techniques in place. This process is summarised in the ICAAP document which should be completed by firms on a regular basis. Regulators review and challenge a bank’s own assessment of capital adequacy and will either agree or, if not satisfied apply a capital add-on to if they do not or have concerns.
83
What are the 4 principal definitions of ERM?
RIMS (Risk Management Society) COSO (Committee of Sponsoring Organizations of the Treadway Commission) IIA (Institute of Internal Auditors) HM Treasury
84
What is PESTLE?
PESTLE is a way of approaching risk classification, organised by risk type
85
What are the 3 ways that regulators ask firms to assess risks?
* 1. VaR * 2. Expected shortfall * 3. Stress testing
86
Describe the ISO Risk Management process
87
Under Basel III the supervisory authority will only approve an internal model if it is satisfied that what is in place?
* the bank’s risk management system is conceptually sound and is implemented with integrity * the bank has enough staff skilled in the use of sophisticated models in trading areas, risk control, audit and back office functions * the bank’s models have a proven track record of measuring risk with reasonable accuracy * the bank regularly conducts prescribed stress tests.
88
What are all the options for approaching Risk Classification?
* The 4Ps * Timescale of impact * FIRM * COSO ERM cube * IRM standard * Source-based * PESTLE
89
What are the 8 principles of the ISO 31000 risk management process?
1. Risk management is an integral part of all organisational activities 2. Structured and comprehensive approach is required 3. Framework and processes should be customised and proportionate 4. Appropriate and timely involvement of stakeholders is needed 5. Risk management anticipates, detects, acknowledges and responds to changes 6. Risk management explicitly considers all limitations of available information 7. Human and cultural factors influence all aspects of risk management 8. Risk management is continually improved through learning and experience
90
What are the short/medium/long term risk timeframes?
* Long term risks may be up to 5 years, and relate to strategic decisions * Medium term risks may be up to 1 year, and associated with projects or programmes * Short term risks are immediate – probably the easiest to identify and mitigate
91
What options are available following risk analysis?
* Avoid the risk (by not undertaking the activity that leads to it) * Taking or increasing the risk in order to pursue an opportunity * Retaining the risk by informed decision * Changing the likelihood (where possible) * Changing the consequences (incl. contingency planning) * Sharing the risk (e.g. through commercial contracts)
92
What is the IIA definition of ERM?
ERM is a rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organisation’s strategic and financial objectives
93
What are the 4 components of the FIRM scorecard?
* Financial benefits arising from better allocation of funds, monitoring of expenditure and reduced exposure to fraud * Infrastructure benefits incl. fewer IT failures * Reputation benefits * Marketplace benefits
94
What are the 5 parts to meeting the regulatory requirements of capital adequacy?
1. Risk framework (Basel II for banks, including the 4 key principles) 2. Processes for identifying risk in the organisation, incl. quantification approaches 3. Risk appetites 4. Risk reporting 5. An annual submission that reflect the above (ICAAP for banks, or ORSA for insurers)
95
What are the key differences between the 2009 and 2018 versions of ISO 31000?
* Principles of risk management have been reviewed * Importance of top level leadership, as is governance * Greater emphasis on the iterative nature of risk management * The content is streamlined with a greater focus on sustaining an open systems model
96
What are the 10 key cyber risks?
1. Hacking 2. DDOS 3. Viruses 4. Information theft 5. Identity theft 6. Industrial espionage 7. Email fraud 8. ATM fraud 9. Cyber money laundering 10. Theft
97
What are the types of banks?
* retail banks serving retail customers * wholesale banks serving corporate customers * central banks set monetary policy, liaises with other central banks and sometimes acts as a regulator
98
Explain Directive risk controls (from PCDD)
Directive * To direct to a particular outcome * The most frequent * Wide range of controls, but low levels of confidence * Not reliable on their own, but always part of the bigger control system
99
What are the 5Es in the 5Es approach to managing opportunity risks?
* Exist In mature or declining markets * Explore Opportunities * Exploit Opportunities until competitors arrive * Expand Depending on risk appetite * Exit If risk exceeds appetite
100
What are Systemic Risks?
Systemic risk is the risk that an entire banking system may face losses or collapse. Often caused by macroeconomic or monetary events such as currency devaluation, or from a single, systemically important, bank failing
101
What is PACED?
PACED is a list of key features in an approach to risk management frameworks
102
Describe the IRM process for establishing Risk Context?
103
What are the PCDD risk controls?
* Preventative * Corrective * Detective * Directive
104
What are the 4 MADE2 benefits of risk management frameworks?
* Mandatory obligations on the organisation * Assurance regarding the management of significant risks * Decisions that pay full regard to risk considerations * Effective and efficient core processes
105
What are the early warning signs of credit risk problems?
* Accounting issues * Company issues * Management issues * Liquidity issues * Industry issues
106
What are the Infrastructure benefits of ERM (FIRM):
Infrastructure * Efficiency and competitive advantage * Achievement of the state of no disruption * Improved staff and supplier morale * Targeted risk and cost reduction * Reduced operating costs
107
What are the Reputational benefits of ERM (FIRM):
Reputational * Regulators satisfied * Improved utilisation of company band * Enhanced shareholder value * Good reputation and publicity * Improved perception of organisation
108
What is the ISO / BS31100 definition of 'risk management'
Risk management is the coordination of activities to direct and control and organisation with regard to risk
109
What are the 5 features of VaR? (Value at Risk)
1. Provides a qualified answer to the question: “how much could we lose in the next day” 2. VAR is not a worse case view, but is a view of confidence 3. Involves calculating the current position as well as possible return values, over a given period 4. VaR can be calculated using the historical method, the variance-covariance method and the Monte Carlo simulation. 5. But, VaR is not a measure of maximum loss. And we can never be certain that the historical data that we’re using to predict the future is so complete
110
What were the primary causes of the collapse of RBS?
* An aggressive CEO, and change of CROs * RBS had grown acquisition and increasing market penetration * Not all risks were adequately quantified or reported * Recommendations from risk staff were not always sought or acted upon where provided * The bank had an aggressive risk culture * Risks were compartmentalised with credit, market and operational risks separated out Stephen Hester stated, ‘it was not detailed risks than made RBS weak’ but ‘the macro imbalances’ which included the over-reliance on external funding as well as a build-up of risk concentrations and exposures that were not effectively reported or managed.
111
What was the 4.15 Report?
In 1989, following the October 1987 financial market crash. Dennis Weatherstone, chairman of the bank JP Morgan, was famously calling for a ‘4:15 report’ after the time it was prepared each afternoon. The report combined all the firm’s data on market risk in one place. The intention was that it should contain information sufficient to answer the question: How much could the bank lose if tomorrow turns out to be a relatively bad day?’
112
What does COBIT do?
1. Links IT to business objectives 2. Organises IT activities into generally accepted process models 3. Identifies major IT resources to be leveraged 4. Defines management control objectives that need to be considered
113
What are the general, key risks faced by banks?
* borrowers may submit loan repayments late or fail to do so * depositors may demand money bank at a faster rate than the bank has reserved for * market interest rates may change and hurt the value of the bank’s loans * investments made by the bank may lose value * bank may discover it as acted in a way contrary to the law or regulation, and be fined * human error or fraud may lead to losses
114
What is MADE2?
MADE2 are the benefits of risk management frameworks
115
What is FIRM?
FIRM is used to demonstrate the benefits of an effective risk management framework:
116
What is COBIT?
COBIT is a framework created by ISACA for information technology management and IT governance
117
Describe the KPMG model of differences between traditional risk management and Enterprise Risk Management?
118
What are the 4Ts of responding to significant risks
1. Transfer (to another party) 2. Terminate (any activity that generates the risk) 3. Tolerate (the risk) 4. Treat (to reduce the likely impact or exposure)
119
What are the PESTLE risks?
* Political * Economic * Social * Technological * Legal * Environmental
120
What % impact should Financial risks be benchmarked at under FIRM?
0.25% impact on balance sheet 2.5% impact on profit
121
What are the 4 risk objectives of the COSO ERM approach?
* Strategic – high level goals that support a mission * Operations – effective and efficient use of resources * Reporting – reliability of reporting * Compliance – compliance with laws and regulation
122
What are the key controls for cyber security risk management?
1. develop a security culture, driven from the top down 2. have good governance around cyber security 3. identify key assets and appropriate protections 4. have adequate detection capabilities so firms know if they are being attacked 5. have systems and controls to ensure recovery and response in the event of an attack
123
Explain Preventative risk controls (from PCDD)
* Preventative (the most important) * To stop the risk from occurring * Highly successful, but can be time consuming or expensive, or could eliminate opportunities
124
Describe the Bowtie model of Risk Consequences
125
What is the top side of the COSO ERM cube?
The categories of organisational objectives, incl. Strategic - Operations - Reporting - Compliance
126
What are the principal definitions of Risk Appetite?
* IRM : The amount of risk that an organisation is willing to seek or accept in the pursuit of long term objectives * ISO Guide 73: the amount and type of risk that an organisation is willing to pursue or retain * Orange Book: the amount of risk that an organisation is prepared to accept tolerate or be exposed to at any point in time * CIIA: the level of risk that is acceptable to the board or management
127
What are the 3 components of risk assessments?
* Risk identification (most important): What might happen (the event)? * Risk analysis: How likely is it to happen? If it does, what might the impact be? * Risk evaluation: So what? Is it within our risk appetite and tolerance?
128
What is the PACED approach to risk management frameworking?
- Proportionate to the level of risk in an organisation - Aligned with other business activities - Comprehensive, systemic and structured - Embedded within business procedures and protocols - Dynamic, iterative and responsive to change
129
What are the Basel II recommended approaches to calculating regulatory capital for credit risk?
1. The standardised approach 2. Foundation Internal Ratings Based Approach (F-IRB) 3. Advanced Internal Ratings Based Approach (A-IRB)
130
What are the two main ways of building a firm wide operational risk profile?
1. Top down (Portfolio – business line – business unit) • Establishes a general assessment of risk and then refines down risks into individual components. 2. Bottom up (business unit – business line – portfolio) • Business units are individually analysed for their risks and this is aggregated upwards to build a risk profile
131
What are the 3 core functions of a bank?
1. Collecting deposits 2. Arranging payments 3. Making loans
132
What is VaR
Value at risk (VaR) is a statistic that measures and quantifies the level of financial risk within a firm, it's portfolio or it's position over a specific time frame.
133
Describe the IRM Risk Management Process
134
What are the 8 components of the front of the COSO ERM cube, e.g. the risk management process
* Internal environment – the tone of the organisation and how risk is viewed and addressed * Objective setting – must exist before management can identify potential events affecting their achievement * Event identification – internal and external events must be identified, including risks and opportunities * Risk assessment – risks are analysed, considering likelihood and impact, as a basis for determining how they should be managed * Risk response – management accepts risk responses, including - Avoiding - Accepting - Reducing - Sharing * Control activities – policies and procedures are established and implemented * Information and communication – relevant information is identified, captured and communicated so that people can fulfil their responsibilities * Monitoring – the entirety of ERM is monitored and modifications made as necessary
135
What are the 7 approaches to operational risk?
1. Audit oversight Supports bottom up risk models Looks at individual business processes 2. Critical self assessment Business units look at their own risks Bottom up process 3. Risk mapping Bottom up process Links types of operational risks to business units, process flows and organisational units 4. Causal networks Map of factors that directly or indirectly cause an operational risk event Captures causes of risks Bottom up approach 5. KRIs Top down and bottom up Measure change in risks over time Assumes that activities with KRIs increase leads to severity and impact increasing Uses early warning signs to estimate potential losses 6. Actuarial models Uses mathematical modelling to determine potential losses Bottom up or top down 7. Earnings volatility Assumes that variations in earnings reflect operational risk events Relies on historical data Top down approach Vulnerable to not identifying changes in business processes
136
What are the 2 pillars of capital adequacy requirements?
• Pillar 1 – calculate how much capital you need to hold to support risk exposures for credit, market and operational risk (for banks) and these plus insurance risk (for insurers) using one or more of the approaches permitted by the regulators. • Pillar 2 – explain what other major risks you are exposed to, how you calculate these exposures and what level of capital you require to support these exposures. These risks can include interest rate risk, liquidity risk and pensions risk but will also include risks relevant to the use of models.
137
What are the 3 remedial issues for a poor creditor?
- Repayment – can the creditor repay - Restructure – the creditor business - Reschedule – e.g. change the loan
138
Explain Detective risk controls (from PCDD)
Detective * To identify where undesirable situations have occurred * Closely related to monitoring * Simple to administer, and essential. * But, are post-event
139
List some of the key statistics from the UK FS industry
* FS is 6.9% of the total economic output * 50% of FS is in London * FS contributed £132bn to the UK economy * FS has 1.1m jobs I the UK (3.2% of the total) * UK exports £60bn * UK imports £18bn

FSC (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions