Lists Flashcards

Question

What are the 4 Basel III principles of supervisory review?

Answer 1

* **Banks should have a process to assess their overall capital adequacy in relation to their risk profile** as well as a strategy to maintain their overall levels * **Supervisors should review and evaluate banks’ internal capital adequacy assessments and strategies**, as well as their ability to minitor and ensure tier compliance with regulatory capital ratios. Supervisors should take appropriate supervisory action if they are not satisfied with the result of this process. Reviews are needed through visits, meetings or report reviews * **Supervisors should expect banks to operate above the minimum regulatory capital ratios**, and they should be able to require banks to hold capital in excess of the minimum. * **Supervisors should seek to intervene at an early stage to prevent capital from falling below the minimum levels** required to support the risk characteristics of a particular bank, and should require rapid, remedial action if capital is not maintained or restored

Answer 2

* The view of the CEO is important to set the tone for risk culture * Likely to be enterprise wide * A manageable number of strategic risks will be captured quickly * Shows senior commitment to risk management, for others * Likely to lead to consistency throughout the organisation

Answer 3

* The CEO often focusses on external risks * Limited knowledge of interdependencies or internal risks * Can be superficial because senior leaders think they can handle crises * New risks emerging from operational activities may not be identified

Answer 4

* Can be mirrored to an existing org chart * Operational staff have great awareness of local risks and causes * Methodology can be adjusted according to local cultures

Answer 5

* Little focus on external or strategic risks * Time consuming and can be demotivating * Can be blinkered and detailed, leading to silo approach * New risks may not be reported if emerging

Answer 6

1. Provides a structure to the identification of risks, which can lead to identifying more risks 2. Helps with the development of consistent terminologies , which is essential for ERM to work. Helps a firm to collect risks together 3. Assign responsibilities for specific types of risk 4. Estimate total exposure to risk by type 5. Help to determine the level of risk using relevant expertise 6. Determines the level of risk by type that the organisation can accept 7. Enables risks to be bundled together for treatment by type

Answer 7

PESTLE is a risk classification system that includes: * **_P_**olitical * **_E_**conomic * **_S_**ocial * **_T_**echnological * **_L_**egal * **_E_**nvironmental

Answer 8

* Questionnaires and checklists * Consistent, but relies on historical knowledge * Workshops and brainstorming (most common) * Wide range of ideas but SMT can dominate * Inspections and audits * Evidence-based but historical * Flow charts and dependency analysis * Detailed understanding but not strategic (and time consuming)

Answer 9

1. Market risk: Uncertainty due to changes in market prices. 2. Credit risk: Uncertainty due to a failure of an external entity to keep a promise. 3. Operational risk: Institutional uncertainties other than market or credit risk. 4. Liquidity risk: Uncertainty about terms and the ability to make a transaction when necessary or desired. 5. Funding risk: Uncertainty about whether investors will provide sufficient funds. 6. Reputational risk: Uncertainty about how your entity will be perceived. 7. Political risk: Uncertainty about government actions.

Answer 10

1. Sensitivity testing * A firm changes factors in it’s models, ratios etc to help identify sensitivities 2. Historical events * Firm selects a historical event to see how it might affect it’s portfolio today 3. Customised events * More time consuming but can include many factors 4. Multi-year stress testing * Applies ‘what if’ and factor changes to the future business plan to understand the impact on cash flows and business plans. Greater subjectivity due to time. 5. Reverse stress testing * Firms start from the point at which the business plan becomes unviable. The process is intended to drive an understanding of what might bring a business down.

Answer 11

Strategy, tactics, operations and compliance, a driver for risk strategy

Answer 12

* Provides a lower, regulatory minimal capital because it rewards risk diversification * Firms can use their own risk management structure and their own calibrations for the risk factors * The internal model route is particularly advantageous for firms that already have an established enterprise risk management (ERM) system in place. * By construction, an internal model should more accurately capture the risk profile of the entity. * It also provides an opportunity for firms to take credit for any risk mitigation strategies that they have implemented

Answer 13

1. **Statistical quality standards** – demonstrating that the methodology assumptions and data underlying the model are sound Calibration standards – demonstrating that the model is calibrated to a level equivalent to the Standard Formula for the purposes of the SCR calculation 2. **Validation standards** – substantiating a sound control environment around the model 3. **Documentation** – enabling a third party to reproduce the model from the documentation of the model 4. **Profit and loss attribution** – demonstrating an ability to reconcile the sources of variance (or profit and loss) in the results of the model with the risks included in the model 5. **Calibration Standards** 6. **Use test** – demonstrating that the internal model is used within the business for a wider range of purposes than just calculation of regulatory capital.

Answer 14

1. Prioritise risks for treatment 2. Compare risks with the risk appetite 3. Achieve consistent perceptions of significance 4. Inform decisions for resource management 5. Inform decisions about risk strategy execution 6. Ensure capital adequacy

Answer 15

* Automating and commoditizing high-margin processes * Deploying highly focused products and services * Enables using data strategically * Automating and enhancing controls

Answer 16

* Senior management understand the internal model. * The internal model fits the business model. * The internal model is used to support and verify decision making. * The internal model is widely and consistently integrated into the risk management system and covers enough risks to make it useful for risk management and decision making. * The internal model is used to improve the firm’s risk management system.

Answer 17

The 4 Ts of Risk Management for Hazard Risks 1. Transfer (to another party) 2. Terminate (any activity that generates the risk) 3. Tolerate (the risk) 4. Treat (to reduce the likely impact or exposure)

Answer 18

PCDD are types of risk controls: * Preventative * Corrective * Detective * Directive

Answer 19

The five Cs of credit are a framework for assessing potential loans: * character – the reputation of the company * capital – how the company is currently financed * conditions – of the sector and country where the company operates * capacity – of the company to repay the loan * collateral – assets that the bank could claim if the company could not repay the loan.

Answer 20

* Insurance against building damage, loss of revenue and terrorism * Directors and Officers insurance * Employment practice insurance * Fidelity guarantee and crime insurance * Cyber insurance

Answer 21

1. Indentification of crucial risk factors already affecting the organisation 2. Understanding of the needs and obligations facing the organisation 3. Established, implemented and maintained BCMS 4. Measurement of the overall capability to manage disruptive incidents 5. Gauranteed conformity with stated BC policies

Answer 22

* Exist * In mature or declining markets * Explore * Opportunities * Exploit * Opportunities until competitors arrive * Expand * Depending on risk appetite * *Exit* * *If risk exceeds appetite*

Answer 23

1. streamlining operations 2. cost control 3. freeing up resources for other work 4. improving quality and service 5. resources not available internally

Answer 24

1. develop a security culture, driven from the top down 2. have good governance around cyber security 3. identify key assets and appropriate protections 4. have adequate detection capabilities so firms know if they are being attacked 5. have systems and controls to ensure recovery and response in the event of an attack

Answer 25

1. borrowers may submit loan repayments late or fail to do so 2. depositors may demand money bank at a faster rate than the bank has reserved for 3. market interest rates may change and hurt the value of the bank’s loans 4. investments made by the bank may lose value 5. bank may discover it as acted in a way contrary to the law or regulation, and be fined 6. human error or fraud may lead to losses

Answer 26

* Underwriting risks, poor skills, practices or reviews * Reinsurance risks, poor exposure management * Claims management risks; not paying on time

Answer 27

* Cyber crime * Fintech * Crowdfunding and p2p lending * Blockchain * AI * Driverless cards * Health risks * Weather and climate risks * Natural catastrophes * Political instability * Risks of terrorism

Answer 28

* Water crises * Extreme weather * Biodiversity loss * WMD * Climate action failure

Answer 29

1. Risk governance 2. Risk reporting 3. KRIs 4. Risk appetite and tolerance statement 5. Risk policy 6. Risk identification approaches 7. Risk quantification approaches 8. Risk control processes 9. Risk typology and risk language 10. Risk culture

Answer 30

1. First Line * Business Units * Risk owners who manage risks * Follow risk policy and seek guidance * Can be in risk committees, provided they are independent 2. Second Line * Functions and Committees that provide oversight * Checks the first line is operating within policy * Incl. the risk management function * Needs to be independent * Needs strong resources, able to challenge 3. Third Line * Assurance functions that provide objective view * Incl. internal audit and audit committees * Can include external audit

Answer 31

The 4Ns are a model of risk maturity: Level Status (4Ns) Characteristics (FOIL) 1 **Naïve** Organisations are unaware the need for enterprise risk management or do not understand the benefits that will arise **Fragmented** Risk management activities are fragmented and focused on legal compliance activities such as health and safety 2 **Novice** organisations are aware of the benefits of enterprise risk management but have only just started to implement it as an initiative **Organised** actions are planned to coordinate with management activities across all types of risks although plans may not have been fully implemented 3 **Normalised** organisations have embedded enterprise risk management into business processes but management effort is still required to maintain adequate activities **Influential** embedded enterprise risk management processes are influencing processes and management behaviours but this may not yet happen consistently or reliably 4 **Natural** organisations have a risk aware culture with a proactive approach to enterprise risk management and risk is reliably considered at all stages to gain a competitive advantage **Leading** consideration of risk is a substantial factor in making business decisions and decisions about strategy or led by enterprise risk management considerations

Answer 32

1. Initial transparency 2. Systemic risk reduction 3. Risk return management 4. Risk as a competitive advantage

Answer 33

The 5 Maturity Levels of the RIMS Risk Maturity Model * Non existent * Level 1: Ad hoc * Level 2: Initial * Level 3: Repeatable * Level 4: Managed * Level 5: Leadership

Answer 34

* Application scores * Credit scores * VaR

Answer 35

The key benefits to using a structured RMIS system are: * the uniformity of data gathering * storage and analysis that the system makes possible * reduced potential for errors and omissions when using a range of spreadsheets.

Answer 36

1. risk management and internal control objectives 2. a statement of the altitude of the organisation to risk eg the risk strategy 3. a description of the control environment 4. the level of nature of risk that is acceptable risk management organisation and arrangements eg risk architecture 5. arrangements for communicating risk information 6. standard procedures for risk recognition an rating eg the risk assessment 7. a list of documentation for analysing and reporting risk eg risk protocols 8. risk mitigation requirements and control mechanisms 9. allocation of risk management roles and responsibilities 10. criteria for monitoring and benchmarking risks 11. allocation of appropriate resources 12. risk priorities and performance targets 13. risk management calendar for the coming year

Answer 37

* ****_L_**eadership**: strong leadership within the organisation in relation to strategy projects and operations * ****_I_**nvolvement**: involvement of all stakeholders in all stages of the risk management process * ****_L_**earning**: emphasis on training and risk management procedures and learning from events * ****_A_**ccountability**: absence of an automatic blame culture but appropriate accountability for actions * ****_C_**ommunication**: communication and openness on all risk management issues and the lessons learned

Answer 38

* Conceptual skills which include things like planning, organising, decision making and strategic thinking. * Technical skills which include the areas we have covered in this course: the risk management process, risk analysis, risk control, enterprise risk management and insurance (or banking) knowledge. * Core competency skills including a range of personal skills, interpersonal skills and business skills.

Answer 39

The senior manager conduct rules are: * **Rule 1:** You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively. * **Rule 2:** You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system. * **Rule 3:** You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively. * **Rule 4:** You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.

Answer 40

1. Lack of understanding and belief that risk management will suppress entrepreneurship 2. lack of support and commitment from senior management 3. seen as just another initiative so relevance and importance are not accepted 4. benefits not perceived as being significant 5. not seen as a core part of business activity and too time consuming 6. approach too complicated and over analytical 7. responsibilities unclear and need for external consultants unclear 8. risks separated from where they arose and should be managed 9. risk management seen as a static activity not appropriate for a dynamic organisation 10. risk management too expensive and seeking to takeover all aspects of the company

Answer 41

* Rule 1: You must act with integrity. * Rule 2: You must act with due skill, care and diligence. * Rule 3: You must be open and co-operative with the FCA, the PRA and other regulators.

Answer 42

* **Good communication** of the organisation's expectations of all staff – this could be through policies, presentations, staff newsletters, induction processes, written documents, posters and job descriptions. Also, when staff are involved in the risk identification process this achieves greater buy in. * **Training programme**s that instil the right practices and knowledge. * **Investment in the use of effective I**T security tools with active and transparent monitoring of IT usage that is made clear to all employees. * Most importantly **senior managers must ‘set the tone from the top**’ and not operate on ‘do as I say rather than do as I do’ basis as this will quickly undermine any amount of good communication and training

Answer 43

* the risk management process * risk analysis * risk control * enterprise risk management and * insurance (or banking) knowledge

Answer 44

The drivers to conduct risk can vary and arise at various points throughout the customer journey. The impact/severity of the conduct risks and the appropriate approach to mitigating can be driven by: * the nature of the relationship with the client (e.g. retail or private banking client, personal lines insurance customer) * the types of products and services offered (e.g. current accounts, savings, lending, mortgages, investments, retirement planning, inheritance tax planning) * customer profile (including financial circumstances, knowledge and experience, objectives)

Answer 45

* Negotiation * Relationship building * Problem solving * Adaptable * Working under pressure

Answer 46

* **Know the stakeholders** by identifying external and internal stakeholders and finding out their concerns and interests * **simplify the language** and presentation although not the content if complex issues need to be communicated * **be objective** in the information provided and differentiate between opinions and facts * **communicate clearly** and honestly taking account of the level of understanding of the audience * **deal with uncertainty** and discuss situations where not all information is available and indicate what can be done to overcome these problems * **be cautious** when putting risks into perspective, although comparing an unfamiliar risk with a familiar one can be helpful * **develop key messages** that are clear, concise and to the point, with no more than three messages communicated at any one time * **be prepared to answer questions** and agreed to provide further information if it is not currently available

Answer 47

1. Quantitive requirements, incl. * Level of capital an insurer is expected to hold (e.g. solvency capital requirement; SCR) * Absolute minimum capital level before regulatory intervention (minimum capital requirement; MCR) 2. Qualitative requirements, incl. * Governance * Supervisory review * Own risk and solvency assessment (ORSA) 3. Reporting and disclosure requirements, incl. * To the regulator, through the solvency and financial condition report (SFCR) * To the supervisors

Answer 48

* Quantitative requirements * Credit risk * Market risk * Operational risk * Capital classification * Qualitative requirements and supervision * Governance principles * Supervisory review process * ICAAP * Disclosure (incl. annual disclosure reports) * Transparency * Good market discipline * Disclosure requirements

Answer 49

1. **The administrative, management or supervisory body (AMSB)** * The AMSB should have appropriate interaction with any committee it establishes as well as with senior management and with persons having other key functions * All organisations within the group should be engaged with the AMSB 2. **Organisational and operational structure** * There should be organisational and operational structures aimed at supporting the strategic objectives and operations of the firm, and should be adaptable * At group the AMSB should assess how changes to the group’s structure impact the financial position of the group and make the necessary adjustments in a timely manner * The AMSB, in order to take appropriate measures, should have an appropriate knowledge of the corporate organisation of the group, the business model of its different entities and the links and relationships between them and the risks arising from the group’s structure 3. **Significant decisions** * Any significant decision should involve at least two persons who effectively run the undertaking before the decision is being implemented. 4. **Documentation of decisions taken at the AMSB level** * The AMSB should appropriately document the decisions taken at the level of the AMSB and how information from the risk management system has been taken into account. 5. **Allocation and segregation of duties and responsibilities** * Duties and responsibilities should be allocated, segregated and coordinated in line with policies and reflected in descriptions of tasks and responsibilities. All the important duties should be covered and unnecessary overlaps are avoided. Effective cooperation between personnel should be fostered. 6. **Internal review of the system of governance** * The AMSB should determine the scope and frequency of internal reviews of the system of governance, taking into account the nature, scale and complexity of the business both at individual and at group level * The bank should ensure that the scope, findings and conclusions of the review are properly documented and reported to its AMSB

Answer 50

1. Board's overall responsibilities 2. Board's qualifications and composition 3. Board's own structure and practices 4. Senior management 5. Governance of group structures 6. Risk management 7. Risk identification, monitoring and controlling 8. Risk communication 9. Compliance 10. Internal audit 11. Compensation 12. Disclosure and transparency 13. The role of supervisors

Answer 51

* **Leadership** – Every company should be headed by an effective board which is collectively responsible for the long-term success of the company. * **Effectiveness** – The board and its committees should have the appropriate balance of skills, experience, independence and knowledge of the company to enable them to discharge their respective duties and responsibilities effectively. * **Accountability** – The board should present a fair, balanced and understandable assessment of the company’s position and prospects. The board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives. The board should maintain sound risk management and internal control systems. * **Remuneration** – Levels of remuneration should be sufficient to attract, retain and motivate directors of the quality required to run the company successfully, but a company should avoid paying more than is necessary for this purpose. * **Relations with shareholders** – There should be a dialogue with shareholders based on the mutual understanding of objectives. The board as a whole has responsibility for ensuring that a satisfactory dialogue with shareholders takes place.

Answer 52

* Set the overall strategic direction of the bank, incl. risk tolerance levels * Advise on recruitment and HR, guide the management team and set management compensation * Monitor the performance of the bank and review regular reports * Be qualified, personally and professionally, to act as directors with integrity and in the interests of shareholders * Meet regularly with senior management and internal auditors, to establish and approve policies * Review reporting lines, authority and responsibility of the banks senior management

Answer 53

1. uphold the highest ethical standards of integrity and probity 2. support executives and their leadership of the business 3. monitor the conduct of executives 4. question, debate, challenge and make decisions objectively 5. listen to the views of others inside and outside of the board 6. gain the trust and respect of other board members 7. promote the highest standards of corporate governance 8. seek compliance with the provisions of applicable governance codes

Answer 54

1. Facilitate its effective and efficient operation by enabling it to respond appropriately to significant business, operational, financial, compliance and other risks to achieving the company's objectives. 2. Help ensure the quality of internal and external reporting. 3. Help ensure compliance with applicable laws and regulations, and also with internal policies with respect to the conduct of business. The system will include: * control activities * information and communications processes * processes for monitoring the continuing effectiveness of the system of internal control.

Answer 55

**Six purposes of internal control** 1. Protect assets 2. record keeping 3. operational efficiency 4. adhere to policies and procedures 5. reliability of reporting 6. compliance 7. safeguard shareholders

Answer 56

1. **_C_**apabilities 2. **_A_**ctivities 3. **_S_**tandards 4. **_E_**thics

Answer 57

* **external audit** * recommend the appointment and reappointment of external auditors * review the performance and cost effectiveness of the external auditors * review the qualification, expertise and independence of external auditors * review and discuss any reports from the external auditors * **internal audit** * review internal audit and its relationship with external auditors * review and assess the annual internal audit plan * review promptly all reports from the internal auditors * review management response to the findings of the internal auditors * review activities, resource is an effectiveness of internal audit * **financial reporting** * review the annual and half year financial results * evaluate annual report against requirements of the governance code * review disclosure by CEO and CFO during certification of annual report * **regulatory reports** * review arrangements for producing the audited accounts * monitor and review standards of risk management and internal control * develop a code of ethics for CEO and other senior management roles * annually review the adequacy of the risk management process * receive reports on litigation, financial commitments and other liabilities * receive reports of any issues raised by whistle blowing activities

Answer 58

* Credit KRIs * VaR * Current ratio * Quick ratio * Days payable outstanding (DPO) * % invoices paid on time * Operational KRIs * % delayed * % staff turnover * % departments without KPIs * % KPIs not being met * no. accounting deadlines missed (internal) * no. regulatory report restatements * no, management report restatements * no. of post-close adjustments * % journal entries performed manually * Budget variance * no. notifications recieved by regulators * Cyber KRIs * Mean time between failure (MTBF) * Mean time to repair (MTTR) * System availability * IT service provider SLA adherance * % critical systems with patches * % systems in use no longer supported * % network devices not meeting config standards * % security incident false positives * % devices not covered by monitoring solutions * % employees recieving core training in the last year * % passwords not adhering to policy * % employees passing phishing tests * % employees who's IAM rights have been reviewed in the last 90 days * Mean time to incident detection (MTTID)

Answer 59

* ORSA * ICAAP * Disclosure Report

Answer 60

**4 key responsibilities of internal audit** 1. Examine actual business or organisational practises and controls 2. assess them against the required practises 3. discuss any shortfall or non compliance with local management 4. agree a return to full compliance or review and amend the required control environment

Answer 61

**The main reasons for the 2007 financial crisis:** The global financial crisis developed out of a liquidity crisis initiated in the US banking system 1. Banks assumed that re-packaged debts (incl. sub prime mortgages) would continue to be tradable commodities 2. Banks assumed that short term borrowing on the wholesale money markets would continue to be available 3. Regulators and bankers did not understand how important shadow banking institutions had become to the everyday functioning of financial markets 4. Banks did not always understand the risks of securitisation 5. Over reliance on ratings agencies

Answer 62

The Turner Review suggested changes to: * capital, accounting and liquidity rules for banks * the regulation of international businesses, recognising the economic substance of the structure rather than the pure legal form (i.e. how do they really run their business?) * the use of credit rating agencies and the information they produce * the remuneration policies of banks * approaches by supervisors * risk management and governance structures, in particular the skills required, processes and structures

Answer 63

* Cybercrime and data security – deliberate hacking and the stealing of customer information. * Fintech – the ability of non-banks to develop and offer new products that are cheaper and easier to use than traditional banking and insurance products. * Crowdfunding and peer-to-peer lending – such platforms provide the means for borrowers to raise fund directly from investors cutting out banks. * Block chain – the technology that supports Bitcoin, and other ‘crypto-currencies’ is being looked at as an alternate to current practice that could improve the speed and accuracy of transaction processing, such as bank payments. * Artificial intelligence – this increasingly being used to developed automated risk assessment and decision-making systems that learn from experience rather than having to be pre-programmed. * Driverless cars – this could change the face of motor insurance.

Lists Flashcards

(88 cards)