OpRisk & IRM MCQs for CAIIB BFM (Unit 16) Module B

Correct Answer: B. Risk of loss from inadequate or failed internal processes, people, systems, or from external events. This is the exact definition provided by the Basel Committee.

Correct Answer: B. Deviations from normal function. The syllabus states that operational risk arises from deviations from normal function.

Correct Answer: B. Omission or commission. Human failures causing operational risk include errors of omission or commission.

Correct Answer: B. Increased expenses and loss of revenue opportunities. Operational risk can lead to higher costs and missed chances to earn revenue.

Correct Answer: B. Basel II. Basel II explicitly recognized the importance of operational risk and mandated capital allocation for it.

Correct Answer: C. Decreased competition. Increased competition is listed as a driver for the growing importance of operational risk.

Correct Answer: B. There is less time for systems to stabilize compared to traditional banking. The modern banking environment allows less time for systems to become stable.

Correct Answer: C. Reduced risk capital. Effective operational risk management can lead to a reduction in the amount of capital needed to cover risks.

Correct Answer: C. Technology changes. Poor testing and training are associated with the risk factor of technology changes.

Correct Answer: B. Process changes. Inadequate assessment is linked to the risk factor of process changes.

Correct Answer: C. Human factors. Errors, fraud, and lack of training are examples of human factors contributing to operational risk.

Correct Answer: D. External events. Disasters, cyberattacks, and regulatory changes are classified as external events.

Correct Answer: B. It exists in nearly all activities of an organization. Operational risk is ubiquitous, meaning it’s present in almost all activities.

Correct Answer: B. They vary depending on the specific type of operational risk. The impact and frequency of operational risk can differ significantly.

Correct Answer: B. Low-frequency, high-impact risks. These types of risks are considered a greater threat due to their potentially severe consequences.

Correct Answer: C. Internal Fraud. Internal Fraud is one of the categories in the Basel II event-based classification.

Correct Answer: C. Internal Fraud. This category specifically covers losses from intentional internal actions.

Correct Answer: B. External Fraud. This category includes losses caused by intentional actions of external parties.

Correct Answer: C. Employment Practices and Workplace Safety. This category covers legal and agreement violations related to employment and safety.

Correct Answer: C. Clients, Products, and Business Practices. This category addresses losses from failures in serving clients appropriately.

Correct Answer: C. Damage to Physical Assets. This category includes losses from physical damage to assets.

Correct Answer: B. Business Disruption and System Failures. This category covers losses from interruptions and system breakdowns.

Correct Answer: D. Execution, Delivery, and Process Management. This category deals with failures in transaction handling, process management, and vendor relationships.

Correct Answer: C. Board and senior management. (Rule/Principle 1) They are responsible for setting the tone and standards for risk management.

Correct Answer: B. Overall risk management. (Rule/Principle 2) The operational risk framework should be part of the broader risk management approach.

Correct Answer: B. Establishing, approving, and reviewing the operational risk framework. (Rule/Principle 3) This is a core responsibility of the board.

Correct Answer: B. Overseeing senior management’s implementation of the framework. (Rule/Principle 3) The board ensures senior management is putting the framework into practice.

Correct Answer: B. The bank’s risk appetite and tolerance statement for operational risk. (Rule/Principle 4) This defines the level of risk the bank is willing to accept.

Correct Answer: B. Developing and implementing a clear governance structure with defined responsibilities. (Rule/Principle 5) Senior management sets up the organizational structure for managing operational risk.

Correct Answer: B. The approved risk appetite. (Rule/Principle 5) All operational aspects should be consistent with the bank’s risk tolerance.

Correct Answer: B. Identify and assess it. (Rule/Principle 6) A crucial step is to recognize and evaluate potential operational risks.

Correct Answer: B. Full operational risk assessment. (Rule/Principle 7) New initiatives should be evaluated for potential operational risks beforehand.

Correct Answer: B. Monitor them and report to relevant stakeholders. (Rule/Principle 8) Continuous monitoring and reporting are essential for effective management.

Correct Answer: B. Policies, processes, systems, internal controls, and risk mitigation strategies. (Rule/Principle 9) A combination of these elements creates a robust control environment.

Correct Answer: B. Business resiliency and continuity plans. (Rule/Principle 10) These plans help maintain operations during unexpected events.

Correct Answer: B. Public disclosures regarding the bank’s operational risk management approach. (Rule/Principle 11) Transparency about risk management is important.

Correct Answer: B. It must be approved by the Board of Directors. Board approval signifies the importance and authority of the policy.

Correct Answer: B. Act upon the warnings provided. Senior management should take appropriate steps based on the information provided by risk managers.

Correct Answer: C. Board of Directors. (Role) The Board of Directors has the ultimate responsibility for the ORM framework.

Correct Answer: C. Board of Directors. (Role) The Board has the authority to approve and periodically review the ORM framework.

Correct Answer: C. Board of Directors. (Role) The Board is tasked with ensuring the ORM framework is thoroughly audited internally.

Correct Answer: C. Operational Risk Management Committee (ORMC). (Role) The ORMC is specifically responsible for these tasks.

Correct Answer: B. Operational Risk Management Committee (ORMC). (Role) The ORMC establishes the standards for risk assessment and measurement.

Correct Answer: C. Operational Risk Management Committee (ORMC). (Role) The ORMC plays a role in ensuring sufficient controls are implemented.

Correct Answer: B. Operational Risk Management Committee (ORMC). (Role) The ORMC takes the lead in putting the Board-approved framework into action.

Correct Answer: C. Operational Risk Management Department (ORMD). (Role) The ORMD is responsible for carrying out the ORM procedures.

Correct Answer: C. Operational Risk Management Department (ORMD). (Role) The ORMD is responsible for identifying and evaluating these inherent risks.

Correct Answer: C. Operational Risk Management Department (ORMD). (Role) The ORMD plays a crucial role in evaluating risks in new initiatives.

Correct Answer: C. Operational Risk Management Department (ORMD). (Role) The ORMD is responsible for tracking and monitoring the risk profiles.

Correct Answer: C. Senior management and the Board. (Role) The ORMD provides reports on operational risk to both senior management and the Board.

Correct Answer: B. It must be operationally independent. Independence is crucial for the integrity of the audit process.

Correct Answer: C. Process mapping. (Process) Process mapping is listed as a key component of the ORM framework.

Correct Answer: B. Scorecards and self-assessment. (Process) These are examples of qualitative risk assessment techniques.

Correct Answer: B. An incident reporting framework for data collection. (Monitor) This is a key aspect of monitoring and controlling operational risk.

Correct Answer: B. ORM monitoring and control. (Monitor) This is a continuous activity within ORM.

Correct Answer: B. To determine the frequency and probability of future events. (Monitor) This data helps in understanding and predicting risks.

Correct Answer: C. ORM monitoring and control. (Monitor) Identifying and managing significant risk exposures is crucial.

Correct Answer: B. It needs to be responsive to the ORM framework needs. (Monitor) The IT infrastructure should be aligned with the ORM requirements.

Correct Answer: C. Because these losses typically do not follow a normal statistical distribution. This makes standard statistical estimation methods less reliable.

Correct Answer: C. Basic Indicator Approach (BIA). BIA is one of the recognized approaches.

Correct Answer: B. 15% of the average positive annual gross income over the previous three years. (Formula) This is the formula for BIA capital calculation.

Correct Answer: C. Provisions. Provisions are specifically excluded from the definition of Gross Income for BIA and TSA.

Correct Answer: B. By multiplying the gross income of each of the 8 defined business lines by a specific beta factor for that line and summing the results. (Formula) This describes the calculation under TSA.

Correct Answer: B. Approval from the Reserve Bank of India (RBI). RBI approval is necessary for this migration.

Correct Answer: C. Advanced Measurement Approach (AMA). AMA allows banks to use their own internal models.

Correct Answer: B. It requires supervisory approval. Regulatory approval is mandatory for using AMA.

Correct Answer: C. AMA is more risk-sensitive. (Compare/Contrast) AMA is designed to be more tailored to a bank’s specific risk profile.

Correct Answer: B. Internal loss data. This is a crucial input for AMA capital calculation.

Correct Answer: C. Capped at 20% of the total capital charge. Insurance mitigation has a specific limit under AMA.

Correct Answer: B. Five years. Banks initially need at least five years of internal loss data for AMA.

Correct Answer: C. Seven years. The requirement is intended to increase to seven years.

Correct Answer: B. Estimated probability of occurrence, estimated potential financial impact, and estimated impact of internal controls. (Formula) These are the three components of the generic risk estimation.

Correct Answer: C. Advanced Measurement Approach (AMA). Insurance mitigation for operational risk is only allowed under AMA.

Correct Answer: C. 20%. The benefit of insurance for capital calculation is capped at 20% under AMA.

Correct Answer: C. Standardized Measurement Approach (SMA). SMA is being considered as a simpler alternative to AMA.

Correct Answer: C. Internal Loss Data. Internal Loss Data is one of the four key inputs for AMA.

Correct Answer: C. Often structured by event types and business lines (e.g., 7×8 matrix). This structure facilitates analysis and reporting.

Correct Answer: C. It is particularly useful for modeling low-frequency, high-severity events. External data helps when internal data for such events is limited.

Correct Answer: C. CORDEx India. (Example source) CORDEx India is provided as an example source for external loss data.

Correct Answer: B. To evaluate exposure to high-severity, low-probability operational risk events. (Process) Scenario analysis focuses on rare but potentially significant events.

Correct Answer: C. Business Environment and Internal Control Factors. BEICF is a key component of AMA.

Correct Answer: C. It is a forward-looking assessment considering business risk factors and the effectiveness of internal controls. BEICF aims to anticipate future risks.

Correct Answer: C. Risk and Control Self-Assessment (RCSA). RCSA is listed as a key tool within BEICF.

Correct Answer: B. An internal process where units assess their operational risks and the effectiveness of their controls, identifying gaps. This is the definition of RCSA provided in the syllabus.

Correct Answer: B. Metrics tracked over time that indicate changes in operational risk levels or potential future losses. This is the definition of KRIs.

Correct Answer: C. A Key Risk Indicator (KRI). High staff turnover can signal potential operational risks.

Correct Answer: C. Integrated Risk Management. This is the full form of IRM.

Correct Answer: B. A coordinated approach to managing all types of risks across the entire organization. IRM takes a holistic view of risk.

Correct Answer: C. It considers the interrelationships, correlations, and diversification effects between different risk types. IRM acknowledges how different risks can influence each other.

Correct Answer: C. Provides a holistic view of risk, leading to better risk-adjusted performance measurement and more strategic capital allocation. IRM offers a comprehensive understanding of the overall risk landscape.

Correct Answer: C. It integrates risk into business processes and centralizes risk oversight. This integration is crucial for long-term stability.

Correct Answer: B. It aligns risk strategy with operations. This alignment ensures that risk considerations are embedded in business activities.

Correct Answer: D. Overcoming cultural resistance and business unit silos. This is a common hurdle in IRM implementation.

Correct Answer: B. Incomplete risk data. Accurate data is essential for effective IRM.

Correct Answer: B. It enables improved capital allocation by relating capital reserves more accurately to quantified risk exposure. IRM helps in optimizing capital usage.

Correct Answer: B. By using risk-adjusted measures. IRM allows for a more accurate evaluation of performance by factoring in the risks taken.

Correct Answer: B. A performance measure enabled by IRM, relating return to the economic capital required for the risk taken. RAROC is a key performance indicator in IRM.

Correct Answer: B. An analysis facilitated by IRM, comparing risk-adjusted returns against the cost of capital. EVA helps in evaluating the true profitability after considering risk.

Correct Answer: C. By comparing the costs of risk transfer against the reduction in required economic capital. IRM helps in making cost-effective decisions about risk transfer strategies.

Correct Answer: B. Centralized risk management integration. Strategy in IRM involves integrating risk management centrally.

Correct Answer: B. Establishing a structure, which may include the role of a Chief Risk Officer (CRO). Organization refers to the structural aspect of IRM.

Correct Answer: B. Standardizing the way risks are handled across the organization. Process in IRM emphasizes consistency in risk management.

Correct Answer: C. Integrated IT and analytical tools to support risk management. Systems in IRM involve leveraging technology for effective risk management.

Correct Answer: C. Reports directly to the Managing Director (MD)/Chief Executive Officer (CEO) or Board. (Role) This reporting structure ensures the CRO has sufficient authority and independence.

Correct Answer: B. The credit risk management function should be separate from the credit sanctioning function. This separation helps in maintaining objectivity and preventing conflicts of interest.

Correct Answer: B. Top-down, consistent with strategic objectives and risk appetite. This ensures alignment with the overall goals and risk tolerance of the organization.

Correct Answer: B. To communicate risk appetite, control exposures, delegate authority, and adopt a common risk language via quantification. Integrated limits promote consistency and understanding of risk across the organization.

Correct Answer: B. To provide management with a holistic view of all risks across the entity, quantifying sources and estimating total exposure. Integrated reporting offers a comprehensive understanding of the overall risk profile.

Correct Answer: B. An integrated Information Technology (IT) architecture. Integration of IT systems is crucial for effective IRM.

Correct Answer: B. By potentially offering lower capital requirements for banks demonstrating sophisticated and compliant risk identification, measurement, and control systems. (Cause/Effect) Basel III recognizes and rewards strong risk management practices.

Correct Answer: C. It is ubiquitous (exists everywhere), variable (differing frequency/impact), and dynamic (changes with the organization). This summarizes the nature of operational risk.

Correct Answer: C. Internal Fraud. This is one of the defined Basel event types for operational risk.

Correct Answer: B. It requires a Board-approved policy. Board approval signifies the importance of ORM.

Correct Answer: C. Capital = 15% * Avg. 3-year Gross Income. This is the formula for BIA.

Correct Answer: C. Capital based on Gross Income * Beta Factors across 8 business lines. This describes the TSA calculation.

Correct Answer: C. Capital based on bank’s internal models (using internal/external data, scenarios, BEICF). AMA allows banks to use their own models.

Correct Answer: C. Allowed only under AMA, limited to 20% of capital charge, and subject to specific criteria. Insurance mitigation has specific conditions under AMA.

Correct Answer: C. Replaced BIA and AMA with the Standardized Measurement Approach (SMA) for certain banks from April 1, 2023. RBI has implemented SMA for larger banks.

Correct Answer: C. Scheduled Commercial Banks with a Business Indicator (BI) exceeding ₹8,000 crore. This specifies the criteria for SMA implementation by RBI.

Correct Answer: B. Business Indicator (BI), Business Indicator Component (BIC), and an Internal Loss Multiplier (ILM). These are the key components of RBI’s SMA calculation.

Correct Answer: B. A minimum of 5 years of internal loss data, including individual losses exceeding a threshold of ₹100,000. This outlines the RBI’s requirement for loss data under SMA.

Correct Answer: C. To achieve a holistic risk view, improve risk-adjusted performance, optimize capital use, enhance transparency, and align risk strategy with operations. This summarizes the key objectives of IRM.

Correct Answer: D. Real-time data integration. This is a common hurdle in IRM implementation.

Correct Answer: B. Strategy, Organization (incl. CRO), Process, Systems. These are the key components of IRM implementation.

Correct Answer: C. Risk-Adjusted Return on Capital (RAROC). RAROC is a performance measure used in IRM.