Module: | MODULE B: RISK MANAGEMENT
Q404: Scenario: A commercial bank faces two distinct loss events. Event A involves a disgruntled employee intentionally altering internal trading records to hide a multi-million dollar loss. Event B involves an organized crime syndicate hacking into the bank's customer database to steal credit card details. Based on Basel operational risk event type guidelines, consider the following statements:
1. Event A must be classified under the "Internal Fraud" event type because it involves an intentional mismarking of positions by an employee.
2. Event B must be classified under the "Business Disruption and System Failures" event type because the hacking incident primarily disrupted the IT systems.
3. Event B is correctly classified as "External Fraud" due to the involvement of a third party committing theft of information.
Which of the statements given above is/are correct?
2. Event B must be classified under the "Business Disruption and System Failures" event type because the hacking incident primarily disrupted the IT systems.
3. Event B is correctly classified as "External Fraud" due to the involvement of a third party committing theft of information.
Which of the statements given above is/are correct?
✅ Correct Answer: B
The correct answer is B. Statement 1 is correct: Event A involves an employee intentionally circumventing internal controls and altering records.
Under Basel guidelines, acts intended to defraud, misappropriate property, or circumvent regulations, the law, or company policy, which involve at least one internal party (e.g., intentional mismarking of positions, bribery), are classified strictly as "Internal Fraud". Statement 2 is incorrect: Event B is a malicious attack intended to steal data. "Business Disruption and System Failures" is reserved for accidental or non-malicious system downtime, hardware/software failures, or utility outages.
A targeted hack by a crime syndicate is a deliberate act of theft.
Statement 3 is correct: Event B falls under "External Fraud", which covers acts of a type intended to defraud, misappropriate property, or circumvent the law, by a third party.
This explicitly includes theft of information, hacking damage, and third-party theft or forgery.
Therefore:
Option A is incorrect because Statement 2 is false.
Option B is correct as both Statement 1 and 3 are true.
Option C is incorrect because Statement 2 is false.
Option D is incorrect because Statement 2 is false.
Under Basel guidelines, acts intended to defraud, misappropriate property, or circumvent regulations, the law, or company policy, which involve at least one internal party (e.g., intentional mismarking of positions, bribery), are classified strictly as "Internal Fraud". Statement 2 is incorrect: Event B is a malicious attack intended to steal data. "Business Disruption and System Failures" is reserved for accidental or non-malicious system downtime, hardware/software failures, or utility outages.
A targeted hack by a crime syndicate is a deliberate act of theft.
Statement 3 is correct: Event B falls under "External Fraud", which covers acts of a type intended to defraud, misappropriate property, or circumvent the law, by a third party.
This explicitly includes theft of information, hacking damage, and third-party theft or forgery.
Therefore:
Option A is incorrect because Statement 2 is false.
Option B is correct as both Statement 1 and 3 are true.
Option C is incorrect because Statement 2 is false.
Option D is incorrect because Statement 2 is false.