Internal loss data (ILD) consists of what kind of data?
Correct Answer: B
Definition of Internal Loss Data (ILD) Internal Loss Data (ILD) refers to historical records of actual operational losses incurred by a bank. These losses are used for risk assessment, capital calculations, and trend analysis under Basel III's Operational Risk Framework. Key Characteristics of ILD Captures actual past loss events, such as fraud, system failures, and compliance breaches. Supports the identification of risk trends and weak control areas. Used for operational risk capital modeling, along with external loss data and scenario analysis. Why Other Answers Are Incorrect Option Explanation: A . It consists of near miss operational loss incidents of a bank. Incorrect - ILD captures actual losses, while near misses are reported separately. C . It consists of the Key Risk Indicators of a bank. Incorrect - KRIs are forward-looking risk metrics, while ILD focuses on historical data. D . It consists of scenario data developed to calculate the future operational loss incidents of a bank. Incorrect - ILD is historical, whereas scenario data is used for predictive analysis. PRMIA Reference for Verification Basel III & PRMIA Operational Risk Data Framework PRMIA Risk Management Standards for ILD
Question 2
In Operational Resilience, which of the following is not an important measure of whether a Business Service can be considered Critical?
Correct Answer: C
Step 1: Definition of a Critical Business Service in Operational Resilience A Critical Business Service is one whose failure could result in severe harm to customers, financial markets, or the firm's viability. Regulators (e.g., Bank of England, Basel Committee, PRMIA) define three primary factors for identifying critical services: Customer impact Market integrity impact Firm viability impact Step 2: Why Option C Is Incorrect Risk appetite is an internal business decision, not an external measure of criticality. A service can be critical even if its disruption stays within risk appetite. Criticality is based on external impacts, not just internal risk limits. Step 3: Why the Other Options Are Correct Option A ("Material customer detriment") → Correct as customer harm defines critical services. Option B ("Harm to market integrity") → Correct as market stability is a regulatory priority. Option D ("Threaten firm viability") → Correct as critical services often determine business survival. PRMIA Risk Reference Used: PRMIA Operational Resilience Framework - Defines criteria for critical business services. Basel Committee Operational Risk Guidelines - Highlights customer, market, and firm viability as resilience factors. Final Conclusion: Risk appetite is an internal benchmark, not a measure of critical service designation, making Option C the correct answer.
Question 3
An example of Credit Risk events with an Operational Risk component included?
Correct Answer: D
Step 1: Understanding Credit Risk with an Operational Risk Component Credit Risk: Risk of loss due to borrower default. Operational Risk: Risk of loss due to failed internal processes, fraud, or misconduct. Step 2: Why Option D is Correct Ponzi Schemes: Fraudulent investment scams disguise credit risk as legitimate lending but collapse when new funds dry up. Rogue Trading: Traders take unauthorized risks that can lead to credit defaults or massive financial losses. Step 3: Why the Other Options Are Incorrect Option A ("Failure in loan approval process") → This is an Operational Risk issue, but does not always create Credit Risk. Option B ("Ponzi Schemes") → Partially correct, but does not include Rogue Trading, which is also a credit risk-related operational failure. Option C ("Rogue Trading") → Partially correct, but does not include Ponzi Schemes, which are another key example. PRMIA Risk Reference Used: PRMIA Operational Risk Framework - Highlights fraud-based Credit Risk events. Basel II/III Operational Risk Guidelines - Discusses trading misconduct and credit risk misrepresentation. Final Conclusion: Both Ponzi Schemes and Rogue Trading involve credit risk failures caused by operational misconduct, making Option D the correct answer.
Question 4
Risk and compliance functions often work together; which of the following best desribes the issue with a "zero risk appetite"?
Correct Answer: C
Understanding Zero Risk Appetite in Compliance A zero risk appetite means the organization does not tolerate any compliance breaches. However, in real-world risk management, it is often impractical to have zero risk exposure. Some compliance violations may occur despite strong controls, making a strict zero-risk stance unrealistic. Why Answer C is Correct If an organization adopts a zero risk appetite for compliance, any compliance issue, even minor ones, would breach this policy. This contradicts practical risk management, which allows for some residual risk while maintaining controls. Why Other Answers Are Incorrect Option Explanation: A . A zero risk appetite is illegal under all known regulations. Incorrect - It is not illegal, but it is impractical in many industries. B . It means that there can be a risk self-assessment workshop for the compliance department. Incorrect - Self-assessments are part of compliance but do not define zero risk appetite issues. D . It will result in a compliance investigation conducted by the first line. Incorrect - Investigations are typically conducted by the second or third line of defense (compliance or audit), not the first line. PRMIA Reference for Verification PRMIA Risk Appetite Guidelines Basel & ISO 31000 Risk Management Frameworks
Question 5
The The Task Force on Climate-related Financial Disclosures (TCFD) was founded by which body?
