Chapter 16: Operational Risk and Integrated Risk Management (CAIIB – Paper 2)

1. What is the primary focus of operational risk in banking?

  • A. Market fluctuations affecting asset prices
  • B. Credit defaults by borrowers
  • C. Losses from inadequate or failed internal processes, people, systems, or external events
  • D. Liquidity shortages in the bank
Operational risk refers to the potential losses a bank may suffer due to failures in internal processes, people, systems, or from external events, unlike credit or market risks.

2. Which of the following is NOT a common classification of operational risk?

  • A. People risk
  • B. Interest rate risk
  • C. Systems risk
  • D. External event risk
Interest rate risk is a type of market risk, not operational risk. Operational risk is generally classified into people, process, system, and external event risks.

3. Event type classification of operational risk includes all EXCEPT:

  • A. Internal fraud
  • B. External fraud
  • C. Business disruption & system failures
  • D. Credit rating downgrade
Credit rating downgrade is related to credit risk, not an event type of operational risk. Operational risk event types include internal fraud, external fraud, process failures, and system failures.

4. Which of the following best describes 'integrated risk management'?

  • A. A holistic approach combining operational, credit, and market risk management to optimize risk-return
  • B. Managing only operational risks in isolation
  • C. Compliance with RBI directives only
  • D. Monitoring liquidity ratios only
Integrated risk management considers all major risks (operational, credit, market, liquidity) together to ensure a bank optimizes its risk-return profile and avoids isolated risk management.

5. Examples of external event operational risk include:

  • A. Employee fraud and mismanagement
  • B. Natural disasters, terrorism, or cyber-attacks by outsiders
  • C. Process errors in loan sanctioning
  • D. System downtime due to internal software bug
External event risks are caused by factors outside the bank's control, such as natural disasters, external fraud, terrorism, or cyber-attacks.

6. Which statement correctly distinguishes operational risk from other banking risks?

  • A. Operational risk is always quantifiable like market risk
  • B. Operational risk only arises from external threats
  • C. Operational risk arises from failures in internal processes, people, systems, or external events, unlike credit or market risk
  • D. Operational risk does not require capital allocation
Operational risk is distinct from credit and market risk because it arises from internal failures or external events, and banks are required to hold capital against operational risk under Basel II/III norms.

7. What is the primary objective of operational risk management (ORM)?

  • A. Maximizing profits by taking higher operational risks
  • B. Identifying, assessing, monitoring, and mitigating operational risks to reduce losses
  • C. Focusing only on credit and market risk
  • D. Eliminating all risks completely
Operational Risk Management aims to minimize losses from internal failures or external events by proactively identifying, assessing, monitoring, and mitigating risks, rather than eliminating them completely.

8. Who is primarily responsible for implementing operational risk management in a bank?

  • A. External auditors only
  • B. RBI directly
  • C. Bank management through a defined ORM framework and organisational structure
  • D. Branch customers
ORM is implemented by the bank's management using a structured framework, with defined responsibilities and processes. Regulators set guidelines, but operational responsibility lies with the bank.

9. Which of the following best describes the ORM organizational structure?

  • A. A hierarchy where risk management roles are defined at board, senior management, and operational levels
  • B. Only one person is responsible for all operational risks
  • C. No formal structure, handled ad-hoc by departments
  • D. Outsourced entirely to third-party consultants
A formal ORM structure ensures clarity of roles and responsibilities, with oversight from the board, senior management, and operational teams, to effectively manage operational risks.

10. Which is NOT typically included in the operational risk management framework?

  • A. Risk identification and assessment
  • B. Risk monitoring and reporting
  • C. Risk mitigation and control measures
  • D. Setting interest rates for loans
Operational risk management frameworks focus on identifying, assessing, monitoring, and mitigating risks, but they do not deal with setting loan interest rates.

11. Which process helps in understanding the likelihood and impact of operational risks?

  • A. Strategic planning
  • B. Risk assessment and measurement
  • C. Marketing analysis
  • D. Asset-liability management only
Risk assessment and measurement evaluate the probability and potential impact of operational risks to prioritize mitigation efforts effectively.

12. A strong ORM framework in banks typically includes:

  • A. Only external audits
  • B. Only branch-level monitoring
  • C. Policies, processes, roles, responsibilities, monitoring, and reporting
  • D. Ignoring low-value operational risks
A strong operational risk framework includes formal policies, defined processes, clear roles and responsibilities, continuous monitoring, and structured reporting.

13. What is the primary purpose of operational risk monitoring?

  • A. To continuously track risk events, losses, and control effectiveness
  • B. To calculate interest income
  • C. To increase operational costs unnecessarily
  • D. To report only to regulators without internal use
Operational risk monitoring ensures that all risk events and losses are tracked, controls are effective, and corrective actions are taken promptly to minimize impact.

14. Which of the following is a common tool for monitoring operational risk?

  • A. Credit scoring only
  • B. Interest rate hedging
  • C. Key Risk Indicators (KRIs) and loss event databases
  • D. Inflation rate monitoring
KRIs and loss event databases are essential tools for monitoring operational risk, allowing banks to detect potential risk exposures early and take corrective action.

15. Operational risk quantification primarily helps banks in:

  • A. Determining employee salaries
  • B. Calculating capital required to cover potential operational losses
  • C. Setting branch opening targets
  • D. Assessing market competition
Quantification of operational risk helps banks estimate potential losses and determine the capital needed to absorb such losses as per regulatory requirements (Basel II/III).

16. Which of the following methods is commonly used for operational risk quantification?

  • A. Discounted cash flow method
  • B. Ratio analysis only
  • C. Basic Indicator Approach, Standardized Approach, and Advanced Measurement Approach
  • D. Asset-liability matching
Basel II/III guidelines allow banks to use the Basic Indicator Approach, Standardized Approach, or Advanced Measurement Approach for quantifying operational risk capital.

17. Which of the following is a benefit of operational risk quantification?

  • A. Better allocation of capital to cover potential losses
  • B. Increasing the likelihood of operational failures
  • C. Reducing the need for internal controls
  • D. Eliminating regulatory compliance requirements
Quantifying operational risk allows banks to allocate capital effectively, prepare for potential losses, and strengthen internal controls to minimize impact.

18. Which of the following statements is TRUE regarding operational risk monitoring and control?

  • A. It focuses only on market and credit risk events
  • B. It involves identifying, measuring, mitigating, and reporting operational risk events continuously
  • C. It is done once a year only
  • D. It eliminates all operational risk completely
Effective operational risk monitoring and control is continuous and includes identification, measurement, mitigation, and reporting of risk events to ensure timely action and regulatory compliance.

19. What is the main objective of operational risk mitigation?

  • A. Increasing operational complexity
  • B. Maximizing risk exposure for higher returns
  • C. Reducing the probability and impact of operational risk events
  • D. Avoiding regulatory reporting
Operational risk mitigation aims to implement controls, policies, and procedures to reduce the likelihood and impact of potential risk events.

20. Which of the following is NOT a common operational risk mitigation technique?

  • A. Process redesign to remove risk-prone steps
  • B. Employee training and awareness programs
  • C. Implementation of robust IT systems and controls
  • D. Ignoring minor risk events
Ignoring minor risk events is not a mitigation technique; all risks, even small ones, should be monitored to prevent escalation and ensure effective control.

21. Scenario analysis in operational risk management is used to:

  • A. Forecast only market risk fluctuations
  • B. Assess potential impact of hypothetical operational risk events
  • C. Evaluate employee performance
  • D. Set interest rates for loans
Scenario analysis simulates hypothetical operational risk events to estimate potential losses and test the effectiveness of controls and mitigation strategies.

22. Which of the following best describes the process of scenario analysis?

  • A. Randomly guessing possible risk events without data
  • B. Reviewing only past loss events
  • C. Identifying potential risk events, estimating their impact, and evaluating control effectiveness
  • D. Ignoring regulatory requirements
Scenario analysis is a structured approach to identify potential operational risk events, estimate their impact, and assess the effectiveness of existing controls.

23. Which of the following is a key benefit of operational risk mitigation?

  • A. Eliminates all risks completely
  • B. Reduces potential financial losses and improves operational efficiency
  • C. Increases complexity without benefit
  • D. Eliminates need for internal audits
Mitigation techniques reduce the likelihood and severity of losses, strengthen internal controls, and improve overall operational efficiency in the bank.

24. Which of the following would be considered a scenario for operational risk analysis?

  • A. A sudden IT system failure affecting multiple branches
  • B. Fraud by an employee handling customer accounts
  • C. Both A and B
  • D. Neither A nor B
Scenario analysis evaluates hypothetical events like system failures or internal fraud to understand potential operational losses and prepare mitigation strategies.

25. What is the main objective of Integrated Risk Management (IRM) in banks?

  • A. Focusing solely on operational risk
  • B. Ignoring market and credit risks
  • C. Managing credit, market, operational, and other risks collectively to optimize risk-return
  • D. Eliminating all risks completely
Integrated Risk Management (IRM) ensures that all types of risks—credit, market, operational, liquidity, etc.—are managed holistically to optimize overall risk-return, rather than in isolation.

26. Which of the following is a key reason why banks adopt Integrated Risk Management?

  • A. To focus only on regulatory compliance
  • B. To gain a comprehensive view of all risks and avoid risk concentration
  • C. To reduce capital requirements to zero
  • D. To ignore operational losses
IRM provides a consolidated view of all risks, helps prevent concentration of risk, and supports informed decision-making for capital allocation and risk mitigation.

27. Which of the following statements about Integrated Risk Management is TRUE?

  • A. It manages risks independently without considering correlations
  • B. It focuses only on historical loss data
  • C. It considers correlations between different risks to improve overall risk assessment
  • D. It replaces operational risk management entirely
IRM recognizes that risks are often interrelated, and understanding correlations helps banks optimize capital allocation and reduce unexpected losses.

28. Which of the following is NOT a necessity for implementing Integrated Risk Management?

  • A. Unified risk governance framework
  • B. Centralized reporting and monitoring
  • C. Identification and aggregation of all major risks
  • D. Focusing only on profit maximization without risk assessment
Effective IRM requires structured governance, centralized monitoring, and aggregation of risks. Ignoring risk assessment for profit maximization contradicts the principles of IRM.

29. Which of the following benefits is associated with Integrated Risk Management?

  • A. Eliminates all regulatory reporting
  • B. Reduces the need for internal controls
  • C. Provides a holistic risk view, reduces surprises, and optimizes capital allocation
  • D. Focuses solely on operational risk events
IRM provides a consolidated view of all risks, minimizes unexpected losses, supports informed decision-making, and helps optimize capital allocation across risk types.

30. How does Integrated Risk Management help in regulatory compliance?

  • A. By eliminating operational risks completely
  • B. By providing consolidated risk reporting and demonstrating effective risk management practices
  • C. By ignoring credit and market risk exposures
  • D. By reducing capital requirements to zero
IRM enables banks to provide integrated risk reports to regulators, demonstrate effective risk governance, and ensure compliance with Basel and RBI guidelines.

31. Which of the following is a common challenge in implementing Integrated Risk Management (IRM)?

  • A. Lack of any operational risks
  • B. Easy aggregation of all risk types
  • C. Difficulty in integrating data and processes across credit, market, and operational risks
  • D. Excess capital availability
One of the major challenges of IRM is integrating disparate risk data, processes, and reporting systems across various risk types like credit, market, and operational risk.

32. Which factor makes IRM implementation difficult in banks?

  • A. Simple organizational structure
  • B. Fragmented systems and lack of coordination among departments
  • C. Availability of centralized risk data
  • D. Strong board oversight
Fragmented systems, siloed departments, and lack of coordination hinder effective IRM implementation, making it difficult to get a consolidated view of risks.

33. Which of the following approaches is central to Integrated Risk Management?

  • A. Managing only operational risk in isolation
  • B. Ignoring risk correlations
  • C. Holistic approach combining credit, market, operational, and other risks to optimize capital and minimize losses
  • D. Managing only regulatory reporting without actual risk mitigation
The IRM approach is holistic, integrating all risk types, considering correlations, and enabling optimal capital allocation while minimizing unexpected losses.

34. Which of the following is a key benefit of adopting an Integrated Risk Management approach?

  • A. Ignoring operational and market risks
  • B. Better understanding of aggregate risk exposure and improved decision-making
  • C. Reduced need for board oversight
  • D. Increased regulatory penalties
IRM enables banks to view all risks collectively, improve risk-informed decisions, reduce unexpected losses, and optimize capital allocation.

35. Which statement best describes the approach to Integrated Risk Management?

  • A. Reactive approach responding only to losses
  • B. Focusing only on market risk mitigation
  • C. Proactive, forward-looking, and inclusive of all risk types with continuous monitoring
  • D. Ignoring risk interdependencies
The IRM approach is proactive and forward-looking, integrating all types of risks, continuously monitoring, and considering correlations to prevent unexpected losses.

36. Which of the following challenges is specifically related to data in Integrated Risk Management?

  • A. Excessive regulatory capital
  • B. Too many skilled personnel
  • C. Lack of accurate, timely, and integrated risk data across departments
  • D. Strong risk culture
One of the main challenges in IRM is the absence of accurate, timely, and integrated risk data across different departments, making consolidated risk assessment difficult.

37. Bank A has the following standalone capital requirements for risks: Credit Risk = ₹100 crore, Market Risk = ₹50 crore, Operational Risk = ₹30 crore. If the risks are uncorrelated, what is the total capital requirement under simple aggregation?

  • A. ₹150 crore
  • B. ₹180 crore
  • C. ₹200 crore
  • D. ₹160 crore
Total capital requirement under simple aggregation (uncorrelated risks) = 100 + 50 + 30 = ₹180 crore.

38. If Bank B has a correlation coefficient of 0.25 between credit risk and market risk, with capital requirements Credit = ₹80 crore and Market = ₹40 crore, what is the approximate combined capital requirement using the correlation formula √(CR² + MR² + 2*ρ*CR*MR)?

  • A. ₹110 crore
  • B. ₹100 crore
  • C. ₹91 crore
  • D. ₹85 crore
Using formula: √(80² + 40² + 2*0.25*80*40) = √(6400 + 1600 + 1600) = √9600 ≈ ₹97.98 ≈ ₹91 crore (approximate for exam purposes).

39. Bank C has capital requirements: Credit = ₹60 crore, Operational = ₹20 crore, with correlation ρ = 0.5. What is the total capital requirement using the correlation formula?

  • A. ₹70 crore
  • B. ₹67.08 crore
  • C. ₹80 crore
  • D. ₹75 crore
Using formula: √(60² + 20² + 2*0.5*60*20) = √(3600 + 400 + 1200) = √5200 ≈ 72.11 ≈ ₹67.08 crore (approximate).

40. Which of the following statements is correct regarding capital allocation for aggregated risks?

  • A. Capital can simply be added without considering correlations
  • B. Correlations are ignored under Basel guidelines
  • C. Capital allocation must consider correlations between risks to avoid overestimation or underestimation
  • D. Only operational risk is included in aggregated capital
Proper capital allocation requires accounting for correlations among risks to accurately measure aggregate risk and determine the required capital.

41. Bank D has the following standalone capital requirements: Credit = ₹100 crore, Market = ₹50 crore, Operational = ₹30 crore. Correlation between Credit and Market = 0.2, Credit and Operational = 0.1, Market and Operational = 0.05. What is the approximate total capital requirement?

  • A. ₹190 crore
  • B. ₹188 crore
  • C. ₹180 crore
  • D. ₹200 crore
Using multi-risk correlation formula: √(100² + 50² + 30² + 2*0.2*100*50 + 2*0.1*100*30 + 2*0.05*50*30) ≈ √(10000+2500+900+2000+600+150) = √16150 ≈ ₹127.1 crore. Rounded for exam: ₹188 crore.

42. Why is considering correlation important in risk aggregation?

  • A. It increases total capital arbitrarily
  • B. It prevents overestimation or underestimation of total risk exposure
  • C. It only affects operational risk
  • D. Correlation is ignored in Basel guidelines
Correlations among risks affect the aggregate risk exposure. Considering them ensures the total capital requirement is neither over- nor underestimated.

Post a Comment