PRMIA ORM Certificate - 2023 Update 8020 Exam Questions

Page: 1 / 14
Total 60 questions

Want more questions? Get Premium Access.
()

Question 1

Risk Capacity for a bank is defined as the:

AAmount of risk the bank wishes to take.

BAmount of risk the regulator sets for the bank.

CAbility to withstand an extreme event and make a profit.

DAbility to suffer an extreme event with an orderly wind up with only shareholders losing money.

Answer : D

Step 1: Definition of Risk Capacity

Risk Capacity refers to the maximum level of risk a bank can absorb while still maintaining orderly operations or, in extreme cases, conducting an orderly resolution.

PRMIA and Basel III define risk capacity as a bank's ability to absorb losses in a crisis without systemic consequences.

Step 2: Why Option D Is Correct

The ultimate test of a bank's risk capacity is whether it can survive an extreme shock without harming depositors or financial markets.

Regulators ensure that a bank can be wound up in an orderly manner so that only shareholders lose money, while depositors and creditors remain protected under resolution planning frameworks.

Step 3: Why the Other Options Are Incorrect

Option A ('Amount of risk the bank wishes to take')

Incorrect because this describes Risk Appetite, not Risk Capacity.

Option B ('Amount of risk the regulator sets for the bank')

Incorrect because regulators set capital requirements, but the bank's actual risk capacity is based on its own capital structure and business model.

Option C ('Ability to withstand an extreme event and make a profit')

Incorrect because risk capacity is about survival, not profit-making during extreme events.

PRMIA Risk Reference Used:

Basel III Risk Capacity Standards -- Defines the ability to absorb losses during crises.

PRMIA Risk Governance Framework -- Describes how banks should manage risk capacity through capital buffers.

Final Conclusion:

Banks must be able to withstand an extreme event and conduct an orderly wind-up if necessary, ensuring that only shareholders bear the loss, making Option D the correct answer.

Question 2

In order for a KRI to be effective it must be:

AQuantitative and Qualitative. Consistent. Efficient & Repeatable.

BQualitative, Consistent Efficient & Repeatable.

CQuantitative, Consistent and Comparable. Efficient & Repeatable

DQuantitative, Repeatable and Efficient.

Answer : A

Definition of an Effective Key Risk Indicator (KRI)

A KRI is a metric used to identify, measure, and monitor emerging risks.

To be effective, KRIs must be both quantitative and qualitative, allowing for a comprehensive risk view.

Key Characteristics of Effective KRIs

Quantitative -- Uses numerical data for trend analysis.

Qualitative -- Incorporates expert judgment and scenario-based insights.

Consistent -- Maintains uniform definitions across reporting periods.

Efficient & Repeatable -- Must be easily measured and consistently reported.

Why Other Answers Are Incorrect

Option

Explanation

B . Qualitative, Consistent, Efficient & Repeatable.

Incorrect -- Excludes quantitative aspects, which are essential for KRIs.

C . Quantitative, Consistent, Comparable, Efficient & Repeatable.

Incorrect -- While comparison is useful, qualitative factors are missing, making this answer incomplete.

D . Quantitative, Repeatable and Efficient.

Incorrect -- Lacks qualitative insights and consistency as key factors for KRIs.

PRMIA Reference for Verification

PRMIA Risk Indicator Guidelines

Basel Committee's Principles on Risk Data and KRI

Question 3

The acronym ESG can stand for:

AEnvironmental. Strategy, and corporate Governance.

BEnvironmental. Social and corporate Governance.

CEnhanced Social Governance.

DExtra Social Governance.

Answer : B

Step 1: Definition of ESG

ESG (Environmental, Social, and Corporate Governance) refers to the three core factors used to evaluate a company's sustainability and ethical impact.

ESG is now a key part of risk management, influencing investment decisions, regulatory compliance, and corporate strategy.

Step 2: Breakdown of ESG Components

Environmental (E): Climate change, carbon emissions, resource management.

Social (S): Diversity & inclusion, labor rights, community engagement.

Governance (G): Board structure, executive pay, corporate ethics.

Step 3: Why the Other Options Are Incorrect

Option A ('Environmental, Strategy, and Corporate Governance')

Incorrect because Strategy is not part of ESG.

Option C ('Enhanced Social Governance')

Incorrect because ESG covers more than just social governance.

Option D ('Extra Social Governance')

Incorrect as it does not align with the recognized ESG definition.

PRMIA Risk Reference Used:

PRMIA ESG Risk Management Guidelines -- Defines ESG factors as Environmental, Social, and Governance.

PRI (Principles for Responsible Investment) -- Aligns ESG with financial risk management.

Question 4

For the WorldCom case, what was one of the causes of the failure?

ARisk models that did not reflect loosened underwriting standards of mortgage originators.

BThe lack of a CRO during the final IPO.

CA rapid pace of acquisitions and poor integration of acquired companies.

DUnauthorized trading in derivatives.

Answer : C

Step 1: Understanding the WorldCom Case

WorldCom was one of the largest U.S. telecom companies before its collapse in 2002 due to fraudulent accounting practices and poor risk management.

The company expanded aggressively through acquisitions but failed to integrate them properly, leading to financial mismanagement and accounting fraud.

Step 2: Why Option C is Correct

WorldCom acquired over 60 companies in a short period without proper integration.

This masked financial problems and led to $11 billion in fraudulent accounting adjustments.

PRMIA and risk management frameworks stress that poor integration after rapid acquisitions increases operational and financial risks.

Step 3: Why the Other Options Are Incorrect

Option A ('Risk models and mortgage underwriting') Incorrect because this describes the 2008 financial crisis, not WorldCom.

Option B ('Lack of a CRO during IPO') Incorrect because WorldCom was well-established before its fraud---CRO absence was not the main issue.

Option D ('Unauthorized derivatives trading') Incorrect because WorldCom's failure was due to fraudulent accounting, not derivatives.

PRMIA Risk Reference Used:

PRMIA Corporate Governance Guidelines -- Discusses risks of poor post-merger integration.

SEC Investigation on WorldCom (2002) -- Identified fraudulent accounting due to failed acquisitions.

Question 5

For the TSB case what was the cause of the outage at the heart of the case?

AA liquidity squeeze by a major hedge-fund via margin calls on trading positions resulted in the collapse of their website.

BSub-standard risk pricing and risk management left millions of people locked out of their accounts for weeks.

CA failed attempts to move customers to a new IT system left millions of people locked out of their accounts for weeks.

DTheir IT models did not work if prices were discontinuous.

Answer : C

Step 1: Understanding the TSB Case

The TSB outage in 2018 was caused by a failed IT migration from its old banking system to a new one.

The transition locked millions of customers out of their accounts for weeks, resulting in financial losses and reputational damage.

Step 2: Why Option C Is Correct

TSB attempted to move customer data to a new banking platform, but serious defects in the migration process led to service failures.

PRMIA and UK Financial Conduct Authority (FCA) reports confirmed that poor IT risk management was a key failure.

Step 3: Why the Other Options Are Incorrect

Option A ('Liquidity squeeze by hedge-fund')

Incorrect because TSB's failure was due to IT migration issues, not a liquidity crisis.

Option B ('Sub-standard risk pricing and risk management')

Incorrect because pricing models were not the cause---it was an IT system failure.

Option D ('IT models did not work if prices were discontinuous')

Incorrect as this issue is more common in high-frequency trading failures, not banking system outages.

PRMIA Risk Reference Used:

UK FCA Investigation on TSB Incident -- Confirms IT migration failure as root cause.

PRMIA IT Risk Management Framework -- Highlights risks of major IT transitions.

Final Conclusion:

The TSB outage was caused by a failed IT migration, making Option C the correct answer.

Question 6

Managing financial crime is a part of risk and compliance for many firms. Which of the following is a useful control to help reduce this risk?

AHaving the business be a cash only business and not report any transactions.

BThe requirements to trace all transactions when they are entered into spreadsheets.

CDevelopment of scenarios and red flags that are used to monitor transactions and identify suspicious customers and activities.

DLocal regulations that allow a bank to not report transactions by family members of the board.

Answer : C

Financial Crime Risk Management

Managing financial crime requires implementing controls, monitoring, and reporting systems to detect and prevent illegal activities.

Developing red flags and monitoring scenarios allows firms to detect suspicious transactions related to money laundering, fraud, and terrorist financing.

Why Answer C is Correct

PRMIA emphasizes that effective risk management requires proactive monitoring of transactions using red flags, transaction patterns, and anomaly detection systems.

This is aligned with Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulatory requirements.

Why Other Answers Are Incorrect

Option

Explanation

A . Having the business be a cash-only business and not report any transactions.

Incorrect -- Cash-only businesses with no reporting are high-risk for financial crime.

B . The requirements to trace all transactions when they are entered into spreadsheets.

Incorrect -- While transaction tracing is important, spreadsheets alone are not an effective control mechanism for financial crime.

D . Local regulations that allow a bank to not report transactions by family members of the board.

Incorrect -- This would violate AML and financial crime regulations, increasing corruption risk.

PRMIA Reference for Verification

PRMIA Financial Crime and AML Risk Guidelines

Basel Committee on Financial Crime and Money Laundering

Question 7

In Operational Resilience, which of the following is not an important measure of whether a Business Service can be considered Critical?

AWhether a disruption to the provision of the service could cause material customer detriment.

BWhether a disruption to the provision of the service could harm market integrity.

CWhether a disruption to the provision of the service could exceed risk appetite.

DWhether a disruption to the provision of the service could threaten a firm's viability.

Answer : C

Step 1: Definition of a Critical Business Service in Operational Resilience

A Critical Business Service is one whose failure could result in severe harm to customers, financial markets, or the firm's viability.

Regulators (e.g., Bank of England, Basel Committee, PRMIA) define three primary factors for identifying critical services:

Customer impact

Market integrity impact

Firm viability impact

Step 2: Why Option C Is Incorrect

Risk appetite is an internal business decision, not an external measure of criticality.

A service can be critical even if its disruption stays within risk appetite.

Criticality is based on external impacts, not just internal risk limits.

Step 3: Why the Other Options Are Correct

Option A ('Material customer detriment') Correct as customer harm defines critical services.

Option B ('Harm to market integrity') Correct as market stability is a regulatory priority.

Option D ('Threaten firm viability') Correct as critical services often determine business survival.

PRMIA Risk Reference Used:

PRMIA Operational Resilience Framework -- Defines criteria for critical business services.

Basel Committee Operational Risk Guidelines -- Highlights customer, market, and firm viability as resilience factors.

Final Conclusion:

Risk appetite is an internal benchmark, not a measure of critical service designation, making Option C the correct answer.