Free Practice Questions for PRMIA 8020 Exam

Risk Capacityrefers to themaximum level of risk a bank can absorbwhile still maintaining orderly operations or, in extreme cases, conducting anorderly resolution.

PRMIA andBasel IIIdefine risk capacity as abank’s ability to absorb losses in a crisis without systemic consequences.

Theultimate testof a bank’s risk capacity is whether it cansurvive an extreme shock without harming depositors or financial markets.

Regulators ensure that a bankcan be wound up in an orderly mannerso thatonly shareholders lose money, while depositors and creditors remain protected underresolution planning frameworks.

Option A ("Amount of risk the bank wishes to take")

Incorrect because this describesRisk Appetite, notRisk Capacity.

Option B ("Amount of risk the regulator sets for the bank")

Incorrect because regulatorsset capital requirements, but thebank's actual risk capacityis based on its own capital structure and business model.

Option C ("Ability to withstand an extreme event and make a profit")

Incorrect becauserisk capacity is about survival, not profit-making during extreme events.

Step 1: Definition of Risk CapacityStep 2: Why Option D Is CorrectStep 3: Why the Other Options Are Incorrect

Basel III Risk Capacity Standards– Defines the ability to absorb losses during crises.

PRMIA Risk Governance Framework– Describes how banks should manage risk capacity through capital buffers.

PRMIA Risk References Used:

Final Conclusion:Banks must be able towithstand an extreme event and conduct an orderly wind-up if necessary, ensuring thatonly shareholders bear the loss, makingOption D the correct answer.

Credit Risk: Risk ofloss due to borrower default.

Operational Risk: Risk ofloss due to failed internal processes, fraud, or misconduct.

Ponzi Schemes: Fraudulent investment scamsdisguise credit risk as legitimate lendingbut collapse when new funds dry up.

Rogue Trading: Traderstake unauthorized risksthat can lead tocredit defaultsor massive financial losses.

Option A ("Failure in loan approval process")→ This is anOperational Risk issue, but does not always create Credit Risk.

Option B ("Ponzi Schemes")→ Partially correct, but does not includeRogue Trading, which is also a credit risk-related operational failure.

Option C ("Rogue Trading")→ Partially correct, but does not includePonzi Schemes, which are another key example.

Step 1: Understanding Credit Risk with an Operational Risk ComponentStep 2: Why Option D is CorrectStep 3: Why the Other Options Are Incorrect

PRMIA Operational Risk Framework– Highlights fraud-based Credit Risk events.

Basel II/III Operational Risk Guidelines– Discussestrading misconduct and credit risk misrepresentation.

PRMIA Risk References Used:

Final Conclusion:BothPonzi Schemes and Rogue Tradinginvolvecredit risk failures caused by operational misconduct, makingOption D the correct answer.

Third-Party Risk Management (TPRM)

PRMIA highlights theimportance of conducting thorough due diligenceon third-party vendors and service providers.

This includes evaluatingcompliance programs, risk management frameworks, financial stability, strategic objectives, and operational history.

Key Areas of Third-Party Risk Assessment

Compliance and Risk Infrastructure→ Ensures that the provider meets regulatory and security requirements.

Financial Health→ Determines whether the provider has the financial stability to support long-term service delivery.

Business Strategy→ Helps assessalignment with the organization’s risk appetite and goals.

Operating History→ Evaluatesexperience and reliabilityin delivering services.

Why Other Answers Are Incorrect

Option

Explanation

B. An assessment of a third party should not include its compliance and risk infrastructure, financials, business strategy, and operating history.

Incorrect– Ignoring these critical factors increases the risk of working with an unreliable vendor.

C. Onsite visits are not advantageous for understanding the third party's risks and control environment.

Incorrect– Onsite visits arehighly valuableas they provide first-hand insights into operational controls. PRMIA encourages risk managers to conduct site visits.

D. A review of the pay levels of the staff supporting the service.

Incorrect– Employee salaries arenot a primary risk factorin vendor assessments. The focus should be on the vendor’s security, compliance, and operational risks.

PRMIA Third-Party Risk Management (TPRM) Guidelines– Details best practices for vendor risk assessments.

Basel Principles on Outsourcing and Third-Party Risk– Provides regulatory guidance on evaluating third-party service providers.

PRMIA References for Verification

WorldCom was one of the largest U.S. telecom companies before its collapse in 2002due tofraudulent accounting practices and poor risk management.

The companyexpanded aggressively through acquisitionsbutfailed to integrate them properly, leading tofinancial mismanagement and accounting fraud.

WorldComacquired over 60 companies in a short periodwithout proper integration.

Thismasked financial problemsand led to$11 billion in fraudulent accounting adjustments.

PRMIA and risk management frameworks stress thatpoor integration after rapid acquisitions increases operational and financial risks.

Option A ("Risk models and mortgage underwriting")→ Incorrect becausethis describes the 2008 financial crisis, not WorldCom.

Option B ("Lack of a CRO during IPO")→ Incorrect becauseWorldCom was well-established before its fraud—CRO absence was not the main issue.

Option D ("Unauthorized derivatives trading")→ Incorrect becauseWorldCom’s failure was due to fraudulent accounting, not derivatives.

Step 1: Understanding the WorldCom CaseStep 2: Why Option C is CorrectStep 3: Why the Other Options Are Incorrect

PRMIA Corporate Governance Guidelines– Discusses risks of poor post-merger integration.

SEC Investigation on WorldCom (2002)– Identified fraudulent accounting due to failed acquisitions.

PRMIA Risk References Used:

Introduction of Operational Risk in Basel Accords

Basel I (1988)→ Focusedonly on credit riskandmarket risk; operational risk wasnot yet included.

Basel II (2004)→ Introducedoperational risk as a separate category, subject tocapital requirements.

Basel III (2010)→ Strengthenedcapital and liquidity requirementsbut did not introduce operational risk.

Basel IV (2017, still evolving)→ Adjusts Basel III reforms but does not introduce operational risk as a new category.

Why Answer B is Correct

Basel II (2004) was the first to introduce operational risk as a risk requiring a capital charge.

Why Other Answers Are Incorrect

Option

Explanation

A. Basel I

Incorrect– Basel I focused oncredit risk and market risk, with no capital requirements for operational risk.

C. Basel III

Incorrect– Basel III strengthened Basel II but didnot introduce operational risk.

D. Basel IV

Incorrect– Basel IV refines Basel III but doesnot introduce operational risk as a new capital charge.

Basel II (2004) Operational Risk Framework

PRMIA Operational Risk Management Guidelines

PRMIA References for Verification

Three Lines of Defense Model

Thecompliance department functions as the second line of defense, ensuringoversight over the first line’s compliance controls.

It doesnot directly implement controlsbutmonitors and adviseson compliance risk management.

Responsibilities of the Compliance Department

Ensures regulatory compliancewith laws, policies, and industry standards.

Monitors and enforces risk management controlswithin business operations.

Provides advisory and trainingon compliance risks.

Why Answer D is Correct

Thefirst line of defense (business operations)is responsible for executing compliance controls.

Thecompliance department (second line)providesoversight and governanceto ensure compliance adherence.

Why Other Answers Are Incorrect

Option

Explanation

A. The compliance department is responsible for implementing the first line's compliance risk management controls.

Incorrect– Thefirst line (business units)implement compliance controls, while compliance oversees.

B. The compliance department is responsible for providing oversight over the auditor's implementation of compliance risk management controls.

Incorrect– Internal audit is part of thethird line of defense, not directly overseen by compliance.

C. The compliance department is responsible for providing oversight over the board's implementation of compliance risk management controls.

Incorrect– The board provideshigh-level governance; compliance ensures business adherence to regulations.

PRMIA Governance & Compliance Oversight Framework

Basel Committee’s Guidelines on Compliance Risk Management

PRMIA References for Verification

PRMIA and global financial regulators defineclimate riskas the financial, operational, and societal risks arising fromclimate change.

Climate risks impact businesses throughphysical risks(e.g., floods, wildfires) andtransition risks(e.g., regulatory changes, carbon pricing).

Option A ("Climate risk has been moved out of all risk taxonomies due to international agreement")

Incorrect becauseclimate risk is now a central part of risk taxonomies, as emphasized by PRMIA, Basel III, and TCFD.

Option B ("Climate risk refers to the growing impacts of credit risk on the business environment")

Incorrect because credit risk is justone aspectof climate risk, not the full definition.

Option C ("Climate risk refers to change in the business climate during a recession")

Incorrect becauseclimate risk is about environmental change, not economic cycles.

Step 1: Definition of Climate RiskStep 2: Why the Other Options Are Incorrect

PRMIA Climate Risk Guidelines– Defines climate risk as a financial and societal risk due to climate change.

TCFD (Task Force on Climate-Related Financial Disclosures)– Outlines regulatory expectations for climate risk management.

PRMIA Risk References Used:

Final Conclusion:Climate risk involvesphysical and transition risks from climate change, makingOption D the correct answer.

The Business Indicator (BI) is a financial-statement-based metricused inBasel III's Standardized Approach for Operational Risk.

It replacesprevious approachesby usingfinancial figures (e.g., revenue, fees, interest income)to estimate operational risk exposure.

The BI uses financial-statementdatato calculateoperational risk capital requirements.

It acts as aproxy for a bank’s operational risk exposureby linking operational risk to itsfinancial size and complexity.

Option A ("Proxy for near-miss events")→ Incorrect because BI is based onfinancial data, not near-miss risk events.

Option B ("Non-financial-statement-based proxy")→ Incorrect becauseBI is explicitly derived from financial statements.

Option C ("Scaling factor based on historical losses")→ Incorrect becauseBI does not use historical losses directly—it relies on financial-statement inputs.

Step 1: Definition of the Business Indicator (BI) in Basel IIIStep 2: Why Option D Is CorrectStep 3: Why the Other Options Are Incorrect

Basel III Operational Risk Framework– Defines the Business Indicator as a financial-statement-based metric.

PRMIA Operational Risk Guidelines– Explains the BI’s role in capital calculations.

PRMIA Risk References Used: