Mahruf's Helpline for The Banking Professional Examination 1

https://www.facebook.com/groups/1548697449234982

The Institute of Bankers, Bangladesh (IBB)

97th Banking Professional Examination, 2023
AIBB
Risk Management in Financial Institutions (RMFI)
Subject Code: 2 0 1
Time-3 hours
Full Marks-100
Pass marks-45
[N.B. The figures in the right margin indicate full marks. Answer any Five Questions.]
1. (a) What do you understand by risk management? 5
(b) What is the relationship between risk and returns? 5
(c) Discuss how important the risk culture is for effective bank management. 10

2. (a) What is risk likelihood? Why identification of risk likelihood is important in 6

risk management?
(b) What are the consequences of inconsistent and unreliable risk assessment 6
process within the organization?
(c) Explain the effective role of banks in risk mitigation. 8

3. (a) Explain the significance of sound risk management system for financial 6
institutions.
(b) What are the essential criteria for sound risk management of a financial 6
institution?
(c) How does the active participation of the board of directors and senior 8
management contribute effectively to the sound risk management of financial
institution? Explain.

4. (a) What are the requisites for an effective internal control system? 4
(b) Briefly describe the responsibilities of Audit Committee and Internal Auditors. 8
(c) What are the challenges banks face in managing operational risks? 8

5. (a) What is stress test? Why it is important in ensuring the financial stability in the 6
banking sector?
(b) Briefly describe the shocking events involved in stress test for credit risk 6
assessment?
(c) Discuss enterprise risk management on the basis of 7Rs and 4Ts. 8

6. (a) Why CTR and STR is important in controlling money laundering risk? 6
(b) What is E-KYC? How can it be used for mitigating credit risk? 6
(c) Discuss the initiatives of your organization to prevent money laundering. 8

7. (a) Explain the importance of credit risk management. 5

(b) Mention the 10 important indicators of high credit risk. 5
(c) Briefly describe the five different indicators of poor credit risk management 10
with examples.
8. (a) How does Basel-III differ from Basel-II? Explain. 6
(b) What does it mean by market discipline under Basel framework? Explain its 7
purpose.
(c) What are the liquidity standard/ratio suggested by Basel-III? Explain. 7
 Mahruf's Helpline for The Banking Professional Examination 2
https://www.facebook.com/groups/1548697449234982

9. (a) What is cyber risk? In current context why it is important for a financial 7
institution to manage this risk? Explain.
(b) Discuss the foreign exchange risk management of your bank. 7
(c) Discuss the role of Internal Audit Department in risk management. 6

10. Write short notes (any five) 4×5= 20

(a) Inherent Risk
(b) Market Risk
(c) Chief Risk Officer (CRO)
(d) Risk Rating
(e) Capital Adequacy Ratio
(f) Environmental and Social Risk Management
(g) Risk Based Supervision
(h) Board Risk management Committee

Comprehensive Books for preparing

The Banking Professional Examination (JAIBB & AIBB)
Written and AIBB Credit Operations and Management
Compiled by Published by Risk Management in Financial Institutions
Trade Finance and Foreign Exchange
S. M. Mahruf Billah Mullick Brothers Treasury Management in Financial Institutions
Joint Director
Bangladesh Bank JAIBB Monetary and Financial System
Collect your Copy from: www.rokomari.com
Or
Mullick Brothers Book Shop located at Banglabazar, New Market & Nilkhet, Dhaka
 Mahruf's Helpline for The Banking Professional Examination 3
https://www.facebook.com/groups/1548697449234982

1. (a) What do you understand by risk management? 5

Risk management is the systematic process of identifying, assessing, and mitigating threats or
uncertainties that can affect an organization. It involves analyzing risks’ likelihood and impact,
developing strategies to minimize harm, and monitoring measures’ effectiveness.
A successful risk management program helps an organization consider the full range of risks it faces.
Risk management also examines the relationship between different types of business risks and the
cascading impact they could have on an organization's strategic goals.
1. (b) What is the relationship between risk and returns? 5
The relationship between risk and return is a foundational concept in finance and investment that
underscores much of the decision-making in these fields. The Basic principle between risk and
return is relatively straightforward: the higher the risk, the higher the potential return. Conversely,
lower risk typically means lower potential returns.
Understanding one’s risk tolerance—the level of uncertainty in investment returns that an investor
is willing to withstand—is crucial in building a portfolio that aligns with one’s financial goals and
comfort level. One of the critical strategies investors use to manage the relationship between risk
and return is diversification.
1. (c) Discuss how important the risk culture is for effective bank management. 10
Risk Culture can be defined as the set of values, beliefs, information, and attitude possessed by the
people who work together. It shapes management’s and employees’ day-to-day decisions and has
an impact on the risks they take. Importance of the risk culture for effective bank management is as
follows:
 Encourages discussion regarding the opportunities and risks in financial institutions.
 Allows the employees to raise concerns and brainstorm about possible solutions.
 Makes sure that risks are mitigated on time and do not result in loss.
 Extensive use of early warning systems.
 Extensive use of data and analytics to support risk and compliance functions.
 Contribute towards effective Applied Financial Risk Management.
 Helps create an effective Risk Management Framework (RMF).
 Results in a free flow of information throughout the financial institution.
 Develops accountability in team members as they adhere to the policies and fulfill the duties
assigned to them.
Weaknesses in risk culture may signal problems in the future, such as financial losses or
misconduct. Conversely, a bank’s strong financial position could be misleading if there is an
underlying problem with culture and conduct. Therefore, even in periods of solid financial health,
strong risk culture can be essential in preventing future losses which could damage the reputation
of a bank.
 Mahruf's Helpline for The Banking Professional Examination 4
https://www.facebook.com/groups/1548697449234982

2. (a) What is risk likelihood? Why identification of risk likelihood is important in risk 6
management?
Risk Likelihood is a qualitative assessment that explains how likely a risk will occur. Qualitative
assessments are based on opinions; it is difficult to put an exact number on the assessment. Risk
Likelihood means the possibility of a potential risk occurring, interpreted using qualitative values
such as low, medium, or high.
Identification of risk likelihood is important because not assessing Risk Likelihood correctly can
have severe consequences. If you underestimate the Likelihood of an event, you may not take the
necessary precautions to avoid it. This can lead to costly accidents or even loss of life. On the other
hand, if you overestimate the Likelihood of an event, you may take unnecessary precautions that
waste time and money.
2. (b) What are the consequences of inconsistent and unreliable risk assessment 6
process within the organization?
Inconsistent and unreliable risk assessments can cause an institution to make poor decisions by
providing inaccurate information.
This happens when:
 Risk assessment processes aren't consistent across the organization, leading to varying
definitions of risk in each department and more potential risk exposure.
 Employees fail to identify potential risks because they are afraid it will reflect negatively on
their performance.
 Employees don’t know what the parameters are.
 There is no ongoing process or reliable checkup to ensure that risk controls are valid
throughout the risk lifecycle.
2. (c) Explain the effective role of banks in risk mitigation. 8
a) Banks mitigate risks by having a clear, formalized risk management plan, which:
i. Reveals key dependencies and control effectiveness
ii. Improves performance
iii. Brings additional visibility
iv. Simplifies identification of systemic issues that affect the bank.
b) Establish robust mechanisms for mitigating all risk types. This includes:
i. Credit scoring
ii. Meticulous underwriting
iii. Data access controls
iv. Fraud detection tools
v. Standard Operating Procedures for risk reporting; and
vi. Automate core operations and surveillance for better security.
c) Develop separate modules for managing different types of risk and apply them organization-
wide.
d) A crucial part of risk mitigation is training employees to identify and report risks and
implement preset risk management practices.
 Mahruf's Helpline for The Banking Professional Examination 5
https://www.facebook.com/groups/1548697449234982

3. (a) Explain the significance of sound risk management system for financial 6
institutions.
Sound risk management system protects the safety and soundness of financial institutions in
several key ways:
 Enables institutions to identify and prepare for adverse events
 Reduces potential losses from market volatility or credit defaults
 Ensures adequate liquidity to meet short term obligations
 Maintains positive reputation and investor/customer confidence
By actively managing various risk exposures, financial institutions can operate resiliently and
continue serving their customers and communities during periods of stress.
3. (b) What are the essential criteria for sound risk management of a financial 6
institution?
For ensuring successful risk management across the organization, the following features should, at
least, be present in the bank:-
a) Submission of consolidated report to the Board and senior management team incorporating
different types of risks, risk mitigation measures, comparison of risk levels with limits, the
level of capital required for absorbing large losses, and suggestions for restoring capital.
b) Consistency between the risks taken by the management and the risks perceived by the
Board;
c) Active, firm-wide risk management approach that includes all business lines;
d) Developing in-house expertise relying on various sources/factors including market data,
credit ratings, published analyses, etc.;
e) Alignment of treasury functions with risk management;
f) Active management of contingent liabilities;
g) Using both firm-specific and market-wide stress scenarios for liquidity management;
h) Efficient and effective management of asset and liability;
i) Taking the stress testing result into consideration to understand the impact of adverse
scenario on the bank’s profitability or capital;
j) Independent risk management function with sufficient authority, logistic support and
continuous communication with business lines;
k) Experienced and expert personnel for performing risk management activities;
l) Giving importance to the risk management officials’ opinion.
3. (c) How does the active participation of the board of directors and senior 8
management contribute effectively to the sound risk management of financial
institution? Explain.
The active participation of board:
(a) establish a risk management culture and ensure that the bank has adequate processes for
understanding the nature and scope of the operational risk inherent in the bank’s current
and planned strategies and activities;
 Mahruf's Helpline for The Banking Professional Examination 6
https://www.facebook.com/groups/1548697449234982

(b) ensure that the operational risk management processes are subject to comprehensive and
dynamic oversight and are fully integrated into, or coordinated with, the overall framework
for managing all risks across the enterprise;
(c) provide senior management with clear guidance regarding the principles underlying the
ORMF, and approve the corresponding policies developed by senior management to align
with these principles;
(d) regularly review and evaluate the effectiveness of, and approve the ORMF to ensure the
bank has identified and is managing the operational risk arising from external market
changes and other environmental factors, as well as those operational risks associated with
new products, activities, processes or systems, including changes in risk profiles and
priorities (eg changing business volumes);
(e) ensure that the bank’s ORMF is subject to effective independent review by a third line of
defense (audit or other appropriately trained independent third parties from external
sources); and
(f) ensure that, as best practice evolves, management is availing themselves of these advances.
The active participation of senior management:
(a) ensure that robust challenge mechanisms and effective issue resolution processes have
been established and maintained. These should include systems to report, track and, when
necessary, escalate issues to ensure resolution.
(b) ensure that the Operational Risk Management Function (ORMF) approved by the board of
directors is translated into specific policies and procedures that can be implemented and
verified within the different business units. Senior management should clearly assign
authority, responsibility and reporting relationships to encourage and maintain
accountability, and to ensure the necessary resources are available to manage operational
risk in line with the bank’s risk appetite and tolerance statement. Moreover, senior
management should ensure that the management oversight process is appropriate for the
risks inherent in a business unit’s activity.
(c) ensure that staff responsible for managing operational risk coordinate and communicate
effectively with staff responsible for managing credit, market, and other risks, as well as
with those in the bank who are responsible for the procurement of external services such as
insurance risk transfer and other third-party arrangements (including outsourcing). Failure
to do so could result in significant gaps or overlaps in a bank’s overall risk management
program.
(d) ensure that bank activities are conducted by staff with the necessary experience, technical
capabilities and access to resources. Staff responsible for monitoring and enforcing
compliance with the institution’s risk policy should have authority independent from the
units they oversee.
(e) ensure that a bank’s governance structure commensurate with the nature, size, complexity
and risk profile of its activities. When designing the operational risk governance structure, a
bank should take the following into consideration:
i. Committee structure
 Mahruf's Helpline for The Banking Professional Examination 7
https://www.facebook.com/groups/1548697449234982

ii. Committee composition

iii. Committee operation

4. (a) What are the requisites for an effective internal control system? 4
Internal control system is a process, effected by an entity’s board of directors, management, and
other personnel, designed to provide reasonable assurance regarding the achievement of
objectives. The framework consists of five components that together create an effective and
integrated enterprise controls system.
(a) Control Environment
(b) Risk Assessment
(c) Control Activities
(d) Information and Communication
(e) Monitoring Activities
4. (b) Briefly describe the responsibilities of Audit Committee and Internal Auditors. 8
The board will approve the objectives, strategies and overall business plans of the bank and the
audit committee will assist the board in fulfilling its oversight responsibilities. The committee will
review the financial reporting process, the system of internal control and management of financial
risks, the audit process, and the bank's process for monitoring compliance with laws and
regulations and its own code of business conduct.
Roles and Responsibilities of the Audit Committee:
(i) Internal Control:
1) Evaluate whether management is setting the appropriate compliance culture by
communicating the importance of internal control and the management of risk and ensuring
that all employees have clear understanding of their roles and responsibilities;
 Mahruf's Helpline for The Banking Professional Examination 8
https://www.facebook.com/groups/1548697449234982

2) Review management’s actions in building computerization of the bank and its applications
and bank's Management Information System (MIS);
3) Consider whether internal control strategies recommended by internal and external
auditors have been implemented by the management;
4) Consider reports relating to fraud, forgery, deficiencies in internal control or other similar
issues detected by internal and external auditors and inspectors of the regulatory authority
and place it before the board after reviewing whether necessary corrective measures have
been taken by the management.
(ii) Financial Reporting:
1) Audit committee will check whether the financial statements reflect the complete and
concrete information and determine whether the statements are prepared according to
existing rules & regulations and standards enforced in the country and as per relevant
prescribed accounting standards set by Bangladesh Bank;
2) Discuss with management and the external auditors to review the financial statements
before its finalization.
(iii) Internal Audit:
1) Audit committee will monitor whether internal audit working independently from the
management.
2) Review the activities of the internal audit and the organizational structure and ensure that
no unjustified restriction or limitation hinders the internal audit process;
3) Examine the efficiency and effectiveness of internal audit function;
4) Examine whether the findings and recommendations made by the internal auditors are duly
considered by the management or not.
(iv) External Audit
1) Review the performance of the external auditors and their audit reports;
2) Examine whether the findings and recommendations made by the external auditors are duly
considered by the management or not.
3) Make recommendations to the board regarding the appointment of the external auditors.
(v) Compliance with existing laws and Regulations:
Review whether the laws and regulations framed by the regulatory authorities (central bank and
other bodies) and internal regulations approved by the board are being complied with.
(vi) Other Responsibilities:
1) Submit compliance report to the board on quarterly basis on regularization of the omission,
fraud and forgeries and other irregularities detected by the internal and external auditors
and inspectors of regulatory authorities;
2) External and internal auditors will submit their related assessment report, if the committee
solicits;
3) Perform other oversight functions as desired by the Board of Directors and evaluate the
committee's own performance on a regular basis.
 Mahruf's Helpline for The Banking Professional Examination 9
https://www.facebook.com/groups/1548697449234982

Responsibilities of Internal Auditors:

Ensuring the success of an organization and bridging the gap between the board of directors and
the corporate management team is a key performance indicator of Internal Auditors. Below are
some of their specific responsibilities and duties:
1) Evaluating risk management activities within the organization.
2) Determining the organization’s compliance with relevant laws and regulations.
3) Evaluating and making recommendations that can assist in improving internal control.
4) Investigating fraud via a fraud risk assessment that uses fraud deterrence principles.
5) Offering an objective source of independent advice to help reach the goal and achieve
legality and validity.
6) Performing audit assignments assigned to them
7) Learning and studying the organization’s policy and guidelines.
8) Identifying audit scope and developing annual plans within the organization.
9) Gathering, analyzing, evaluating, and presenting accounting documentation, reports, data,
and flowcharts.
10) Following up the audits to monitor the managements’ intervention.
11) Promoting ethics and identifying improper conduct within the company.

4. (c) What are the challenges banks face in managing operational risks? 8
Common Challenges of banks in managing operational risk: Operational risk is one of the most
crucial business risks that organizations must quantify and manage. That said, many companies face
common challenges that prevent them from harnessing the benefits of ORM.
a) Aligning ORM Strategy with the Overall ERM Strategy
The ORM strategy must fit into the larger ERM strategy to assure that the organization
effectively manages all kinds of risks. Moreover, the ERM strategy should serve as an
overarching guideline when setting up the ORM strategy and structure. Many organizations
struggle with maintaining consistency in this relationship.
b) Failure to Detect New Risks
Most operational risk management programs detect existing or known risks. More challenging,
however, is discovering and acting upon new or emerging risks that may arise from:
 Adoption of new technology
 Entry into a new market or area of business
 Introduction of new products
 An evolving competitive or regulatory environment
It’s essential to implement technology-based tools that can identify, measure, and mitigate all
kinds of existing and emerging risks.
c) Continued Use of Legacy Technologies and Applications
 Many banks rely on inflexible, legacy technology and applications for specific business
areas.
 Legacy tools limit bank’s agility, preventing them from adapting to changes in the
market and the market risk environment. They also create data silos causing
 Mahruf's Helpline for The Banking Professional Examination 10
https://www.facebook.com/groups/1548697449234982

unnecessary efforts and data duplication. As a result, it is harder to identify, control, and
mitigate operational risks.
 Replacing these applications with new technology can help strengthen the ORM
program. If complete replacements are not possible, a feasible solution is to combine re-
engineering with partial replacement, based on the criticality of these applications, as
well as technology availability and business strategy.
d) Lack of Resources and Poor Communication
 ORM requires proficient and knowledgeable risk experts. Not all organizations have
these resources in place to establish, run, and maintain their ORM programs. Poor
communication about risks and a lack of common “ORM language” are also challenges.
 It’s critical to invest in the right resources – both human and technological – to assure
ORM success. It’s also vital to educate everyone in every business unit about the
importance of ORM and the possible consequences of operational disruptions and
failures. Senior management must understand ORM objectives and strategies to assure
that the program is adequately resourced, runs well, and achieves its stated objectives.
e) Other ORM Challenges
 ORM program should provide an accurate picture of your risk profile. However, a lack of
consistent methodologies to assess and measure operational risk can prevent the
program from doing so. Further, when ORM is a function that simply reacts to
regulations and compliance, it can become disjointed, manual, and ineffective.
 To avoid such issues, establish policies and frameworks that align with regulatory
requirements along with your company’s practices and growth strategies. Leverage
technology and automation to accommodate a variety of risk information, enable your
ORM framework, and ensure efficient operational risk control.
5. (a) What is stress test? Why it is important in ensuring the financial stability in the 6
banking sector?
Stress testing is a computer simulation technique used to test the resilience of institutions and
investment portfolios against possible future financial situations. Such testing is customarily used
by the financial industry to help gauge investment risk and the adequacy of assets and help
evaluate internal processes and controls. In recent years, regulators have also required financial
institutions to carry out stress tests to ensure their capital holdings and other assets are adequate.
The importance of Stress Testing in ensuring the financial stability in the banking sector:
 Bank stress tests were introduced globally after the Global Financial Crisis of 2008. It exposed
the holes and weaknesses in banking systems worldwide. The crisis wiped out large banks in
several countries and left financial institutions across the globe in financial distress.
 Post-2008, regulators worldwide realized that large banks in any country were critical for the
smooth functioning of that economy. The institutions were deemed as “too big to fail,” as they
had the potential to cause widespread economic harm if they failed.
 International financial authorities required all banks of a certain size to undergo periodical
stress testing and publish the results. Banks that failed stress tests were required to build up
their capital reserves.
 Mahruf's Helpline for The Banking Professional Examination 11
https://www.facebook.com/groups/1548697449234982

 A key benefit of stress testing is the improvement in risk management. Bank stress tests
essentially add another layer of regulation, which forces financial institutions to improve risk
management frameworks and internal business policies. It obliges banks to think about adverse
economic environments before making decisions.
 Moreover, since all banks over a certain size are required to conduct periodical stress testing
and publish the results, market participants have much better access to information regarding
the financial position of major banks. This increases transparency in the banking system.
5. (b) Briefly describe the shocking events involved in stress test for credit risk 6
assessment?
The stress test for credit risk assesses the impact of increase in the level of non‐performing loans of
the bank/FI. This involves six types of shocks:
 The first deals with the increase in the NPLs and the respective provisioning. The three scenarios
shall explain the impact of 1%, 2% and 3% of the total performing loans directly downgraded to
bad/loss category having 100% provisioning requirement.
 The second deals with the negative shift in the NPLs categories and hence the increase in
respective provisioning. The three scenarios shall explain the impact of 50%, 80% and 100%
downward shift in the NPLs categories. For example, for the first level of shock 50% of the SMA
shall be categorized under substandard, 50% of the substandard shall be categorized under
doubtful and 50% of the doubtful shall be added to the bad/loss category.
 The third deals with the fall in the forced sale value (FSV) of mortgaged collateral. The forced
sale values of the collateral shall be given shocks of 10%, 20% and 40% decline in the forced sale
value of mortgaged collateral for all the three scenarios respectively.
 The fourth deals with the increase of the NPLs in particular 1 or 2 sector i.e. garments & Textiles
and the respective provisioning. The three scenarios shall explain the impact of 5%, 7.5% and
10% performing loans of particular 1 or 2 sectors directly downgraded to bad/loss category
having 100% provisioning requirement.
 The fifth deals with the increase of the NPLs due to default of Top 10 large borrowers and the
respective provisioning. The three scenarios shall explain the impact of 5%, 7.5% and 10%
performing loans of Top 10 large borrowers directly downgraded to bad/loss category having
100% provisioning requirement.
 The sixth deals with extreme events in which due to increase in the certain percentage of NPLs,
the whole capital position of a bank will be wiped out to offset the increased amount of
provision due to cover respective loan losses. The forced sale value of the collaterals and tax‐
adjusted impact of the additional required provision (if any) will be calibrated in the CAR for the
each scenario under all categories.

5. (c) Discuss enterprise risk management on the basis of 7Rs and 4Ts. 8
Enterprise risk management (ERM) is the process of planning, organizing, directing and controlling
the activities of an organization to minimize the harmful effects of risk on its capital and earnings.
Enterprise risk management can include financial, strategic and operational risks as well as risks
associated with accidental losses.
 Mahruf's Helpline for The Banking Professional Examination 12
https://www.facebook.com/groups/1548697449234982

The risk management process can be presented as a list of co-ordinated activities. There are
alternative descriptions of this process, but the components listed below are usually present. This
list represents the 7Rs and 4Ts of (hazard) risk management:
1) recognition or identification of risks
2) ranking or evaluation of risks
3) responding to significant risks
i. tolerate
ii. treat
iii. transfer
iv. terminate
4) resourcing controls
5) reaction planning
6) reporting and monitoring risk performance
7) reviewing the risk management framework
Recognition and ranking of risks together form the risk assessment activity. The scopes of risk
responses available for hazard risks includes the options of tolerate, treat, transfer or terminate
the risk or the activity that gives rise to the risk. For many risks, these responses may be applied in
combination. For opportunity risks, the range of available options includes exploiting the risk.
Reaction planning includes business continuity planning and disaster recovery planning.
Responding to significant risks:
(a) Tolerate
Sometimes it’s okay to do nothing. The likelihood and impact of the risk is low. You may
decide to simply retain the risk because it is acceptable without further actions. Log and
monitor the risk because retaining a risk should always be an informed decision. You should
not find that your organization has retained a risk by default.
(b) Terminate
Sometimes a risk is so far outside your risk appetite. Or is assessed as having such a severe
impact on your business that you have stop (i.e. terminate) the activity causing it. For
example, you may decide not to start or continue a business activity in a particular country.
Or withdraw a product or service from market that gives rise to unacceptable risk.
(c) Treat
You will almost certainly decide to take action on the most severe risks. You may act to
reduce the likelihood of the risk occurring or the severity of the consequences if it does. For
example, install a firewall to reduce the likelihood of an external intrusion to your IT
systems. And implement network segregation if an intruder does gain access.
(d) Transfer
Insurance isn’t available for everything. Sometimes while it’s possible to transfer the activity
to a third party, you still retain the liability if things go wrong. In the case of the payment
card industry data security standards (PCI DSS), a third party arrangement outsources
merely the function, not the responsibility or liability for PCI compliance.
 Mahruf's Helpline for The Banking Professional Examination 13
https://www.facebook.com/groups/1548697449234982

6. (a) Why CTR and STR are important in controlling money laundering risk? 6
Currency transaction report (CTR): A currency transaction report (CTR) is a report made by financial
institutions aiming to prevent money laundering. Currency Transaction Reports (CTRs) play a crucial
role in the fight against money laundering and other illicit financial activities. By requiring financial
institutions to report cash transactions above a certain threshold, CTRs help authorities monitor and
detect suspicious activities that may indicate money laundering attempts. Here's why CTRs are
important:
(a) Detection of Unusual Transaction Patterns: CTRs allow regulatory authorities to identify
individuals or entities engaging in repetitive or unusual cash transactions. These patterns
can indicate attempts to circumvent reporting requirements, disguise the true source of
funds, or facilitate illicit activities.
(b) Identification of High-Risk Customers: By analyzing CTR data, regulatory authorities can
identify customers or businesses with a high volume of cash transactions. This information
helps in assessing the potential risks associated with these customers and initiating further
investigations if necessary.
(c) Support for Investigations: CTRs provide a valuable source of information for law
enforcement agencies and financial intelligence units. The data contained in these reports
can be cross-referenced with other intelligence sources to uncover money laundering
networks, trace illicit funds, and support criminal investigations.
(d) Deterrence and Prevention: The existence of CTR requirements acts as a deterrent to
criminals engaging in large cash transactions. The knowledge that their activities may be
reported and scrutinized reduces the attractiveness of cash-based money laundering
schemes.
Suspicious transaction report (STR): A suspicious transaction report (STR) is generally considered an
interchangeable term with suspicious activity report (SAR), as both terms refer to the mandatory
form that financial institutions must file with the regulatory authority whenever there is a suspected
case of money laundering or fraud.
 It is actually a formatted report of suspicious transactions/activities where there is
reasonable grounds to believe that funds are the proceeds of predicate offence or may be
linked to terrorist activity or the transactions are not seems to be usual manner.
 The importance of suspicious transaction reporting cannot be overstated. It enables
financial institutions to play an active role in combating financial crime, protecting both
themselves and the wider economy. By monitoring and reporting suspicious transactions,
financial institutions contribute to the detection and prevention of illicit activities.
6. (b) What is E-KYC? How can it be used for mitigating credit risk? 6

E-KYC is a combination of paperless customer onboarding, promptly identifying and verifying

customer identity, maintaining KYC profile in a digital form and determining customer risk grading
through digital means. It is a faster process of doing KYC of customer verifying his/her identity
document or bio-metric data.
 Mahruf's Helpline for The Banking Professional Examination 14
https://www.facebook.com/groups/1548697449234982

How can it be used for mitigating credit risk: By leveraging analytics and machine learning, E-KYC
solutions are able to analyze enormous volumes of customer data in order trends, abnormalities,
and possible fraud cases. Real-time monitoring and alerting capabilities enable proactive
intervention to mitigate risks and safeguard against financial losses. Additionally, e-KYC can save
institutional cost as well as foster growth of customer base compare to the traditional growth.
7. (a) Explain the importance of credit risk management. 5
Within the banking sector, credit risk management encompasses a range of processes aimed at
ensuring the stability and profitability of lending operations. These processes include credit
analysis, credit scoring, credit portfolio management, and risk mitigation strategies. By
implementing robust credit risk management practices, banks can effectively evaluate borrower
creditworthiness, make informed lending decisions, and proactively manage potential defaults.
Importance of Credit Risk Management: Credit risk management holds significant importance for
financial institutions due to the following reasons:
(a) Preservation of Capital: Effective credit risk management ensures the preservation of
capital by reducing the likelihood of loan defaults. By identifying and managing credit risks,
banks can protect their balance sheets and maintain the stability of their operations.
(b) Regulatory Compliance: Regulatory authorities mandate banks to have robust credit risk
management frameworks in place. Compliance with these regulations not only ensures the
institutions soundness but also enhances its reputation and credibility in the market.
(c) Enhanced Profitability: Well-executed credit risk management enables banks to make
informed lending decisions, leading to higher profitability. By accurately assessing
creditworthiness, banks can optimize interest rates, pricing structures, and loan terms, thus
improving their overall returns.
7. (b) Mention the 10 important indicators of high credit risk. 5
Indicators of high credit risk (not an exhaustive list)
 The level of loans is high relative to total assets and equity capital.
 Loan growth rates significantly exceed national trends and the trends of similar banks.
 Growth was not planned or exceeds planned levels, and stretches management and staff
expertise.
 The bank is highly dependent on interest and fees from loans and advances.
 Loan yields are high and reflect an imbalance between risk and return.
 The bank has one or more large concentrations. Concentrations have exceeded internal
limits.
 Existing and/or new extensions of credit reflect liberal judgment and risk-selection
standards.
 Practices have resulted in a large number of exceptions to the credit policy.
 The bank has a large volume and/or number of classified loans.
 Even among standard and special mention account loans, the portfolios are skewed toward
lower internal ratings.
 Classified loans are skewed toward the less favorable categories (doubtful and bad/loss).
 Mahruf's Helpline for The Banking Professional Examination 15
https://www.facebook.com/groups/1548697449234982

 Collateral requirements are liberal, or if conservative, there are substantial deviations from
requirements.
 Collateral valuations are not always obtained, frequently unsupported, and/or reflect
inadequate protection.
 Loan documentation exceptions are frequent, and exceptions are outstanding for long
periods of time.
 The bank liberally reschedules and/or restructures loans in a manner that raises substantial
concern about the accuracy or transparency of reported problem loan numbers.
 Quarterly loan losses, as a percentage of the total loan portfolio, are high and/or routinely
exceed established provisions.
7. (c) Briefly describe the five different indicators of poor credit risk management with 10
examples.
We will explore some of the most significant KRIs that Financial Institutions must consider while
managing credit risk. We will delve into the increase in Non-Performing Loans (NPLs), high loan
concentration, poor risk rating assessment, increase in the provision for credit losses, and other
critical risk indicators and how they impact credit risk management.
1) Increase in Non-Performing Loans (NPLs): NPLs are loans that are either in default or are
about to default. An increase in NPLs may indicate ineffective credit risk management.
2) High Loan Concentration: High loan concentration within a specific group or individual
borrower may increase the level of credit risk exposure for the financial institution.
3) Poor Risk Rating Assessment: Ineffective credit risk management may lead to low credit
ratings that could cause financial institutions potential losses resulting in lower earning
assets.
4) Increase in Provision for Credit Losses: Provision for credit losses is a count of net income
allocated to cover faulty loans in the financial institutions' books.
5) High Credit Exposure to Single Counterparty: High exposure to a single borrower, industry,
or financial instrument may increase credit risk exposure.
6) Acceptance of Poor Collateral: Inadequate collateral could lead to a significant loss.
7) Change in Interest Rates: Changes in interest rates can significantly affect loan repayments,
especially if borrowers are highly leveraged.
8) Increase in Loan Delays: Delays in loan processing or approval may indicate poor credit risk
management.
9) High Loan-To-Deposit Ratio: High loan-to-deposit ratios can indicate that the institution is
overly dependent on loans for its revenues.
10) High Concentration in a Specific Industry or Sector: High concentration in a specific industry
or sector can increase the risk of default if that industry or sector experiences economic
downturns.
 Mahruf's Helpline for The Banking Professional Examination 16
https://www.facebook.com/groups/1548697449234982

8. (a) How does Basel-III differ from Basel-II? Explain. 6

Key features Basel-II Basel-III

Introduction 2004 Gradual introduction starting from 2010
Focus Enhancing Risk Strengthening financial stability and resilience
Management
Pillars Minimum Capital Enhanced Minimum Capital & Liquidity
Requirements Requirements
Supervisory Review Enhanced Supervisory Review Process for
Process Firm-wide Risk Management and Capital
Planning
Disclosure & Market Enhanced Risk Disclosure & Market Discipline
Discipline
Risk-Weighted Introduced the Concept Further developed Risk-Weighted Assets
Assets approach
Operational Risk Recognized as a distinct Continued recognition with refinement in
risk category calculating capital for Operational Risk
Supervisory Emphasis on supervisory Focus extended to overall Bank Resilience and
review Oversight Risk Management
Market Encouraged Maintained transparency focus but introduced
Discipline transparency additional measures for Capital Buffers and
Liquidity.
Capital Buffers Not Present Introduced multiple Capital Buffers including
Capital Conservation Buffer, Countercyclical
Buffer, SIB
Liquidity Not explicitly addressed Introduced Liquidity Standards like the
Standards Liquidity Coverage Ratio (LCR) and Net Stable
Funding Ratio (NSFR)
Leverage Ratio Not explicitly Addressed Introduced a Leverage Ratio to prevent
excessive borrowing
8. (b) What does it mean by market discipline under Basel framework? Explain its 7
purpose.
 The third pillar of Basel Framework (Market Discipline) requires the bank activities to be
transparent to the general people.
 It aims to ensure market discipline by making it mandatory to disclose relevant market
information.
 For this, the bank is supposed to release relevant financial data (financial statements etc.) in a
timely fashion to the people, for example, through its website.
 It is intended to foster greater transparency into the soundness of a bank's business practices
and allow investors and others to compare banks on equal footing.
 This might enable depositors to better evaluate bank condition (i.e. bank probability of failure)
and diversify their portfolio accordingly.
 Mahruf's Helpline for The Banking Professional Examination 17
https://www.facebook.com/groups/1548697449234982

8. (c) What are the liquidity standard/ratio suggested by Basel-III? Explain. 7

The Basel Committee has developed two standards that have separate but complementary
objectives to use in liquidity risk supervision.
The first objective is to promote the short-term resilience of the liquidity risk profile of banks by
ensuring that they have sufficient high-quality liquid assets to survive a significant stress scenario
lasting 30 calendar days. The Committee developed the Liquidity Coverage Ratio to achieve this
objective.
𝑳𝑪𝑹 =
𝑺𝒕𝒐𝒄𝒌 𝒐𝒇 𝑯𝒊𝒈𝒉 𝑸𝒖𝒂𝒍𝒊𝒕𝒚 𝑳𝒊𝒒𝒖𝒊𝒅 𝑨𝒔𝒔𝒆𝒕𝒔
≥ 𝟏𝟎𝟎%
𝑻𝒐𝒕𝒂𝒍 𝒏𝒆𝒕 𝒄𝒂𝒔𝒉 𝒐𝒖𝒕𝒇𝒍𝒐𝒘𝒔 𝒐𝒗𝒆𝒓 𝒕𝒉𝒆 𝒏𝒆𝒙𝒕 𝟑𝟎 𝒄𝒂𝒍𝒆𝒏𝒅𝒆𝒓 𝒅𝒂𝒚𝒔

 The minimum acceptable value of this ratio is 100 percent.

The second objective is to promote resilience over a longer time horizon by creating additional
incentives for banks to fund their activities with more stable sources of funding on an ongoing
basis. The Committee developed the Net Stable Funding Ratio to achieve this objective.
The Net Stable Funding Ratio has a time horizon of one year and has been developed to capture
structural issues to provide a sustainable maturity structure of assets and liabilities.
𝑨𝒗𝒊𝒂𝒍𝒂𝒃𝒍𝒆 𝒂𝒎𝒐𝒖𝒏𝒕 𝒐𝒇 𝒔𝒕𝒂𝒃𝒍𝒆 𝒇𝒖𝒏𝒅𝒊𝒏𝒈 (𝑨𝑺𝑭)
𝑵𝑺𝑭𝑹 = > 𝟏𝟎𝟎%
𝑹𝒆𝒒𝒖𝒊𝒓𝒆𝒅 𝒂𝒎𝒐𝒖𝒏𝒕 𝒐𝒇 𝒔𝒕𝒂𝒃𝒍𝒆 𝒇𝒖𝒏𝒅𝒊𝒏𝒈 (𝑹𝑺𝑭)

 NSFR is met if ASF exceeds RSF, that is if ASF/RSF > 1 or 100%.

 Mahruf's Helpline for The Banking Professional Examination 18
https://www.facebook.com/groups/1548697449234982

9. (a) What is cyber risk? In current context why it is important for a financial 7
institution to manage this risk? Explain.
‘Cyber risk’ means any risk of financial loss, disruption or damage to the reputation of an
organization from some sort of failure of its information technology systems. In the banking sector,
cyber security refers to the organization of technologies and methods designed to prevent attacks
on networks, programs, and data. These attacks include the introduction of viruses and other
malware into the system, and they could also involve unauthorized access, hacking, or data theft.
Significance of cyber security in the financial industry:
(a) Protection of Customer Data: The financial industry is responsible for storing a vast amount
of sensitive customer data, including personal information, financial transactions, and banking
details. If this data falls into the wrong hands, it might lead to identity theft, financial fraud,
and other criminal activities. Therefore, safeguarding this data is critical to maintaining
customer trust.
(b) Prevention of Financial Fraud: Cybercriminals use various tactics, including phishing scams,
malware, and ransomware attacks, to exploit vulnerabilities in financial systems. These
incursions can lead to considerable financial losses for both customers and financial
institutions, affecting the industry’s reputation and profitability.
(c) Compliance with Regulatory Requirements: The financial industry is subject to strict
regulations regarding data protection, privacy, and security. Compliance with these
regulations is essential to avoid fines, legal liabilities, and reputational damage.
(d) Protection of Intellectual Property: Financial institutions rely on proprietary technology and
intellectual property to maintain their competitive advantage. Cyber-attacks can compromise
this information, resulting in significant financial losses and loss of market share.
Financial institutions are particularly vulnerable to intellectual property theft due to their
reliance on advanced technology and proprietary algorithms.
9. (c) Discuss the role of Internal Audit Department in risk management. 6
The role of Internal Audit Department is to provide objective and independence assurance to the
board and senior management on the effectiveness of governance, risk management, and internal
controls, including the manner in which the first and second lines of defense achieve risk
management and control objectives.
Risk management is the most important part of the strategic management of every bank and
represents an essential segment in the accomplishment of the business and financial objectives.
The internal auditors determine the weak points of the system, they estimate risk and they range
organizational parts/activities in accordance with the risk profile. The risk estimation, to a great
extent is based on good estimation and good informed opinion and on the consolidated experience
of the auditors and managers. The internal audit represents a systematic, objective assessment by
the internal auditors of the various activities and controls within an organization in order to
determine whether:
(a) the financial and operating information is accurate and reliable;
(b) risks for the bank are identified and minimized;
 Mahruf's Helpline for The Banking Professional Examination 19
https://www.facebook.com/groups/1548697449234982

(c) external regulations and generally accepted internal policies and procedures are being
followed;
(d) appropriate criteria of work are met;
(e) resources are used in an efficient and economical manner; and
(f) organization's objectives are met in an effective manner - all this in order to provide
consultation with the management and to assist members of the organization in relation
to the effective fulfillment of their management responsibilities.
10. Write short notes (any five) 4×5= 20
(a) Inherent Risk
Inherent risk is the risk that exists naturally when there are no safeguards in place to avoid
trouble. Inherent risk can be expressed as the potential impact of an event on the institution
times the probability of the harmful event occurring.
Inherent risk is defined as the variant of enterprise-level risk wherein the probability of loss is
derived from the organization’s type and complexity without any potential modifications to the
prevalent environment.
(b) Market Risk
Market risk is the possibility that an individual or other entity will experience losses due to
factors that affect the overall performance of investments in the financial markets. Market risk
arises when FIs actively trade assets and liabilities (and derivatives) rather than hold them for
longer-term investment, funding, or hedging purposes. Market risk is closely related to interest
rate risk, credit risk, and foreign exchange risk in that as these risks increase or decrease, the
overall risk of the FI is affected.
(c) Chief Risk Officer (CRO)
The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating
significant competitive, regulatory and technological threats to an enterprise's capital and
earnings. The role of a chief risk officer has received a lot of attention within the risk
management community, as well as from the finance and general management audiences.
(d) Risk Rating
Risk Rating is assessing the risks involved in the daily activities of an organization and classifying
them (low, medium, or high) on the basis of their impact on the organization. Ranking or
prioritizing hazards is one way to help determine which risk is the most serious and thus which
to control first. Priority is usually established by taking into account the employee's exposure
and the potential for incident, injury, or illness. By assigning a priority to the risks, you are
creating a ranking or an action list.
(e) Capital Adequacy Ratio
The capital adequacy ratio (CAR) is an indicator of how well a bank can meet its obligations. Also
known as the capital-to-risk weighted assets ratio (CRAR), the ratio compares capital to risk-
weighted assets and is watched by regulators to determine a bank's risk of failure. It's used to
protect depositors and promote the stability and efficiency of financial systems around the
world. Two types of capital are measured:
 Mahruf's Helpline for The Banking Professional Examination 20
https://www.facebook.com/groups/1548697449234982

 Tier-1 capital, core funds on hand to manage losses so that a bank can continue
operating and,
 Tier-2 capital, a secondary supply of funds available from the sale of assets once a bank
closes down.
𝑻𝒊𝒆𝒓 𝑰 𝑪𝒂𝒑𝒊𝒕𝒂𝒍 + 𝑻𝒊𝒆𝒓 𝑰𝑰 𝑪𝒂𝒑𝒊𝒕𝒂𝒍
𝑪𝑨𝑹 =
𝑹𝒊𝒔𝒌 𝑾𝒆𝒊𝒈𝒉𝒕𝒆𝒅 𝑨𝒔𝒔𝒆𝒕𝒔
(f) Environmental and Social Risk Management
Environmental & Social Risk refers to the uncertainty or probability of losses that originates
from any adverse environmental or social change (natural or manmade) or non-compliance of
the existing Bangladesh bank environmental regulation.
Banks need to ensure that their client’s financial and operational sustainability is not
undermined by adverse impacts on the environment and surrounding communities. Banks need
to have a clear understanding of potential Environmental & Social Risks and implications for a
client’s operations prior to being linked to the client in the context of the transaction.
(g) Risk Based Supervision
‘Risk Based Supervision (RBS) is defined as ‘a structured process which identifies the most
critical risks that face each bank and, through a focused review by the supervisor, assesses the
bank’s management of those risks along with its financial vulnerability to potential adverse
experiences’
(h) Board Risk management Committee
To play an effective role in mitigating impending risks arising out from strategies and policies
formulated by the Board and to carry out the responsibilities efficiently, a risk management
committee is formed.
This Committee is tasked with the responsibility of setting and reviewing the Bank’s risk policies.
The coverage of supervision includes the following: Credit Risk, Reputational Risk, Operations
Risk, Technology Risk, Market and Rate Risks, Liquidity Risk and other pervasive risks as may be
posed by the events in the industry at any point in time.