2021 FRM Learning Objectives – Part 7

Estimated reading time: 10 minutes



We present part 7 of the learning outcomes, as prescribed by GARP.


Operational Risk and Resiliency

This area focuses on methods to measure and manage operational risk as well as methods to manage risk across an organization, including risk governance, stress testing, and regulatory compliance.

The broad knowledge points covered in Operational Risk and Resiliency include the following:

Principles for sound operational risk management

Risk appetite frameworks and enterprise risk management (ERM)

Risk culture and conduct

Analyzing and reporting operational loss data

Model risk and model validation

Risk-adjusted return on capital (RAROC)

Economic capital frameworks and capital planning

Stress testing banks

Third-party outsourcing risk

Risks related to money laundering and financing of terrorism

Regulation and the Basel Accords

Cyber risk and cyber resilience

Operational resilience


Principles for the Sound Management of Operational Risk

Describe the three lines of defense in the Basel model for operational risk governance.

Summarize the fundamental principles of operational risk management as suggested by the Basel Committee.

Explain guidelines for strong governance of operational risk and evaluate the role of the board of directors and senior management in implementing an effective operational risk framework.

Describe tools and processes that can be used to Identify and assess operational risk.

Describe features of an effective control environment and Identify specific controls that should be in place to address operational risk.

Explain the Basel Committee’s suggestions for managing technology risk and outsourcing risk.


Enterprise Risk Management: Theory and Practice

Define enterprise risk management (ERM) and explain how implementing ERM practices and policies can create shareholder value, both at the macro and the micro level.

Explain how a company can determine its optimal amount of risk through the use of credit rating targets.

Describe the development and implementation of an ERM system, as well as challenges to the implementation of an ERM system.

Describe the role of and issues with correlation in risk aggregation and describe typical properties of a firm’s market risk, credit risk, and operational risk distributions.

Distinguish between regulatory and economic capital and explain the use of economic capital in the corporate decision-making process.


What is ERM?

Describe Enterprise Risk Management (ERM) and compare and contrast differing definitions of ERM.

Compare the benefits and costs of ERM and describe the motivations for a firm to adopt an ERM initiative.

Describe the role and responsibilities of a chief risk officer (CRO) and assess how the CRO should interact with other senior management.

Describe the key components of an ERM program.


Implementing Robust Risk Appetite Frameworks to Strengthen Financial Institutions

Describe best practices for the implementation and communication of a risk appetite framework (RAF) at a firm.

Explain the relationship between a firm’s RAF and its risk culture and between the RAF and a firm’s strategy and business planning process.

Explain key challenges to the implementation of an RAF and describe how a firm can overcome each challenge.

Assess the role of stress testing within an RAF and describe challenges in aggregating firm-wide risk exposures.

Explain lessons learned in the implementation of an RAF through the presented case studies.


Banking Conduct and Culture: A Permanent Mindset Change

Describe challenges faced by banks with respect to conduct and culture and explain motivations for banks to improve their conduct and culture.

Explain methods by which a bank can improve its corporate culture and assess the progress made by banks in this area.

Explain how a bank can structure performance incentives and make staff development decisions to encourage a strong corporate culture.

Summarize expectations by different national regulators for banks’ conduct and culture.

Describe best practices and lessons learned in managing a bank’s corporate culture.


Risk Culture

Compare risk culture and corporate culture and explain how they interact.

Explain factors that influence a firm’s corporate culture and its risk culture.

Describe methods by which corporate culture and risk culture can be measured.

Describe characteristics of a strong risk culture and challenges to the implementation of an effective risk culture.

Assess the relationship between risk culture and business performance.


OpRisk Data and Governance

Describe the seven Basel II event risk categories and Identify examples of operational risk events in each category.

Summarize the process of collecting and reporting internal operational loss data, including the selection of thresholds, the timeframe for recoveries, and reporting expected operational losses.

Explain the use of a risk control self-Assessment (RCSA) and key risk indicators (KRIs) in identifying, controlling, and assessing, operational risk exposures.

Describe and assess the use of scenario analysis in managing operational risk and identify the biases and challenges that can arise when using scenario analysis.

Compare the typical operational risk profiles of firms in different financial sectors.

Explain the role of operational risk governance and explain how a firm’s organizational structure can impact risk governance.


Supervisory Guidance on Model Risk Management

Describe model risk and explain how it can arise in the implementation of a model.

Describe elements of an effective model risk management process.

Explain best practices for the development and implementation of models.

Describe elements of a strong model validation process and challenges to an effective validation process.


Information Risk and Data Quality Management

Identify the most common issues that result in data errors.

Explain how a firm can set expectations for its data quality and describe some key dimensions of data quality used in this process.

Describe the operational data governance process, including the use of scorecards in managing information risk.


Validating Rating Models

Explain the process of model validation and describe best practices for the roles of internal organizational units in the validation process.

Compare qualitative and quantitative processes for validating internal ratings and describe elements of each process.

Describe challenges related to data quality and explain steps that can be taken to validate a model’s data quality.

Explain how to validate the calibration and the discriminatory power of a rating model.


Assessing the Quality of Risk Measures

Describe ways that errors can be introduced into models.

Explain how model risk and variability can arise through the implementation of VaR models and the mapping of risk factors to portfolio positions.

Identify reasons for the failure of the long-equity tranche, short-mezzanine credit trade in 2005 and describe how such modeling errors could have been avoided.

Explain major defects in model assumptions that led to the underestimation of systematic risk for residential mortgage backed securities (RMBS) during the 2007-2009 financial crisis.


Risk Capital Attribution and Risk-Adjusted Performance Measurement

Define, compare, and contrast risk capital, economic capital, and regulatory capital and explain methods and motivations for using economic capital approaches to allocate risk capital.

Describe the RAROC (risk-adjusted return on capital) methodology and its use in capital budgeting.

Compute and Interpret the RAROC for a project, loan, or loan portfolio and use RAROC to compare business unit performance.

Explain challenges that arise when using RAROC for performance measurement, including choosing a time horizon, measuring default probability, and choosing a confidence level.

Calculate the hurdle rate and apply this rate in making business decisions using RAROC.

Compute the adjusted RAROC for a project to determine its viability.

Explain challenges in modeling diversification benefits, including aggregating a firm’s risk capital and allocating economic capital to different business lines.


Range of practices and issues in economic capital frameworks

Within the economic capital implementation framework, describe the challenges that appear in:

  • Defining and calculating risk measures.
  • Risk aggregation.
  • Validation of models.
  • Dependency modeling in credit risk.
  • Evaluating counterparty credit risk.
  • Assessing interest rate risk in the banking book.

Describe the BIS recommendations that supervisors should consider to make effective use of internal risk measures, such as economic capital, that are not designed for regulatory purposes.

Describe best practices and assess key concerns for the governance of an economic capital framework.

Explain benefits and impacts of using an economic capital framework within the following areas:

  • Credit portfolio management.
  • Risk-based pricing.
  • Customer profitability analysis.
  • Management incentives.


Capital Planning at Large Bank Holding Companies

Describe the Federal Reserve’s Capital Plan Rule and explain the seven principles of an effective capital adequacy process for bank holding companies (BHCs) subject to the Capital Plan Rule.

Describe practices that can result in a strong and effective capital adequacy process for a BHC in the following areas:

  • Risk identification.
  • Internal controls, including model review and validation.
  • Corporate governance.
  • Capital policy, including setting of goals and targets and contingency planning.
  • Stress testing and stress scenario design.
  • Estimating losses, revenues, and expenses, including quantitative and qualitative methodologies.


Stress Testing Banks

Explain challenges in designing stress test scenarios, including the problem of coherence in modeling risk factors.

Explain challenges in modeling a bank’s revenues, losses, and its balance sheet over a stress test horizon period.

Describe the evolution of the stress testing process and compare the methodologies of historical European Banking Association (EBA), Comprehensive Capital Analysis and Review (CCAR), and Supervisory Capital Assessment Program (SCAP) stress tests.


Guidance on Managing Outsourcing Risk

Explain how risks can arise through outsourcing activities to third-party service providers and describe elements of an effective program to manage outsourcing risk.

Explain how financial institutions should perform due diligence on third-party service providers.

Describe topics and provisions that should be addressed in a contract with a third-party service provider.


Management of Risks Associated with Money Laundering and Financing of Terrorism

Explain best practices recommended for the assessment, management, mitigation, and monitoring of money laundering and financial terrorism (ML/FT) risks.


Regulation of the OTC Derivatives Market

Summarize the clearing process in OTC derivatives markets.

Describe changes to the regulation of OTC derivatives which took place after the 2007-2009 financial crisis and explain the impact of these changes.


Capital Regulation Before the Global Financial Crisis

Explain the motivations for introducing the Basel regulations, including key risk exposures addressed, and explain the reasons for revisions to Basel regulations over time.

Explain the calculation of risk-weighted assets and the capital requirement per the original Basel I guidelines.

Describe measures introduced in the 1995 and 1996 amendments, including guidelines for netting of credit exposures and methods for calculating market risk capital for assets in the trading book.

Describe changes to the Basel regulations made as part of Basel II, including the three pillars.

Compare the standardized internal ratings-based (IRB) approach, the foundation IRB approach, and the advanced IRB approach for the calculation of credit risk capital under Basel II.

Calculate credit risk capital under Basel II utilizing the IRB approach.

Compare the basic indicator approach, the standardized approach, and the advanced measurement approach for the calculation of operational risk capital under Basel II.

Summarize elements of the Solvency II capital framework for insurance companies.


Solvency, Liquidity and Other Regulation After the Global Financial Crisis

Describe and calculate the stressed VaR introduced in Basel 2.5 and calculate the market risk capital charge.

Explain the process of calculating the incremental risk capital charge for positions held in a bank’s trading book.

Describe the comprehensive risk (CR) capital charge for portfolios of positions that are sensitive to correlations between default risks.

Describe the motivations for and calculate the capital conservation buffer and the countercyclical buffer, including special rules for globally systemically important banks (G-SIBs).

Describe and calculate ratios intended to improve the management of liquidity risk, including the required leverage ratio, the liquidity coverage ratio, and the net stable funding ratio.

Describe the mechanics of contingent convertible bonds (CoCos) and explain the motivations for banks to issue them.

Define in the context of Basel III and calculate where appropriate:

  • Tier 1 capital and its components.
  • Tier 2 capital and its components.
  • Required Tier 1 equity capital, total Tier 1 capital, and total capital.


High-level summary of Basel III reforms

Explain the motivations for revising the Basel III framework and the goals and impacts of the December 2017 reforms to the Basel III framework.

Describe the revised output floor introduced as part of the Basel III reforms and approaches to be used when calculating the output floor.

Summarize the December 2017 revisions to the Basel III framework in the following areas:

  • The standardized approach to credit risk.
  • The internal ratings-based (IRB) approaches for credit risk.
  • The CVA risk framework.
  • The operational risk framework.
  • The leverage ratio framework.


Basel III: Finalising post-crisis reforms

Explain the elements of the new standardized approach to measure operational risk capital.

Compare the Standardized Measurement Approach (SMA) to earlier methods of calculating operational risk capital, including the Advanced Measurement Approaches (AMA).

Describe general and specific criteria recommended by the Basel Committee for the identification, collection, and treatment of operational loss data.


The Cyber-Resilient Organization

Describe elements of an effective cyber-resilience framework and explain ways that an organization can become more cyber-resilient.

Explain resilient security approaches that can be used to increase a firm’s cyber resilience and describe challenges to their implementation.

Explain methods that can be used to assess the financial impact of a potential cyberattack and explain ways to increase a firm’s financial resilience.


Cyber-resilience: Range of practices

Define cyber-resilience and compare recent regulatory initiatives in the area of cyber-resilience.

Describe current practices by banks and supervisors in the governance of a cyber-risk management framework, including roles and responsibilities.

Explain methods for supervising cyber-resilience, testing and incident response approaches, and cybersecurity and resilience metrics.

Explain and assess current practices for the sharing of cybersecurity information between different types of institutions.

Describe practices for the governance of risks of interconnected third-party service providers.


Building the UK financial sector’s operational resilience

Describe operational resilience and describe threats and challenges to the operational resilience of a financial institution.

Explain recommended principles, including tools and metrics, for maintaining strong operational resilience at financial institutions.

Describe potential consequences of business disruptions, including potential systemic risk impacts.

Define impact tolerance; explain best practices and potential benefits for establishing the impact tolerance for a firm or a business process.


Striving for Operational Resilience: The Questions Boards and Senior Management Should Ask

Compare operational resilience to traditional business continuity and disaster recovery approaches.

Describe elements of an effective operational resilience framework and its potential benefits.


In closing

Thank you for visiting our website!

Remember to use the links below for more information:


Success is near,

The QuestionBank Family