1.
Which of the following is a key benefit of Operational Risk Management?
Correct Answer
D. All of the above
Explanation
Operational Risk Management provides several key benefits. Firstly, it helps in improving and making business processes more efficient. This is achieved by identifying and mitigating potential risks that could hinder operations. Secondly, it enhances the quality of service provided to customers by minimizing operational disruptions and errors. Lastly, it helps in reducing losses and the cost of rework due to errors, which ultimately leads to cost savings. Therefore, all of the mentioned benefits are associated with Operational Risk Management.
2.
The risk management philosophy and objectives…
Correct Answer
C. Do not seek to eliminate risk, but rather to understand and profitably manage risks to optimize
Explanation
The correct answer is "Do not seek to eliminate risk, but rather to understand and profitably manage risks to optimize." This means that the risk management philosophy and objectives do not aim to completely eliminate all risks within the business, but rather to gain a comprehensive understanding of the risks involved and effectively manage them in order to optimize profitability.
3.
Which of the following tools and methodologies are NOT included in the ORM programme?
Correct Answer
B. Authorisation Matrix
Explanation
The ORM programme includes tools and methodologies such as Risk and Control Self-Assessment, Key Risk Indicators, and Incident Management. However, the Authorisation Matrix is not included in the ORM programme.
4.
What role you play in the ORM process?
Correct Answer
D. A and C only.
Explanation
The correct answer is A and C only. In the ORM process, your role is to maintain a level of risk awareness during your day-to-day activities. This means being vigilant and identifying any potential risks or control weaknesses that may arise. You are also responsible for reporting these risks and weaknesses to ensure they are addressed and mitigated. The other options, B and D, are incorrect as they state that your position has nothing to do with risk management or that only one option is correct, which is not the case.
5.
The “first line of defence” consists of all risk owners across the business unit including the Management Committee. All risk owners have direct responsibility and are held accountable for the management and control of operational risks.
Correct Answer
A. True
Explanation
The first line of defense refers to all risk owners in a business unit, including the Management Committee. These risk owners are directly responsible for managing and controlling operational risks. This means that they have the primary responsibility for identifying, assessing, and mitigating risks within their respective areas of responsibility. They are held accountable for ensuring that proper risk management practices are in place and that risks are effectively managed to protect the organization. Therefore, the statement that the first line of defense consists of all risk owners across the business unit, including the Management Committee, and that they have direct responsibility and are held accountable for operational risk management is true.
6.
Which of the following is correct?
Correct Answer
C. All Staff members are responsible for identifying fraud in our business.
Explanation
All staff members are responsible for identifying fraud in our business because fraud can occur at any level and it is important for everyone to be vigilant and report any suspicious activities. It is not solely the responsibility of senior management or regulators, but rather a collective effort to ensure the integrity and security of the business. The involvement of all staff members increases the chances of detecting and preventing fraud effectively.
7.
Which of the following is correct for handling the request for investigation assistance from law enforcement agencies?
Correct Answer
C. Refer the request to the Corporate Security & Investigations (CSI) for handling.
8.
Which of the following is correct regarding fraud case reporting?
Correct Answer
D. You should not share your reported details to any irrelevant party as this may jeopardize the investigation
Explanation
It is important not to share reported details with any irrelevant party as this could compromise the investigation.
9.
Which of the following is correct regarding travel risk?
Correct Answer
C. Vice Presidents shall avoid be booked together on the same flight for security reason
10.
Which of the following regarding event security is/are correct?
Correct Answer
D. B & C only
Explanation
The correct answer is B & C only. This means that the following statements are correct: risk assessment should be conducted and completed before an event, and event security should be supervised by the event co-ordinator and CSI security officer at all times. The first statement acknowledges the importance of assessing and addressing potential risks before an event takes place. The second statement emphasizes the need for supervision by both the event co-ordinator and the CSI security officer to ensure effective event security.
11.
Which of the following is NOT appropriate to reduce the chance of data leakage?
Correct Answer
D. Dump screen with customer information without masking data for training material or operational procedure purpose
Explanation
Dumping a screen with customer information without masking data for training material or operational procedure purposes is not appropriate to reduce the chance of data leakage. This action exposes sensitive customer information to potential leaks and compromises data security. To reduce the chance of data leakage, it is important to never send customer information to non-business related partners and personal email accounts, work at home with VPN access, and upload company information to websites with management approval.
12.
What is/are the key concern(s) of Information Technology Risk?
Correct Answer
D. All of the above
Explanation
The key concerns of Information Technology Risk include the protection of confidentiality, assurance of integrity, and provision of availability. Confidentiality refers to the protection of sensitive information from unauthorized access. Integrity involves ensuring the accuracy, completeness, and reliability of data and information. Availability ensures that IT systems and services are accessible and usable when needed. All of these concerns are important in managing IT risks effectively.
13.
What is the definition of C3 – Confidential information?
Correct Answer
C. Information requires special protection
Explanation
C3 - Confidential information refers to information that requires special protection. This means that the information is sensitive and should not be disclosed to unauthorized individuals or entities. It may contain sensitive data such as trade secrets, financial information, or personal information. The protection of C3 information is crucial to maintain the privacy, security, and integrity of the information and prevent any potential harm or misuse.
14.
When you change a new password, which of the following approaches is/are appropriated?
Correct Answer
D. All of the above
Explanation
The appropriate approach when changing a new password is to follow all of the mentioned guidelines. The password should consist of a minimum of eight characters, should not be common or personal information, and should include a mixture of upper and lower case letters, numeric, or special characters. Following all of these guidelines helps to create a strong and secure password.
15.
You should report all incidents to the Risk Management and Compliance within ______.
Correct Answer
A. 24 hours
Explanation
All incidents should be reported to the Risk Management and Compliance within 24 hours. This is important because reporting incidents promptly allows for swift action to be taken to mitigate any potential risks or damages. It also ensures that the appropriate authorities are notified in a timely manner, which is crucial for compliance purposes and maintaining the overall security and integrity of the organization.
16.
If you find one of the customer hits the Sanction List during customer screening, you should immediately report the case to:
Correct Answer
B. Your manager and the Money Laundering Reporting Officer (MLRO)
Explanation
If a customer hits the Sanction List during customer screening, it is important to report the case immediately to the manager and the Money Laundering Reporting Officer (MLRO). This is because the manager needs to be informed about the situation and the MLRO is responsible for reporting any suspicious activities related to money laundering. Reporting to the Human Resources Department or the Customer Service Department would not be the appropriate course of action in this case.
17.
How long the customer records should be kept to comply with the Anti-Money Laundering (AML) & Counter-Terrorist Financing (CTF) Policy?
Correct Answer
C. 7 years
Explanation
The customer records should be kept for 7 years to comply with the Anti-Money Laundering (AML) & Counter-Terrorist Financing (CTF) Policy. This duration ensures that the records are available for a sufficient period of time to monitor and investigate any suspicious activities related to money laundering or terrorist financing. It also allows regulatory authorities to access the information if required for audits or legal purposes.
18.
Which of the following statement about Conflicts of Interest is correct?
Correct Answer
D. None of the above
Explanation
The correct answer is "None of the above" because the statement "To avoid conflict of interest, the Company’s interest is always given priority" is not always true. In some cases, the company's interest may be given priority, but there are also situations where conflicts of interest need to be managed and mitigated in a fair and balanced manner. The statement "Approval is not needed for an employee to take up part-time job without paid" is incorrect because most companies require employees to seek approval before taking up any part-time job, even if it is unpaid. The statement "My personal finance is not related to the Conflict of Interest at work" is also incorrect because personal financial interests can potentially create conflicts of interest in the workplace.
19.
Which of the following Advantage can be offered by an employee?
Correct Answer
B. A pen with the Company logo in a road show
Explanation
An employee can offer the advantage of promoting the company and its brand by distributing a pen with the company logo in a road show. This promotional item can help increase brand visibility and create a positive impression among potential customers. The other options mentioned, such as a bottle of wine, a gift to a public official, and a department store coupon, may not directly contribute to promoting the company or its brand.
20.
Employees possessing Insider Information are prohibited from:
Correct Answer
D. All of the above.
Explanation
Employees possessing Insider Information are prohibited from advising their spouses/friends to carry out securities transactions based on such information, carrying out advance securities transactions in response to, or in advance of, large securities orders by customers or by the Company, and carrying out personal investment in restricted securities without obtaining pre-approval from the Head of Compliance, if they are a permanent insider.
21.
Which of the following is not an advantage of reporting issues/incidents through Whistleblowing channel?
Correct Answer
D. Fast
Explanation
The correct answer is "Fast" because reporting issues/incidents through a whistleblowing channel may not necessarily result in a fast resolution. While anonymity, confidentiality, and security are all advantages of whistleblowing channels, the speed at which the issues are addressed and resolved may vary depending on the complexity of the situation and the resources available to investigate and take action on the reported incidents.
22.
Who are not the reporting officers for Whistleblowing?
Correct Answer
D. Your direct line manager
Explanation
Your direct line manager is not a reporting officer for whistleblowing because they are likely to be involved in the misconduct or unethical behavior being reported. It is important to have reporting officers who are independent and unbiased in order to ensure a fair and objective investigation of the whistleblowing allegations. The Head of Compliance, Head of Internal Audit, and Chief Risk Officer are all positions that are typically responsible for overseeing and addressing whistleblowing concerns.