What's new

Nicole Seaman

Director of FRM Operations
Staff member
Learning objectives: Describe the concept of a risk appetite framework (RAF), identify the elements of an RAF, and explain the benefits to a firm of having a well-developed RAF. Describe best practices for a firm’s Chief Risk Officer (CRO), Chief Executive Officer (CEO), and its board of directors in the development and implementation of an effective RAF. Explain the role of an RAF in managing the risk of individual business lines within a firm, and describe best practices for monitoring a firm’s risk profile for adherence to the RAF. Explain the benefits to a firm from having a robust risk data infrastructure, and describe key elements of an effective IT risk management policy at a firm. Describe factors that can lead to poor or fragmented IT infrastructure at an organization. Explain the challenges and best practices related to data aggregation at an organization.


802.1. According to the Senior Supervisors Group, "Risk appetite frameworks (RAFs) should not simply be a set of loss tolerances or limits; they should include a wide array of measures to monitor the firm’s risk profile." Each of the following is a plausible RAF metric EXCEPT which of the following is an UNLIKELY RAF metric?

a. VaR limit
b. Minimum liquidity ratio
c. Minimum dividend payout ratio
d. Asset growth ceilings by exposure type

802.2. The firm's risk appetite is "the level and type of risk a firm is able and willing to assume in its exposures and business activities, given its business objectives and obligations to stakeholders." The risk appetite framework (RAF) explicitly defines the firm's risk boundaries as it pursues its business strategy. Effective implementation of the RAF framework requires champions at the top of the organization. Governance of the risk appetite is essential and presupposes coordination between the Chief Executive Officer (CEO), Chief Financial Officer (CFO) and Chief Risk Officer (CRO). In regard to such governance, according to the Observations, each of the following is true EXCEPT which is false?

a. The RAF frames strategic decisions such as the exit of business or the hiring of personnel
b. The firm sets a buffer between its risk appetite and risk capacity, the latter representing a maximum
c. The crisis has reemphasized the importance of reputation risk (which almost all firms attempt to assess in their RAFs) as a key focus at the board level
d. The metrics used to measure and monitor risk should be identical for the Directors, the C-Suite, and the Business lines to ensure organizational coherence

802.3. Each of the following tools or practices is an advisable element in an effective risk appetite framework (RAF) EXCEPT which is probably NOT best practice?

a. Project management office (PMO)
b. Spreadsheets to aggregate risk data
c. Data warehouses with common taxonomies
d. New product approval procedures that include technology operations personnel

Answers here: