hard · Frm Part 2 Operational Risk
A bank identifies a 'severe-but-plausible' scenario for its Mortgage Lending service where a malware infection destroys all processing data. The bank's Impact Tolerance for this service is 24 hours. The stress test shows that while the systems can be recovered in 12 hours (RTO), the most recent off-site backup is 36 hours old (RPO).
Does this scenario represent a breach of the impact tolerance?
- Yes, but only if the bank is using the Advanced Measurement Approach (AMA) for capital, which explicitly weights RPO higher than RTO.
- Yes, because the data loss (36 hours) exceeds the time-to-restore threshold, implying customers are harmed beyond the tolerable limit.
- No, as long as the bank can prove it can manually re-enter the missing 36 hours of data within a separate 48-hour window.
- No, because the RTO of 12 hours is well within the 24-hour impact tolerance.
Sign up free to see the explanation and track your rank →
More Frm Part 2 Operational Risk practice
- Which of the following describes the 'One Big Loss' principle for heavy-tailed (subexponen
- Under the current Basel Standardized Measurement Approach (SMA) for operational risk, whic
- Which of the following is NOT one of them?
- What is the marginal coefficient for the portion of the BI that exceeds 30 billion euros?
- According to standard regulatory definitions (such as SR 11-7), which three components are
- A material change to a model is most likely to be triggered by which event?
- How long is the historical window required for calculating the average annual operational
- In the Bow-Tie analysis framework, where do 'Preventive Controls' sit relative to the oper