medium · FRM Part 2 Operational Risk
A bank quantifies cyber operational risk and wants its key risk indicators (KRIs) to be genuinely predictive of large loss events rather than merely descriptive. It builds a logistic model predicting the probability of a material breach next quarter from a set of KRIs (patch latency, privileged-account count, failed-login spikes, prior-quarter near-misses). Backtesting shows excellent in-sample fit but the model fails to flag the two largest realized losses.
Which diagnosis best reflects an expert's understanding of why predictive KRI models systematically miss the tail for cyber operational risk?
- The model is overfit to common-cause incidents; because tail cyber losses are driven by novel, adversarial, low-frequency mechanisms absent from the historical KRI–loss mapping, the conditional relationship is non-stationary and the trained associations do not extend to the events that matter for capital.
- The logistic link function is fundamentally misspecified here; replacing it with a probit link would supposedly better capture the two extreme observations, since probit is commonly (though incorrectly) believed to have heavier response tails fitting rare events more accurately than logit.
- The failure is purely a matter of class imbalance in the training sample; oversampling the two large realized losses until positive and negative classes are numerically balanced would supposedly make the model correctly predict future tail breach events once it is retrained on the rebalanced dataset.
- The KRIs used here are inherently lagging rather than leading indicators of breach risk, so simply reordering them as time-series leads with an artificial one-quarter forward shift would supposedly mechanically restore the model's lost predictive power for genuinely rare tail-level breach events going forward.
Sign up free to see the explanation and track your rank →
More FRM Part 2 Operational Risk practice
- Which of the following describes the 'One Big Loss' principle for heavy-tailed (subexponen
- Under the current Basel Standardized Measurement Approach (SMA) for operational risk, whic
- Which of the following is NOT one of them?
- What is the marginal coefficient for the portion of the BI that exceeds 30 billion euros?
- According to standard regulatory definitions (such as SR 11-7), which three components are
- A material change to a model is most likely to be triggered by which event?
- How long is the historical window required for calculating the average annual operational
- In the Bow-Tie analysis framework, where do 'Preventive Controls' sit relative to the oper