Problem Set 16

What risk requires the development of social media policies as a risk-mitigationinitiative?

Reputation risk. Social-media activity can quickly damage a bank's public image if employees or customers post inaccurate, unethical, or confidential information. A clear social-media policy helps prevent reputational harm by defining acceptable online conduct, protecting confidentiality, and ensuring consistent, professional messaging

Third-party risk management is associated with what risk?

Operational risk. Vendors, technology providers, and service partners can expose banks to operational breakdowns, data breaches, or compliance failures. Strong third-party management reduces the chance that a supplier's errors or outages disrupt the bank's processes

Identify some of the sources of threats associated with strategic risk.

poor communication of objectives

lack of measurable performance metrics

failure to adjust to changes in markets or competition.

What is the total number of risks that banks face, as defined in this chapter?

Ten

- capital

- liquidity

- interest-rate

- credit

- operational

- technology

- compliance

- reputation

- strategic

- and legal (litigation)

What are some of the activities that create operational risk for a bank?

- loan-processing errors

- data-entry mistakes, employee fraud

- third-party vendor failures

Patch management is a risk mitigation technique for what risk?

Technology (cybersecurity) risk. Patch management ensures that all software and network systems are updated to close security vulnerabilities. Failure to maintain patches exposes the bank to malware, hacking, and data loss.

A code of ethics can be an effective risk mitigation technique for reputation risk. What is the goal of this technique?

The goal is to promote integrity and ethical behavior across all employees, setting standards that prevent misconduct and reinforce the bank's credibility. An enforced code of ethics builds public trust and reduces the chance of reputational damage from unethical practices.

What role do capital expenditures play in managing strategic risks?

Capital expenditures align financial resources with long-term strategic objectives. Effective budgeting and monitoring of capital projects ensure that investments support the bank's goals, prevent resource misallocation, and improve performance consistency—reducing the risk of failed strategic execution.

Define how the account opening process creates risks for the bank.

Poorly designed or outdated account-opening procedures can create litigation or compliance risks if agreements are incomplete or inaccurate. Weak verification or documentation may result in fraud, identity theft, or unenforceable contracts, exposing the bank to financial and legal losses.

Identify the six other risks banks face and explain what the risk of each is.

• Operational risk: Loss from failed processes, people, or external events.

• Technology risk: Loss or uncertainty from system failures or cyber threats.

• Compliance risk: Penalties or losses due to failure to follow laws or regulations.

• Reputation risk: Loss of trust or revenue from negative publicity or ethics breaches.

• Strategic risk: Losses from poor planning or failure to respond to change.

• Legal (litigation) risk: Losses from unenforceable contracts, lawsuits, or adverse judgments.

Operational risk can originate from human error, system breakdowns, or externaldisruptions, even if no financial loss occurs immediately.

TRUE

Operational risk can originate from people, systems, or external events even when no immediate loss occurs. Small process failures or human errors may remain hidden until they cascade into measurable financial or reputational damage.

Technology risk and operational risk are distinct but often interlinked; a cyber incident can quickly become operational.

TRUE

Technology and operational risks are separate categories but often overlap. A cyber breach or system outage almost always becomes an operational disruption once it interrupts services or compromises data

Compliance risk only matters for global banks; community banks are exempt from major regulatory penalties.

FALSE

Compliance risk applies to all financial institutions, not just global ones. Smaller community banks face the same legal obligations under AML, KYC, and consumer-protection laws, and regulators often impose penalties regardless of size.

Strategic risk can take years to surface but often causes permanent franchise damageonce visible.

TRUE

Strategic risk develops slowly but can permanently weaken a bank's franchise. Poor planning, bad execution, or failure to adapt to market change can erode profitability and stakeholder confidence over time.

Reputational risk is unquantifiable; while measurement is subjective, its impact canbe material and long-lasting.

UNCERTAIN

Reputational risk is difficult to quantify, but that doesn't mean it can't be measured indirectly. While subjective, its effects—such as higher funding costs or customer attrition—are often substantial and observable.

Litigation risk may arise even when the bank's defense is successful, due to cost andreputational fallout.

TRUE

Litigation risk can materialize even when the bank successfully defends a case. Legal proceedings consume management time, attract negative media, and can erode trust even without financial penalties.

The SVB collapse was caused primarily by credit losses on its loan book.

FALSE

The SVB collapse was not driven by credit losses but by interest-rate and liquidity mismatches. Its depositor concentration and lack of rate hedging triggered a rapid loss of confidence and withdrawal run.

Reputational damage can amplify liquidity stress, as depositors and counterpartieswithdraw funds.

TRUE

Reputational damage amplifies liquidity stress because customers and counterparties react emotionally to perceived instability, often withdrawing funds preemptively.

A single failure at a bank can trigger a "chain reaction" across several risk types,revealing interdependence.

TRUE

Risk types are interconnected. An operational or technology breakdown can trigger compliance breaches, reputational harm, and liquidity pressure, forming a self-reinforcing chain.

The best approach to mitigating litigation risk is always to settle quickly.

UNCERTAIN

Settling litigation quickly is not always optimal. It can limit exposure but also signal guilt; the decision depends on the strength of the evidence, legal precedent, and how each path affects long-term reputation.

Which of the following best illustrates operational risk?

A system error causes duplicate customer charges and public backlash

In the Wells Fargo fake-accounts scandal, which internal control failure was most evident?

Weak tone from the top and sales-pressure culture

The accidental $900mln wire transfer from Citi to Revlon lenders exposed what controlgap?

Deficient authorization and system validation checks

A core banking migration failure that locks customers out of online accounts primarilyreflects what risk type?

Technology risk

HSBC's 2012 sanctions-related fine demonstrates how compliance risk can evolve from:

Weak AML monitoring and inadequate escalation

Strategic risk most often emerges when:

Market conditions shift and strategy fails to adapt

Deutsche Bank's long-term profitability decline during the 2010s best illustrates:

Strategic drift due to overexpansion and under-investment in controls

SVB's 2023 collapse was triggered by:

A concentrated depositor base and unhedged rate exposure

In Credit Suisse's downfall, the Archegos exposure exemplified:

Counterparty risk manifesting through poor internal oversight

Poor documentation or contract clarity primarily exposes a bank to:

Litigation risk

Reputational risk often acts as a:

Amplifier of other risks once public confidence declines

A patch-management failure that leaves a server unprotected would most directly cause:

Technology risk

The interconnection of risks is best captured by which sequence?

Technology failure → reputation loss → deposit flight → liquidity pressure

A culture of "growth at all costs" increases exposure primarily to:

Strategic and compliance risk

When a regulator imposes a deferred-prosecution agreement, the associated risk ismost closely:

Compliance and legal risk