96th AIBB RMFI Solved-2-1
96th AIBB RMFI Solved-2-1
96th AIBB RMFI Solved-2-1
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
1|Page
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
2|Page
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
3|Page
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
1. (c) What are the minimum criteria for appointing a Chief Risk Management Officer 5
(CRO)?
Bank shall appoint Chief Risk Officer (CRO) who will act as the head of Risk Management
Department. Appointment, dismissal and other changes to the CRO position should be
approved by the board or its risk management committee. If the CRO is removed from
his/her position, this should be disclosed publicly. The bank should also discuss the reasons
for such removal with its supervisor. CRO’s performance and compensation should be
reviewed and approved by the board or its risk management committee. Bank shall consider
the following criteria as a minimum for appointing CRO:
1) Senior executive having mainstream banking experience preferably covering
i. Core risk management
ii. Internal Control and Compliance
iii. Capital management
iv. Branch banking
v. Core banking system
vi. Risk based certification
2) Minimum three years hands on working experience in risk management
3) The position of the CRO should be one grade higher than or at-least equal to the
heads of other departments for effective risk management.
2. (a) “Risk Management process is a series of multiple steps that are undertaken in 6
sequence for decision making”- Describe the steps of risk management process
in a bank.
Risk management is an iterative process that, with each cycle, can contribute progressively
to organizational improvement by providing management with a greater insight into risks
and their impact. It is a series of multi-steps that, when undertaken in sequence, enable
continual improvement in decision-making.
Steps of Risk Management Process in a Banking Organization:
Step 1 – Communicate and Consult
Step 2 – Establish the context
Step 3 – Identify the risks
Step 4 – Analyze the risks
Step 5 – Evaluate the risks
Step 6 – Treat the risks
Step 7 – Monitor the risks
2. (b) What kind of losses a financial institution may face if appropriate risk 6
management system can’t be ensured? Explain with examples.
Banking risk management is the process of a bank identifying, evaluating, and taking steps to
mitigate the chance of something bad happening from its operational or investment
decisions. This is especially important in banking, as banks are responsible for creating and
managing money for other. Some specific reasons for the importance of risk management
in the banking sector are that it helps banks to:
Avoid wasting or needlessly losing the money they need to stay in business
Avoid disruptions to their operations
4|Page
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
5|Page
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
3. (b) What kind of changes do you think is required in current risk management 6
system in your organization?
The important change that is required in my organization:
“Designing of Meta-Regulation using ERM under the Risk-based Regulatory Strategy”
Risk-based regulation is now a widely promoted strategy across policy domains and still
under the pavilion of “new governance” as a flexible regulation and an alternative to the
“command and control” based regulation.
The meta-regulatory approach has received much acceptance from the regulators and
becomes a key regulatory technique of risk-based approaches.
Meta-regulation can take a variety of forms. Sometimes it is referred to as “enforced
self-regulation,” wherein banks devise their own detailed rules in light of regulatory
goals.
The structural reform under ERM compels banks to develop the system-based or
management-based architecture of self-regulation.
In one end of the architecture, the board of directors is put in place and made them
responsible for oversight of bank-wide risks with the help of a sub-committee of the
board (i.e. BRMC) and the RMD. Likewise, a risk committee at the executive level (i.e.
ERMC) is formed at the other end of the architecture comprises of the heads of all
functional departments.
The RMD, as an independent department, is placed between the governance and the
operations (i.e. BRMC and ERMC) with the CRO as the Head of the department through a
defined communication hierarchy.
In addition, a supervisory review process team is formed with the MD/CEO as the Head
to monitor the risk-based internal capital adequacy and hold a dialogue with the central
bank's team. Thus, the system-based or management-based architecture for regulation
become effective in banks following the ERM based structural reform.
3. (c) Do you think that supervisors’ and regulators’ proper initiatives are the only 6
way to ensure sound risk management system in an organization?
Yes, I think so because of three reasons:
First, the success of any regulatory standard depends on the supervision of that
standard. Consistent implementation of the rules is one of the important roles of
6|Page
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
supervision, possibly the most important. It is a way to ensure sound balance sheets and
a resilient financial system.
A second important role is dealing with complexity, innovation and continuous change.
In a highly dynamic, changing and complex world, regulations are permanently playing
catch-up with the continuously adapting financial sector. Supervision can complement
regulation in dealing with this challenge. For example, some of the problems associated
with the excessive variance of risk-weighted assets across banks can be addressed not
only by putting some constraints on banks' internal models (i.e. regulation), but also by
being stricter in model approval (i.e. supervision).
Third, merely complying with regulations is not enough. For the banking system to fulfill
the role that society wants it to play, it needs to do more. In particular, trust in the
system must be restored. This requires not only the strengthening of balance sheets or
compliance with regulations, but also changes in behavior and in the culture of financial
institutions. Supervisors have been paying increasing attention to this issue.
4. (a) Do you think that internal stakeholders of a financial institution should play 8
major role in risk management comparing to the external stakeholders?
Logically explain why or why not.
Yes, I think so.
Risk management is a critical process that involves identifying, assessing, and mitigating
potential risks that can impact an organization's objectives. Various stakeholders play
essential roles in the risk management process, each with specific interests and
responsibilities. Here are some key stakeholders in risk management of financial
institutions:
1) Executive Leadership and Board of Directors
2) Risk Management Professionals and Teams
3) Shareholders and Employees
4) Customers, Clients and Competitors
5) Regulators and Government Agencies etc.
7|Page
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
Internal stakeholders have direct involvement in the risk management process, which
external stakeholders do not.
Internal stakeholders are part of a company. External stakeholders are representatives
of external organizations/entities.
Internal stakeholders directly influence its resources, processes, and results. External
stakeholders have an indirect influence on the company.
Internal stakeholders are directly interested in a company since they are immediately
affected by its activities. External stakeholders have an indirect interest in the company.
They also may have an interest in some competitors.
Internal stakeholders have direct access to internal company information about its
decisions, processes, and performance. External stakeholders can have only limited
access to such information.
So there are reasons to believe that internal stakeholders have a greater role to play than
external stakeholders in the risk management process of a financial institution.
4. (b) What are the key differences between the role of a Board Risk Management 8
Committee (BRMC) and an Executive Risk Management Committee (ERMC)?
Role of Board Risk Management Committee (BRMC) in addition to but not excluding the role
defined in the related BRPD circular:
a) Formulating and reviewing (at least annually) risk management policies and strategies for
sound risk management;
b) Monitoring implementation of risk management policies & process to ensure effective
prevention and control measures;
c) Ensuring construction of adequate organizational structure for managing risks within the
bank;
d) Supervising the activities of Executive Risk Management Committee (ERMC);
e) Ensuring compliance of BB instructions regarding implementation of core risk management;
f) Ensuring formulation and review of risk appetite, limits and recommending these to board of
directors for their review and approval;
g) Approving adequate record keeping & reporting system and ensuring its proper use;
h) Holding at least 4 meetings in a year (preferably one meeting in every quarter) and more if
deemed necessary;
i) Analyzing all existing and probable risk issues in the meeting, taking appropriate decisions
for risk mitigation, incorporating the same in the meeting minutes and ensuring follow up of
the decisions for proper implementation;
j) Submitting proposal, suggestions & summary of BRMC meetings to board of directors at
least on quarterly basis;
k) Complying with instructions issued from time to time by the regulatory body;
l) Ensuring appropriate knowledge, experience, and expertise of lower-level managers and
staffs involved in risk management;
m) Ensuring sufficient & efficient staff resources for RMD;
n) Establishing standards of ethics and integrity for staffs and enforcing these standards;
o) Assessing overall effectiveness of risk management functions on yearly basis. Banks
are encouraged to preserve video recording of the BRMC meetings for verification by
the team from Bangladesh Bank (DOS) involved in monitoring risk management
8|Page
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
activities. The team may meet the members of BRMC and ERMC of the bank from time
to time to get a closer perspective of risk management culture and practice.
Role of Executive Risk Management Committee (ERMC):
Bank shall form ERMC comprising of CRO (as the Chairman), Head of ICC, CRM/CAD, Treasury,
AML, ICT, ID, Operation, Business, Finance, Recovery and Head of any other department related
to risk if deemed necessary. RMD will act as secretariat of the committee. The ERMC, from time
to time, may invite top management (CEO, AMD, DMD, Country heads or senior most
executives), to attend the meetings so that they are well aware of risk management process. The
responsibilities/Terms of Reference of ERMC will include, but limited to:
a) Identifying, measuring and managing bank’s existing and potential risks through detailed
risk analysis;
b) Holding meeting at least once in a month based on the findings of risk reports and taking
appropriate decisions to minimize/control risks;
c) Ensuring incorporation of all the decisions in the meeting minutes with proper
dissemination of responsibilities to concerned divisions/departments;
d) Minimizing/controlling risks through ensuring proper implementation of the decisions;
e) Reviewing risks involved in new products and activities and ensuring that the risks can be
measured, monitored, and controlled adequately;
f) Submitting proposals, suggestions & summary of ERMC meetings to CEO, BRMC on
regular basis;
g) Implementing the decisions of BRMC and board meetings regarding risk issues;
h) Assessing requirement of adequate capital in line with the risk exposures and ensuring
maintenance of the same through persuading senior management and board;
i) Determining risk appetite, limits in line with strategic planning through threadbare
discussions among the members;
j) Contributing to formulation of risk policies for business units;
k) Handling “critical risks” (risks that require follow-up and further reporting);
l) Following up reviews and reports from BB and informing BRMC the issues affecting the
bank’s operation;
m) Ensuring arrangement of Annual Risk Conference in the bank.
Key differences between the role of a BRMC and an ERMC:
The BRMC oversees the identification, monitoring, management and reporting of credit,
market, liquidity, operational and reputational risks. Besides, Executive Risk Management
Committee (ERMC) has the responsibility to execute the risk management policies and
processes prescribed by BRMC.
9|Page
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
10 | P a g e
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
4) Monitoring and Reporting: Risks are monitored through an ongoing risk assessment to
determine any changes over time. The risks and any changes are reported to senior
management and the board to facilitate decision-making processes.
Factors of Operational Risk management:
Operational Risk
Operational strategic risk Operational failure risk
The risk of choosing an inappropriate The risk encountered in the pursuit of a
strategy in response to environmental particular strategy due to
factors, such as People
Political Process
Government Technology
Regulation
Taxation
Societal
Competition, etc.
5. (c) What do you understand by Three Lines of Defense (3LoD)? Why is it important 8
in operational risk management?
3LoD model is an organization’s internal defense model, which simply can be summarized as
follows:
1) The first line of defense:
The first layer of defense is implemented by the unit, component or business function that
performs daily operation activities, especially those that are the front lines of the
organization. In this case they are expected to:
Ensure the conductive control environment in their business unit.
Implement risk management policies on their roles and responsibilities, especially in
activities that lead to corporate growth. They are expected to be fully aware of the
risk factors that should be considered in every decision and action.
Be able to execute effective internal control in their business units, as well as the
monitoring process and maintaining transparency in the internal control itself.
2) The Second Line of defense
The second layer of defense is executed by risk management and compliance functions,
especially in structured risk management and compliance units e.g. department or risk
management and compliance units. In this case, they are expected to:
Be responsible for risk management development, monitoring process and the
implementation of the company’s overall risk management.
Monitor and ensure that all business functions being implemented in accordance
with risk management policies and standard operating procedures that have been
established by the company.
Monitor and report to department with the highest accountability on complete
company’s exposure to risks.
3) The Third Line of defense
The third layer of defense is implemented by both auditors and internal auditors the
external auditor. Role of the internal auditor is much more intense in this 3LD models
11 | P a g e
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
because they are part the company that is independent by design. In this case, the internal
auditors are expected to:
Review and evaluation the design and implementation of risk management
holistically.
Ensure the effectiveness of the first layer of defense and the second-tier.
12 | P a g e
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
13 | P a g e
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
Stress testing is a crucial tool for risk management in the banking sector. It involves testing the
financial resilience of banks under different scenarios, such as a severe economic downturn,
market turbulence, or unexpected events like a cyber-attack or a natural disaster. Stress testing
helps banks identify vulnerabilities in their risk management processes and make informed
decisions to manage risks more effectively.
7. (a) What is trade Based Money Laundering? 3
Trade based money laundering (TBML) is the process of moving illegal funds through the
international trade system to legitimize them. TBML practices can include the falsification of
price, quantity, and quality of the imported or exported goods.
TBML takes advantage of the complex nature of trade systems, most prominently in
international contexts where the involvement of multiple parties and jurisdictions make know
your customer and anti-money laundering (KYC and AML) checks and customer due diligence
(CDD) processes more difficult.
7. (b) Briefly explain the risk assessment and risk mitigation process in trade based 7
money laundering.
Trade based Money Laundering risk may arise and affect due to inadequate infrastructure of the
bank, inaccurate assessment of the customer before on board, poor identification and handling
of TBML alert while conducting trade transaction by the officials concerned and; overall for
failure of the bank to address the risk at the enterprise or institute level. Hence all the banks are
instructed to establish TBML risk assessment and mitigation at infrastructure level, customer
level, transaction level and at enterprise level as shown in the flowchart below:
First comes, infrastructure risk assessment and mitigation as it is impossible to
implement mitigation measures without adequate infrastructure.
Secondly, high risk customers with dubious trade transaction give birth to trade fraud.
Hence knowing and assessing customer before on board for trade transaction shall be of
great use to combating TBML.
Thirdly, TBML risk assessment and mitigation at the transaction level is the most
important and vital to combating this offense as it is at this level that the TBML takes
place. And finally a holistic approach by the entire institution can be effectively
implemented through senior management engagement in TBML risk assessment and
mitigation at enterprise level. Details are described below.
14 | P a g e
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
7. (c) Mr. ‘X’, an importer, opens an LC amounting $8,90,810.50 for import of edible 10
oil. Bank made payment of the full amount ($8,90,810.50) based on shipping
documents and endorsed the same in favor of the importer for the purpose of
releasing the goods. Instead of those documents, a set of fabricated documents
were submitted to the customs as the value of goods arrived under that LC was
only $59,150. However, goods could not be released from customs due to failure
in quality inspection. Meanwhile, a fabricated copy of bill of entry valuing
$8,90,810.50 was submitted to the bank evidencing the proper release of the
goods.
- From the above incident, what type of trade based money laundering
alerts do you suspect? Explain.
Solution: TBML Alerts:
1. Inadequate assessment of trade customer.
2. Shipping documents not verified.
3. Bill of Entry not verified by the bank.
4. Though large amount, adequate cautionary measures were not taken.
8. Based on the given information of `A’ bank, answer the following questions: 20
Paid up Capital : Tk 1,392 Crore
Statutory Reserve : Tk 1,000 Crore
Retained Earnings : Tk 420 Crore
Perpetual Bond : Tk 300 Crore
General Provisions : Tk 650 Crore
Subordinated Bond : Tk 360 Crore
Total Risk-Weighted Assets (RWA) : Tk 30,200 Crore
a) Calculate `A’ bank’s minimum capital requirements.
b) Calculate CET-I and Tier-I capital ratios of the bank.
c) Calculate Tier-II capital ratio of the bank.
d) Calculate total capital to Risk-Weighted Assets Ratio (CRAR) of the bank.
e) Interpret the results above against minimum regulatory requirements of
Bangladesh Bank.
Solution:
Particulars Amount Capital Class
Paid up Capital : Tk 1,392 Crore CET-I
Statutory Reserve : Tk 1,000 Crore CET-I
Retained Earnings : Tk 420 Crore CET-I
Perpetual Bond : Tk 300 Crore Additional Tier-1
General Provisions : Tk 650 Crore Tier-II
Subordinated Bond : Tk 360 Crore Tier-II
Total Risk-Weighted Assets (RWA) : Tk 30,200 Crore
(a) `A’ bank’s minimum capital requirement:
10% 𝑜𝑓 𝑇𝑜𝑡𝑎𝑙 𝑅𝑖𝑠𝑘 𝑊𝑒𝑖𝑔ℎ𝑡𝑒𝑑 𝐴𝑠𝑠𝑒𝑡𝑠 = 𝑇𝑘 30,200 × .10 = 𝑇𝑘 3,020.00
`A’ bank’s minimum capital requirement plus capital conservation buffer =
12.5% 𝑜𝑓 𝑅𝑖𝑠𝑘 𝑤𝑒𝑖𝑔ℎ𝑡𝑒𝑑 𝐴𝑠𝑠𝑒𝑡𝑠 = 30,200 × 0.125 = 𝑇𝑘 3,775
(b)
(1,392 + 1,000 + 420) 2,812
𝐶𝐸𝑇 𝐼 𝐶𝑎𝑝𝑖𝑡𝑎𝑙 𝑅𝑎𝑡𝑖𝑜 = = = 9.31%
30,200 30,200
(𝐶𝐸𝑇 𝐼 𝑐𝑎𝑝𝑖𝑡𝑎𝑙 + 𝐴𝑑𝑑𝑖𝑡𝑖𝑜𝑛𝑎𝑙 𝑇𝑖𝑒𝑟 𝐼 𝑐𝑎𝑝𝑖𝑡𝑎𝑙)
𝑇𝑖𝑒𝑟 𝐼 𝐶𝑎𝑝𝑖𝑡𝑎𝑙 𝑅𝑎𝑡𝑖𝑜 =
𝑇𝑜𝑡𝑎𝑙 𝑅𝑊𝐴
15 | P a g e
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
16 | P a g e
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
CEO/Managing
Director
(Chairperson)
Head of ALM
desk
17 | P a g e
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
18 | P a g e
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
The LCR measures a bank’s liquidity risk profile, banks have an adequate stock of
unencumbered high-quality liquid assets that can be easily and immediately converted in
financial markets, at no or little loss of value.
d) Net Stable Funding Ratio (NSFR)
The NSFR presents the proportion of long term assets funded by stable funding and is
calculated as the amount of Available Stable Funding (ASF) divided by the amount of
Required Stable Funding (RSF) over a one-year horizon.
The minimum acceptable value of this ratio is 100 percent, indicating that available
stable funding (ASF) should be at least equal to required stable funding (RSF).
The calculation of the NSFR requires two quantities to be defined:
A. available stable funding (ASF) and
B. required stable funding (RSF).
NSFR is met if ASF exceeds RSF, that is if ASF/RSF > 1 or 100%.
𝑨𝒗𝒊𝒂𝒍𝒂𝒃𝒍𝒆 𝒂𝒎𝒐𝒖𝒏𝒕 𝒐𝒇 𝒔𝒕𝒂𝒃𝒍𝒆 𝒇𝒖𝒏𝒅𝒊𝒏𝒈 (𝑨𝑺𝑭)
𝑵𝑺𝑭𝑹 = > 𝟏𝟎𝟎%
𝑹𝒆𝒒𝒖𝒊𝒓𝒆𝒅 𝒂𝒎𝒐𝒖𝒏𝒕 𝒐𝒇 𝒔𝒕𝒂𝒃𝒍𝒆 𝒇𝒖𝒏𝒅𝒊𝒏𝒈 (𝑹𝑺𝑭)
e) Risk Appetite and Risk Tolerance
“Risk appetite” and “Risk tolerance” both set boundaries for the degree of risk an
organization is prepared to accept. There are, however, a few important differences
between the two terms.
Risk appetite describes the level of risk-taking that management deems acceptable
in an organization’s daily activities. Risk tolerance is more precise; it sets the
acceptable level of variation from performance goals intended to achieve strategic
objectives.
Put another way, risk appetite is the general level of risk a company accepts while
pursuing its business objectives before it decides to take any action to reduce that
risk — the organization’s risk capacity, so to speak. Risk tolerance is the aggregate
degree of variance from that risk appetite that the organization is willing to tolerate.
f) Crypto Currency
Crypto currency is a digital payment system that doesn't rely on banks to verify transactions.
It’s a peer-to-peer system that can enable anyone anywhere to send and receive payments.
Instead of being physical money carried around and exchanged in the real world, crypto
currency payments exist purely as digital entries to an online database describing specific
transactions. When you transfer crypto currency funds, the transactions are recorded in a
public ledger. Crypto currency is stored in digital wallets.
g) Risk Weighted Asset
Risk-weighted assets are used to determine the minimum amount of regulatory capital that
must be held by banks to maintain their solvency. This minimum is based on a risk
assessment for each type of bank risk exposure: credit, market, operational, counterparty
and credit valuation adjustment risks. The riskier the asset, the higher the RWAs and the
greater the amount of regulatory capital required.
h) Leverage Ratio
19 | P a g e
The Banking Professional Examination Help Line
https://www.facebook.com/groups/1548697449234982
S. M. Mahruf Billah
The Basel III leverage ratio is defined as the ratio of Tier I capital to a combination of on- and
off-balance-sheet assets.
𝑻𝒊𝒆𝒓 𝑰 𝑪𝒂𝒑𝒊𝒕𝒂𝒍
𝑳𝒆𝒗𝒆𝒓𝒂𝒈𝒆 𝑹𝒂𝒕𝒊𝒐 =
𝑻𝒐𝒕𝒂𝒍 𝒆𝒙𝒑𝒐𝒔𝒖𝒓𝒆 (𝒐𝒏 + 𝒐𝒇𝒇 𝒃𝒂𝒍𝒂𝒏𝒄𝒆 𝒔𝒉𝒆𝒆𝒕)
Total exposure is equal to the Depository Institution’s total assets plus off-balance-sheet
exposure. For off-balance-sheet credit (loan) commitments, a conversion factor of 100
percent is applied unless the commitments are immediately cancelable.
i) Internal Control and Compliance (ICC)
Internal Control and Compliance (ICC) ensures compliance with laws and regulations,
policies and procedures issued by both the bank management and the regulators. ICC
enhances confidence over the bank and facilitates risk based bank examination.
j) Risk Governance
Risk governance refers to the institutions, rules conventions, processes and mechanisms by
which decisions about risks are taken and implemented. Risk governance applies the
principles of good governance to the identification, assessment, management and
communication of risks. Effective risk governance should provide the operating model and
decision-making framework needed to identify and respond to risks.
k) ICAAP
The Internal Capital Adequacy Assessment Process (ICAAP) notifies the Board of the current
assessment of the bank's risks, how the bank plans to alleviate those risks, and the quantity
of current and future capital is needed. It does so after having considered other mitigating
factors. The Internal Capital Adequacy Assessment Process (ICAAP)
Appropriately identifies, measures, aggregates, and monitors the risks of the
institution.
Assures that the institution holds adequate internal capital in connection to the
institution's risk profile
Makes use of sound risk management systems and improves them further.
l) Risk Based Supervision
Risk-Based Supervision (RBS) is gradually becoming the dominant approach to regulatory
supervision of financial institutions around the world. It is a comprehensive, formally
structured system that assesses risks within the financial system, giving priority to the
resolution of those risks. With RBS, entities are always being monitored, both for compliance
with the rules and for how they approach risk management. Failure to comply or to manage
well is noted, and action is taken according to the appropriate legislation, to deal with any
concerns.
20 | P a g e