CISI Risk in Financial Services Quick Review
Concise Quick Review for Chartered Institute for Securities & Investment CISI Risk in Financial Services candidates.
How to Use This Quick Review
This page is an independent review aid for candidates preparing for the Chartered Institute for Securities & Investment exam CISI Risk in Financial Services, exam code CISI Risk. Use it to refresh high-yield risk concepts before moving into topic drills, mock exams, and detailed explanations.
A good final-review sequence:
- Scan the risk map to identify weak areas.
- Review the decision rules for risk identification, measurement, control, and reporting.
- Practise with original practice questions by topic.
- Read detailed explanations, especially for questions you got right by guessing.
- Return to this page to tighten definitions, comparisons, and common traps.
High-Yield Risk Map
| Area | What to Know | Common Exam Angle |
|---|---|---|
| Risk governance | Board oversight, senior management, risk appetite, policies, escalation | Who owns, monitors, challenges, or reports risk? |
| Risk culture | Tone from the top, incentives, challenge, transparency | Why policies fail despite formal controls |
| Risk appetite | Amount/type of risk an organisation is willing to accept | Difference between appetite, tolerance, capacity, and limits |
| Market risk | Losses from movements in prices, rates, spreads, FX, volatility | VaR limits, stress testing, hedging, correlations |
| Credit risk | Counterparty or borrower fails to meet obligations | PD, LGD, EAD, collateral, netting, concentration |
| Liquidity risk | Inability to meet obligations or trade without large price impact | Funding vs market liquidity; contingency planning |
| Operational risk | People, process, system, or external-event failures | Preventive/detective/corrective controls |
| Conduct risk | Poor outcomes for clients or market integrity | Conflicts, suitability, disclosure, fair treatment |
| Legal/compliance risk | Breach of law, regulation, contract, or rule | Difference between legal risk and compliance failure |
| Reputational risk | Damage to confidence, brand, or market standing | Often a consequence of other risk events |
| Model risk | Incorrect, misused, or poorly governed models | Validation, assumptions, limitations, change control |
| Cyber/technology risk | System failure, data loss, attack, access failure | Resilience, incident response, access control |
| Outsourcing risk | Third-party failure affects regulated services | Due diligence, monitoring, exit planning |
| Systemic risk | Failure spreads through the financial system | Contagion, interconnectedness, procyclicality |
Core Definitions Candidates Must Separate
| Term | Meaning | Trap |
|---|---|---|
| Inherent risk | Risk before controls | Do not confuse with residual risk |
| Residual risk | Risk remaining after controls | May still exceed appetite |
| Risk appetite | Broad level/type of risk the firm is willing to accept | Strategic, board-level concept |
| Risk tolerance | Acceptable variation around appetite | More specific and measurable |
| Risk capacity | Maximum risk the firm can absorb | Capacity can be higher than appetite |
| Risk limit | Operational boundary for positions, exposures, or losses | Breach normally requires escalation |
| Risk event | Something that happens and causes or could cause loss | Not the same as a risk indicator |
| KRI | Key risk indicator; early warning measure | Forward-looking where possible |
| KPI | Key performance indicator | Performance does not equal risk control |
| Control | Activity that reduces likelihood or impact | A weak control may create false comfort |
Risk Management Lifecycle
Use this sequence to answer scenario questions. The exam often tests whether you can choose the next best action, not just define the risk.
| Step | Purpose | Typical Evidence |
|---|---|---|
| Identify | Find risk sources and events | Risk registers, incident logs, workshops |
| Assess | Estimate likelihood and impact | Heat maps, scoring, materiality analysis |
| Measure | Quantify exposure where possible | Sensitivities, VaR, expected loss, stress tests |
| Mitigate | Reduce, transfer, avoid, or accept risk | Controls, insurance, hedges, limits |
| Monitor | Track exposure and control performance | KRIs, limit reports, dashboards |
| Report | Escalate meaningful information | Board packs, risk committee reports |
| Review | Improve framework after change or failure | Lessons learned, audit findings, validation |
Practical Decision Rule
When a question asks what a firm should do first, prefer the option that:
- Identifies or understands the risk accurately.
- Protects clients, market integrity, or critical operations.
- Escalates material breaches through governance channels.
- Avoids hiding, delaying, or informally bypassing controls.
Governance and the Three Lines Model
| Line | Typical Role | Examples | Candidate Trap |
|---|---|---|---|
| First line | Owns and manages risk | Front office, operations, business units | They cannot outsource responsibility to risk/compliance |
| Second line | Sets frameworks, monitors, challenges | Risk, compliance, financial crime oversight | They advise and challenge; they do not usually run the business |
| Third line | Independent assurance | Internal audit | Audit does not own controls it reviews |
Governance Checklist
High-quality risk governance usually includes:
- Clear board and committee responsibilities.
- Documented risk appetite and limits.
- Independent challenge.
- Timely management information.
- Escalation for breaches and near misses.
- Fit between incentives and desired conduct.
- Evidence that issues are tracked to completion.
Common Governance Mistakes
- Treating risk management as a compliance formality.
- Assuming a policy is effective without testing controls.
- Rewarding revenue while ignoring risk-adjusted performance.
- Escalating only realised losses, not near misses or limit breaches.
- Failing to update risk assessments after business change.
Risk Appetite, Limits, and Escalation
| Concept | Best Use | Example |
|---|---|---|
| Appetite statement | Strategic direction | “Maintain low tolerance for client asset breaches” |
| Tolerance | Acceptable range | Maximum error rate or complaint threshold |
| Limit | Day-to-day control | Trading, counterparty, liquidity, or loss limit |
| Trigger | Early warning | KRI threshold requiring review |
| Breach | Formal boundary crossed | Requires escalation, remediation, and documentation |
Decision Rule: Limit Breach
If a scenario describes a limit breach, the best response is usually:
- Confirm facts and materiality.
- Escalate according to policy.
- Reduce or remediate the exposure if required.
- Document cause and action taken.
- Review whether the limit, control, or behaviour needs change.
Avoid answers that simply “wait until month-end reporting” or “offset later without notification” when escalation is required.
Market Risk Quick Review
Market risk is the risk of loss from adverse changes in market variables, including interest rates, equity prices, credit spreads, foreign exchange rates, commodity prices, volatility, and correlations.
| Risk Type | Exposure Example | Key Measure or Control |
|---|---|---|
| Interest rate risk | Bond portfolio loses value when yields rise | Duration, convexity, gap analysis |
| Equity price risk | Share portfolio falls in value | Beta, sector limits, diversification |
| FX risk | Foreign currency asset moves against reporting currency | Net open position, hedging |
| Commodity risk | Energy, metals, agricultural price movements | Futures, options, position limits |
| Credit spread risk | Corporate bond spread widens | Spread duration, issuer limits |
| Volatility risk | Option value changes as implied volatility changes | Vega, stress testing |
| Basis risk | Hedge and underlying do not move together | Basis monitoring, hedge effectiveness |
| Correlation risk | Diversification fails under stress | Scenario analysis, stress correlations |
Bond Price and Yield Relationship
For plain fixed-rate bonds:
- Yields rise → bond prices usually fall.
- Yields fall → bond prices usually rise.
- Longer duration → greater price sensitivity.
- Lower coupon → generally higher duration.
- Convexity improves the estimate for larger yield moves.
Approximate duration relationship:
\[ \frac{\Delta P}{P} \approx -D_{\text{mod}} \times \Delta y \]Where \(D_{\text{mod}}\) is modified duration and \(\Delta y\) is the change in yield.
Value at Risk
Value at Risk (VaR) estimates the potential loss over a time horizon at a stated confidence level under model assumptions.
Example interpretation:
A one-day 99% VaR of £1 million means the model estimates a 1% chance of losing more than £1 million over one day, assuming the model and data are appropriate.
| VaR Strength | VaR Limitation |
|---|---|
| Summarises market risk in a single figure | Does not show how bad losses can be beyond the confidence level |
| Useful for limits and comparison | Depends on assumptions and historical data |
| Can be back-tested | May understate stress-period losses |
| Supports aggregation | Correlations can break down in crises |
Market Risk Traps
- VaR is not the maximum possible loss.
- A hedge can reduce one risk while introducing basis, liquidity, counterparty, or operational risk.
- Diversification depends on correlations, which may rise during market stress.
- Stop-loss limits control realised or triggered losses but do not prevent gap risk.
- Models should be supported by stress testing and scenario analysis.
Credit Risk Quick Review
Credit risk is the risk that a counterparty, borrower, issuer, or obligor fails to meet obligations in full and on time.
Core expected loss formula:
\[ \text{Expected Loss (EL)} = PD \times LGD \times EAD \]Where:
- \(PD\) = probability of default.
- \(LGD\) = loss given default.
- \(EAD\) = exposure at default.
| Term | Meaning | Example |
|---|---|---|
| Default risk | Failure to pay or perform | Borrower misses payment |
| Settlement risk | One party pays/delivers but does not receive | FX settlement failure |
| Counterparty risk | Trading counterparty defaults before contract maturity | OTC derivative exposure |
| Issuer risk | Bond issuer cannot meet obligations | Corporate bond default |
| Concentration risk | Too much exposure to one name, sector, country, or product | Large exposure to one banking group |
| Wrong-way risk | Exposure increases as counterparty credit quality worsens | Collateral or derivative linked to counterparty distress |
Credit Risk Mitigation
| Mitigant | How It Helps | Residual Risk |
|---|---|---|
| Collateral | Provides recovery source | Valuation, legal enforceability, liquidity |
| Netting | Reduces gross exposures | Legal documentation risk |
| Guarantees | Transfers risk to guarantor | Guarantor credit risk |
| Covenants | Restrict borrower behaviour | Monitoring and enforcement risk |
| Credit limits | Caps exposure | Breach and aggregation risk |
| Diversification | Reduces concentration | Correlation under stress |
| Credit derivatives | Transfer credit exposure | Basis, counterparty, legal, liquidity risk |
Credit Risk Decision Rules
- If credit quality deteriorates, review exposure, collateral, limits, and provisioning/impairment indicators.
- If collateral value falls, exposure may increase even if the borrower has not defaulted.
- If exposures are netted, check whether netting is legally enforceable.
- If a counterparty is highly correlated with the exposure, consider wrong-way risk.
- A high credit rating reduces perceived default likelihood but does not eliminate risk.
Liquidity Risk Quick Review
Liquidity risk is the risk that a firm cannot meet obligations when due, or can do so only at excessive cost.
| Type | Meaning | Example |
|---|---|---|
| Funding liquidity risk | Cannot obtain cash or funding when needed | Unable to roll short-term borrowing |
| Market liquidity risk | Cannot sell or close a position without large price impact | Thinly traded bond sale in stress |
| Intraday liquidity risk | Cannot meet payment obligations during the day | Payment or settlement timing mismatch |
| Contingent liquidity risk | Need for cash increases unexpectedly | Margin call, drawdown facility, downgrade trigger |
Liquidity Management Tools
- Cash-flow forecasting.
- Maturity mismatch analysis.
- Liquid asset buffers.
- Diversified funding sources.
- Contingency funding plans.
- Stress testing.
- Collateral and margin monitoring.
- Early warning indicators.
Liquidity Traps
- A solvent firm can still fail from liquidity pressure.
- Market liquidity can disappear when many firms try to sell the same assets.
- Short-term wholesale funding can be fragile.
- Collateralised positions can create liquidity strain through margin calls.
- Liquidity risk often interacts with market, credit, and reputational risk.
Operational Risk Quick Review
Operational risk arises from inadequate or failed internal processes, people, systems, or external events.
| Category | Example | Common Control |
|---|---|---|
| People | Error, misconduct, lack of training | Segregation of duties, supervision, training |
| Process | Failed reconciliation, manual workaround | Procedures, automation, maker-checker review |
| Systems | Platform outage, data corruption | Resilience, access control, backup |
| External events | Natural disaster, vendor failure, cyberattack | Business continuity, insurance, incident response |
| Fraud | Internal or external deception | Authorisation controls, monitoring, whistleblowing |
| Execution errors | Incorrect trade booking or settlement | Confirmations, reconciliations, exception reporting |
Control Types
| Control Type | Purpose | Example |
|---|---|---|
| Preventive | Stop the event occurring | Access restrictions, pre-trade limits |
| Detective | Identify event after or during occurrence | Reconciliation, exception report |
| Corrective | Limit damage and restore position | Incident response, remediation |
| Directive | Guide behaviour | Policies, procedures, training |
| Compensating | Offset weakness where primary control is not possible | Additional review or monitoring |
Operational Risk Assessment Tools
| Tool | Use |
|---|---|
| Risk and control self-assessment | Business assesses key risks and controls |
| Loss event data | Learns from actual incidents |
| Scenario analysis | Explores severe but plausible events |
| KRIs | Provides early warning |
| Control testing | Checks whether controls work |
| Internal audit review | Gives independent assurance |
Operational Risk Traps
- A process with no recent losses is not automatically low risk.
- Manual workarounds increase error and key-person risk.
- Outsourcing transfers activity, not accountability.
- Insurance may reduce financial impact but does not remove operational failure.
- Cyber risk is not only an IT issue; it includes governance, people, suppliers, and response.
Conduct, Compliance, and Reputational Risk
| Risk | Focus | Example |
|---|---|---|
| Conduct risk | Client outcomes and market integrity | Unsuitable product recommendation |
| Compliance risk | Failure to meet applicable rules or internal standards | Missed reporting obligation |
| Legal risk | Contractual or legal enforceability issue | Invalid netting agreement |
| Reputational risk | Loss of trust or confidence | Publicised control failure |
| Financial crime risk | Use of firm for illicit purposes | Money laundering, fraud, sanctions breach |
Conduct Risk Indicators
- High complaints or repeated complaint themes.
- Products sold outside target market.
- Incentives linked only to volume or revenue.
- Poor disclosure or confusing communications.
- Conflicts of interest not identified or managed.
- Vulnerable clients not treated appropriately.
- Weak post-sale monitoring.
Decision Rule: Client or Market Harm
If a scenario involves possible client harm, market abuse, mis-selling, conflicts, or misleading information, choose the response that prioritises:
- Fair treatment and transparency.
- Escalation to the correct control function.
- Remediation where harm occurred.
- Prevention of recurrence.
- Documentation and management accountability.
Financial Crime and Fraud Risk
Financial services firms must manage exposure to criminal misuse and dishonest activity. For exam review, focus on risk-based thinking rather than memorising isolated procedures.
| Area | Risk Signal | Control Theme |
|---|---|---|
| Money laundering | Unusual source of funds, complex structures | Customer due diligence, monitoring |
| Terrorist financing | Small or unusual transfers, high-risk links | Screening, transaction monitoring |
| Sanctions | Dealings with restricted parties or jurisdictions | Screening, escalation, blocking controls |
| Fraud | False documents, account takeover, insider abuse | Verification, segregation, alerts |
| Bribery/corruption | Improper inducements or gifts | Gifts policy, approvals, due diligence |
| Market abuse | Insider dealing or manipulation | Surveillance, information barriers |
Trap
A risk-based approach does not mean ignoring low-risk clients or transactions. It means proportionate controls, monitoring, and escalation based on assessed risk.
Capital, Prudential Risk, and Resilience
Capital and prudential risk concepts appear across financial services because firms need enough financial resources to absorb losses and continue operating.
| Concept | Meaning | Review Point |
|---|---|---|
| Capital adequacy | Sufficient capital relative to risk | Higher risk generally requires more capital |
| Economic capital | Internal estimate of capital needed for risks | Management tool, model-dependent |
| Regulatory capital | Capital required under applicable rules | Rule-based minimums and buffers may apply |
| Leverage | Use of debt or exposure relative to capital | Magnifies gains and losses |
| Stress testing | Tests resilience under severe scenarios | Complements normal-risk measures |
| Recovery planning | Actions to restore viability under stress | Capital, liquidity, business actions |
| Resolution planning | Managing firm failure with less disruption | System-wide stability focus |
Capital and Risk Traps
- Capital is a buffer, not a substitute for controls.
- More capital does not eliminate liquidity risk.
- A low-risk-weighted exposure can still create concentration or operational risk.
- Stress testing is useful because normal models may fail in abnormal conditions.
Stress Testing and Scenario Analysis
| Technique | Main Question | Best Use |
|---|---|---|
| Sensitivity analysis | What if one variable changes? | Interest rate shock, FX move |
| Scenario analysis | What if a coherent event occurs? | Recession, cyber outage, market crisis |
| Reverse stress testing | What event could break the firm? | Identifying vulnerabilities |
| Back-testing | Did the model predictions match outcomes? | VaR/model validation |
| War-gaming/tabletop exercise | Can people respond effectively? | Operational resilience, cyber, crisis response |
Stress Testing Decision Rules
- Use severe but plausible scenarios.
- Include second-order effects, such as margin calls, rating downgrades, client withdrawals, or market illiquidity.
- Challenge assumptions, especially correlations and liquidity.
- Link results to actions: limits, capital, funding, controls, or contingency plans.
- Do not treat stress testing as a one-off exercise.
Model Risk
Model risk is the risk of loss, poor decisions, or misreporting from incorrect, inappropriate, or misused models.
| Model Risk Source | Example |
|---|---|
| Data problem | Incomplete, stale, or biased input data |
| Assumption problem | Normal market assumptions used in stressed conditions |
| Methodology problem | Formula unsuitable for product or portfolio |
| Implementation problem | Coding, spreadsheet, or interface error |
| Use problem | Model used outside intended purpose |
| Governance problem | No validation, review, or change control |
Good Model Governance
- Clear model owner.
- Documented purpose and limitations.
- Independent validation.
- Data quality controls.
- Change control.
- Ongoing performance monitoring.
- User understanding of outputs.
- Escalation when model performance deteriorates.
Trap
A sophisticated model can still be wrong. In exam scenarios, prefer answers that combine model output with expert challenge, validation, stress testing, and governance.
Outsourcing and Third-Party Risk
Outsourcing can improve efficiency but creates dependency on external providers.
| Risk | Example | Mitigation |
|---|---|---|
| Service failure | Critical provider outage | Service levels, resilience testing |
| Data risk | Client data exposed | Security standards, access controls |
| Concentration | Many services with one provider | Exit plans, alternative providers |
| Sub-outsourcing | Provider relies on another firm | Contractual oversight |
| Jurisdiction risk | Data or service in another country | Legal and regulatory review |
| Exit risk | Cannot bring service back or move provider | Transition planning |
Key Trap
Outsourcing an activity does not outsource the firm’s responsibility for managing the risk.
Cyber and Technology Risk
| Area | Review Focus |
|---|---|
| Confidentiality | Prevent unauthorised access to data |
| Integrity | Prevent unauthorised alteration or corruption |
| Availability | Keep systems and services accessible |
| Authentication | Confirm user identity |
| Authorisation | Limit what users can do |
| Resilience | Maintain or restore critical services |
| Incident response | Detect, contain, eradicate, recover, learn |
Common Cyber Controls
- Multi-factor authentication.
- Least-privilege access.
- Patch management.
- Network monitoring.
- Data encryption.
- Backup and recovery testing.
- Security awareness training.
- Vendor security due diligence.
- Incident response playbooks.
Derivatives and Risk Transfer
Derivatives can hedge, speculate, transform exposures, or create leverage.
| Instrument | Basic Risk Use | Key Risk |
|---|---|---|
| Forward/future | Lock in price or rate | Basis, margin, liquidity |
| Option | Downside protection with upside potential | Premium cost, volatility risk |
| Swap | Exchange cash-flow profiles | Counterparty, valuation, collateral |
| Credit derivative | Transfer credit exposure | Basis, legal, counterparty |
Hedging Traps
- A hedge reduces a specified exposure; it may introduce new risks.
- Perfect hedges are rare.
- Hedge accounting and economic hedging are not the same thing.
- Closing or rebalancing a hedge can create liquidity and operational risk.
- OTC derivatives add counterparty and collateral-management risk.
Settlement, Custody, and Asset Servicing Risk
| Risk | Meaning | Control |
|---|---|---|
| Settlement failure | Trade does not settle as expected | Matching, confirmation, settlement monitoring |
| Delivery-versus-payment failure | Payment and asset exchange not aligned | DvP mechanisms |
| Custody risk | Loss or misuse of client or firm assets | Segregation, reconciliation |
| Corporate action risk | Missed or wrong election/payment | Diary controls, client instructions |
| Reconciliation risk | Records do not match | Daily reconciliation, exception management |
| Nostro risk | Cash account mismatch | Cash reconciliation and investigation |
Trap
A settlement issue may create credit, liquidity, operational, legal, and reputational risk at the same time.
Risk Reporting and Management Information
Good risk reporting should be clear, timely, accurate, relevant, and actionable.
| Report Feature | Why It Matters |
|---|---|
| Timeliness | Late reports reduce ability to act |
| Accuracy | Wrong data leads to wrong decisions |
| Materiality | Focuses attention on significant risk |
| Trend information | Shows whether risk is improving or worsening |
| Breach reporting | Supports escalation and accountability |
| Commentary | Explains causes and actions, not just numbers |
| Ownership | Identifies who must act |
Weak Reporting Signals
- Too much data and no prioritisation.
- No comparison with appetite or limits.
- No trend or root-cause analysis.
- Breaches reported without action owners.
- Management information not tailored to the audience.
- Manual spreadsheet dependency without control.
Risk Culture and Behaviour
Culture is tested through behaviour, incentives, and decisions under pressure.
| Strong Risk Culture | Weak Risk Culture |
|---|---|
| Escalation is encouraged | Bad news is hidden |
| Challenge is respected | Senior views are not questioned |
| Incentives consider risk | Revenue dominates all decisions |
| Policies are followed in practice | Workarounds become normal |
| Lessons are learned | Repeat incidents occur |
| Clients and market integrity matter | Short-term profit dominates |
Exam Trap
A firm may have policies, committees, and reports but still have poor risk culture if behaviours, incentives, and accountability are weak.
Common Scenario Question Patterns
“What Is the Main Risk?”
Identify the immediate source of loss or failure.
| Scenario Clue | Likely Main Risk |
|---|---|
| Counterparty fails to pay | Credit risk |
| Bond price falls after yields rise | Market risk |
| Cannot sell asset without discount | Market liquidity risk |
| Cannot meet cash obligations | Funding liquidity risk |
| Trade booked incorrectly | Operational risk |
| Client sold unsuitable product | Conduct risk |
| Contract unenforceable | Legal risk |
| Vendor system outage | Outsourcing/operational risk |
| Model produces wrong valuation | Model risk |
| Public scandal damages trust | Reputational risk |
“Best Control?”
Match the control to the cause.
| Cause | Better Control |
|---|---|
| Unauthorised system access | Access management and review |
| Manual processing error | Automation, maker-checker, reconciliation |
| Trader exceeds limit | Pre-trade limits and breach escalation |
| Poor client recommendation | Suitability process and supervision |
| Vendor failure | Due diligence, SLA monitoring, exit plan |
| Unclear accountability | Defined ownership and governance |
| Repeated incident | Root-cause analysis and remediation tracking |
“Best Next Step?”
| Situation | Likely Best Next Step |
|---|---|
| New risk identified | Assess likelihood/impact and assign owner |
| Limit breached | Escalate and remediate under policy |
| Control failure found | Contain issue, assess impact, fix root cause |
| Model weakness discovered | Validate, restrict use if needed, remediate |
| Client harm suspected | Escalate, investigate, remediate |
| Cyber incident detected | Activate incident response and contain |
| Liquidity stress emerging | Use contingency funding plan and escalate |
Key Formula and Quantitative Concepts
You do not need to turn every risk question into a calculation. But these concepts are useful for interpreting quantitative wording.
Expected Loss
\[ \text{Expected Loss} = PD \times LGD \times EAD \]- Higher probability of default increases expected loss.
- Higher loss given default increases expected loss.
- Higher exposure at default increases expected loss.
- Collateral usually reduces LGD, not PD.
Duration Approximation
\[ \frac{\Delta P}{P} \approx -D_{\text{mod}} \times \Delta y \]- Price and yield move in opposite directions.
- Longer duration means higher sensitivity.
- Approximation is less accurate for large yield moves unless convexity is considered.
Risk-Adjusted Thinking
A high return is not automatically attractive. Ask:
- What risks were taken to earn it?
- Is the return sustainable?
- Is capital usage appropriate?
- Are tail risks hidden?
- Are risks within appetite and limits?
Quick Comparison Tables
Risk Reduction Choices
| Choice | Meaning | Example | Trap |
|---|---|---|---|
| Avoid | Stop the activity | Exit a product line | May reduce revenue/opportunity |
| Reduce | Lower likelihood or impact | Improve controls | Residual risk remains |
| Transfer | Shift financial impact | Insurance, hedging | Does not eliminate all risk |
| Accept | Take risk knowingly | Operate within appetite | Must be informed and documented |
Diversification vs Hedging
| Concept | Diversification | Hedging |
|---|---|---|
| Purpose | Spread exposure | Offset specific exposure |
| Works Through | Imperfect correlation | Opposite or offsetting position |
| Main Limitation | Correlations rise in stress | Basis/cost/counterparty risk |
| Example | Holding many issuers | FX forward against currency exposure |
Audit, Compliance, and Risk
| Function | Core Question |
|---|---|
| Risk management | Are risks identified, measured, monitored, and controlled? |
| Compliance | Are rules, policies, and obligations being met? |
| Internal audit | Are governance, risk management, and controls effective? |
Common Candidate Mistakes
- Memorising definitions without applying them to scenarios.
- Confusing credit risk with market risk when a bond falls because spreads or yields move.
- Treating VaR as a worst-case loss.
- Assuming outsourcing transfers responsibility.
- Forgetting that liquidity risk can affect solvent firms.
- Confusing risk appetite with a specific trading limit.
- Choosing “write a policy” when the scenario requires escalation or remediation.
- Assuming a control is effective because it exists.
- Ignoring secondary risks created by hedges, insurance, or collateral.
- Overlooking conduct risk when questions mention incentives, disclosure, conflicts, or client outcomes.
Final 30-Minute Review Plan
Use this if you are close to practice mode or final revision.
| Minutes | Task |
|---|---|
| 0–5 | Review the high-yield risk map and definitions |
| 5–10 | Rehearse governance, three lines, appetite, and escalation |
| 10–15 | Review market, credit, and liquidity risk tables |
| 15–20 | Review operational, conduct, cyber, and outsourcing risk |
| 20–25 | Work through common scenario patterns |
| 25–30 | List your weakest 3 topics and target them in topic drills |
How to Turn This Review into Question-Bank Practice
After reviewing the quick review, move into independent companion practice:
- Start with topic drills on your weakest risk categories.
- Use original practice questions to test scenario judgement, not just memory.
- Review detailed explanations for every missed question.
- Track whether mistakes are caused by definitions, calculations, or decision rules.
- Finish with mixed-question sets so you can identify the risk type without prompts.
Practical next step: choose one weak area from this page, complete a focused question bank drill on that topic, and read the explanations until you can explain why each wrong option is wrong.