GARP RAI: Risks and Risk Factors

Use this page to isolate Risks and Risk Factors before returning to mixed GARP RAI practice.

Topic snapshot

Sample questions

These questions are original Finance Prep practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: Risks and Risk Factors

A bank is validating a machine-learning score intended to support credit line increase decisions for existing retail customers. Which validation finding most directly indicates that the model is not fit for that intended use?

• A. The model documentation does not list every hyperparameter trial evaluated during development.
• B. The model uses a non-linear ensemble method rather than a simpler linear scoring model.
• C. The model was trained using labeled historical account data from the bank’s servicing platform.
• D. On an independent sample representative of existing retail customers, the model fails the preapproved performance and calibration criteria for credit line decisions.

Best answer: D

What this tests: Risks and Risk Factors

Explanation: A model is fit for intended use only if validation evidence shows it performs adequately for the specific decision, population, and risk tolerance it will support. The most direct adverse finding is failure on an independent, representative validation sample against predefined acceptance criteria, such as discrimination, calibration, or error limits relevant to credit line decisions. That result connects the model’s observed behavior to its planned business use. Other issues may require mitigation, documentation, or governance attention, but they do not by themselves prove the model cannot perform the intended task.

• Using a non-linear ensemble may raise explainability or governance considerations, but complexity alone does not establish unfitness.
• Incomplete detail on every hyperparameter trial is a documentation weakness, not the most direct evidence of decision-performance failure.
• Training on labeled internal historical data may be appropriate if the data is relevant, governed, and representative.

Failure against predefined validation criteria on representative data directly shows the model cannot support its intended decision use.

Question 2

Topic: Risks and Risk Factors

An AI product team tests a third-party generative AI assistant by pasting customer account notes and a vendor’s confidential pricing file into prompts. The firm’s data policy marks the notes as restricted, and the vendor contract permits the pricing file to be used only for internal procurement review. Which risk concept best matches this situation?

• A. Model drift from a changing input distribution
• B. Unauthorized disclosure or impermissible use of restricted data
• C. Hallucination from unsupported generated content
• D. Algorithmic bias from unrepresentative training data

Best answer: B

What this tests: Risks and Risk Factors

Explanation: Restricted or confidential data can create AI risk when it is entered into tools, training sets, prompts, logs, or vendor environments without proper authorization and controls. In this scenario, customer account notes may expose private or sensitive information, while the vendor pricing file is subject to contractual use limits. The key issue is not whether the AI output is accurate, biased, or stable; it is that protected data is being shared or used in a way that may violate privacy, security, confidentiality, or contractual obligations.

• Model drift concerns performance changes over time, not improper handling of restricted data.
• Algorithmic bias concerns unfair or systematically skewed outcomes, not the unauthorized use of confidential files.
• Hallucination concerns fabricated or unsupported AI output, not data exposure in prompts or tool inputs.

The scenario creates privacy/security exposure from customer data and contractual risk from using confidential vendor data outside its permitted purpose.

Question 3

Topic: Risks and Risk Factors

A bank’s collections unit plans to deploy a vendor AI model that ranks delinquent retail customers for contact order. The ranking will influence which customers receive early hardship outreach versus standard collections, the model uses hundreds of behavioral and third-party variables, and the current process has no documented monitoring or override review. The project team argues that it should be low risk because agents make the final call. What is the best action for the risk team?

• A. Accept the low-risk classification because agents make the final contact decision after viewing the ranking.
• B. Classify the model mainly by the vendor’s assurance that similar models have performed well at other firms.
• C. Require an elevated AI risk assessment and added controls based on the use, customer impact, model complexity, and weak control environment.
• D. Delay assessment until after production so actual collections outcomes can be observed.

Best answer: C

What this tests: Risks and Risk Factors

Explanation: AI risk assessment should be context-based. A model used to prioritize collections activity can materially affect customer treatment, even if it does not make the final decision. The use case has customer impact, relatively high complexity because of many behavioral and third-party variables, and a weak control environment because monitoring and override review are not documented. Those facts support a higher-risk review and stronger controls before deployment. Human involvement may reduce risk if it is well designed and monitored, but it does not automatically make the system low risk when AI outputs influence consequential actions.

• Human final action is not enough if AI ranking materially shapes customer treatment.
• Vendor assurance is useful evidence but does not replace assessment of the bank’s own use case and controls.
• Waiting until production misses the need for pre-deployment risk classification, control design, and approval.

AI risk should be tiered by how the system is used, the consequences of its outputs, its complexity, and the strength of controls—not only by whether a human remains involved.

Question 4

Topic: Risks and Risk Factors

A bank trains an AI model to support small-business credit decisions using a development dataset made up mostly of long-established corporate borrowers. When the model is piloted for new microbusiness applicants, validation finds higher error rates because the development data did not reflect the population now being scored. Which data risk factor is illustrated?

• A. Inaccurate source data
• B. Stale historical data
• C. Unrepresentative training data
• D. Incomplete applicant records

Best answer: C

What this tests: Risks and Risk Factors

Explanation: Unrepresentative data creates AI risk when the data used to train or validate a model does not adequately reflect the population, conditions, or use context where the model will operate. In this scenario, the model was developed mainly on long-established corporate borrowers but is being used for new microbusiness applicants. The resulting performance weakness is driven by a mismatch between the development sample and the target population, not by old records, incorrect values, or missing fields. This can lead to unreliable predictions and unfair or poorly controlled outcomes for groups that were underrepresented in model development.

• Stale historical data would involve outdated patterns no longer reflecting current conditions.
• Inaccurate source data would involve wrong or erroneous values in the dataset.
• Incomplete applicant records would involve missing data needed for modeling or decisions.

The key issue is that the development sample does not match the target population for the model’s intended use.

Question 5

Topic: Risks and Risk Factors

A bank is piloting an AI tool to recommend credit-line reductions for existing customers. Before formal model-governance approval, monitoring shows that customers in certain neighborhoods receive materially larger reductions, and the tool provides only generic reasons that frontline staff cannot explain. Business leaders want to proceed because aggregate default prediction accuracy is strong. What is the best action for the risk manager to recommend?

• A. Pause automated use for affected decisions and escalate for governance, compliance, fairness, and explainability remediation before deployment.
• B. Approve deployment because strong aggregate accuracy shows the model is fit for credit-risk management.
• C. Remove explicit protected-class fields and proceed once the model no longer stores those attributes.
• D. Deploy the tool with a customer disclosure stating that AI may be used in credit-line decisions.

Best answer: A

What this tests: Risks and Risk Factors

Explanation: AI used in regulated customer decisions can create legal, regulatory, conduct, and reputational risk even when aggregate predictive accuracy is high. The scenario includes three warning signs: materially different impacts by neighborhood, explanations that staff cannot meaningfully communicate, and use before formal governance approval. Neighborhood variables may act as proxies for protected or vulnerable groups, creating fairness and conduct concerns. Opaque reasons also make it difficult to justify decisions to customers, supervisors, or internal control functions. The best action is to pause or limit automated use, escalate through the appropriate governance and compliance channels, and require documented remediation of fairness, explainability, and approval gaps before deployment.

• Strong aggregate accuracy does not address disparate impact, explainability, or approval gaps.
• Removing explicit protected-class fields is insufficient because proxy variables can still create unfair outcomes.
• A disclosure alone does not correct unfair treatment, opaque reasoning, or missing governance approval.

The facts indicate potential unfair, opaque, and poorly governed credit decisions that require escalation and remediation before use.

Question 6

Topic: Risks and Risk Factors

A bank’s internal generative AI assistant answers employee questions using a retrieval repository limited to approved procedures. During monitoring, the team finds that an uploaded vendor document contained hidden text telling the model to ignore retrieval limits, and the assistant then returned customer account details from a folder outside its approved source list. The employee says they did not intentionally request customer data. What is the best action?

• A. Delete the response and continue normal operation unless the same pattern occurs again.
• B. Open an AI incident investigation, preserve relevant logs and outputs, and temporarily restrict the assistant’s retrieval access.
• C. Treat the event as a user training issue because the employee did not intentionally request customer data.
• D. Classify the event as a hallucination and tune the system prompt during the next model update cycle.

Best answer: B

What this tests: Risks and Risk Factors

Explanation: An AI incident should be investigated when there is evidence that safeguards, data, users, or outputs may have been compromised. Here, hidden instructions in a document suggest prompt injection or misuse, while the assistant’s response included customer account details from a source outside the approved retrieval boundary. That combination is not merely a quality issue; it indicates possible failure of access controls, data governance, and output controls. The best response is to initiate the incident process, preserve evidence, and contain the exposure while determining scope, root cause, affected data, and required remediation.

• User intent does not eliminate incident risk; the compromise may have occurred through the uploaded document rather than deliberate employee action.
• Hallucination is not the best classification because the output came from an unauthorized data source rather than being simply fabricated.
• Waiting for recurrence is inappropriate when customer data and retrieval controls may already have been compromised.

Hidden instructions plus out-of-scope customer data indicate possible compromise of controls, data access, and outputs, requiring investigation and containment.

Question 7

Topic: Risks and Risk Factors

A bank uses a vendor AI service to prioritize fraud alerts. The vendor announces that it has replaced the underlying model and changed how confidence scores are generated, which may affect false negatives, analyst workload, and customer friction. Which oversight action best matches this situation?

• A. Open a material-change review requiring updated vendor assurance, impact assessment, and service testing before relying on the revised outputs.
• B. Accept the vendor’s release notes as sufficient evidence because the service remains externally hosted.
• C. Record the change for the next scheduled annual vendor review while continuing use without additional review.
• D. Limit the review to cybersecurity access controls because no internal model code was changed.

Best answer: A

What this tests: Risks and Risk Factors

Explanation: A meaningful change to a third-party AI model or service should be treated as a material change when it may affect business outcomes, control performance, customer impact, or operational workload. The bank remains accountable for how the AI service is used, even when the model is hosted and maintained by a vendor. Appropriate oversight includes assessing the change’s impact on risk, obtaining updated vendor evidence, testing the revised service against relevant use-case criteria, and updating governance documentation or controls as needed. This is especially important for fraud alert prioritization because changes in scoring behavior can shift false negatives, false positives, escalation volumes, and customer experience.

• Waiting for the annual review misses the risk created by a material model or service change.
• Limiting review to cybersecurity controls ignores model performance, operational, and customer-impact risks.
• Vendor release notes may inform the review, but they do not replace the firm’s accountability for assurance and use-case testing.

A vendor model change that can affect business risk should trigger renewed oversight, impact assessment, and testing rather than routine monitoring alone.

Question 8

Topic: Risks and Risk Factors

A bank is preparing to launch an AI loan-renewal assistant. Validation finds lower recommendation accuracy for self-employed applicants; the income-data feed has missing values and unclear lineage; user prompts may include customer identifiers sent to a third-party LLM; and the launch plan has no manual fallback while marketing has promoted the tool as “regulator-ready.” What is the best action for categorizing and escalating these findings before launch?

• A. Classify the findings as reputational risk only because the external marketing claim creates the most visible stakeholder exposure.
• B. Classify the findings as data risk only because missing values and unclear lineage are the root cause of the observed concerns.
• C. Treat the findings as a multi-category AI risk issue and escalate model, data, privacy/security, operational, legal, and reputational concerns to the appropriate governance owners.
• D. Classify the findings as model risk only because validation performance is the direct driver of the assistant’s recommendation quality.

Best answer: C

What this tests: Risks and Risk Factors

Explanation: AI risk taxonomies help ensure that different sources of risk are recognized and owned by the right control functions. In this scenario, lower accuracy for a subgroup indicates model risk; missing values and unclear lineage indicate data risk; customer identifiers sent to a third-party LLM create privacy and security concerns; no manual fallback creates operational risk; and “regulator-ready” marketing claims raise legal and reputational exposure. The best action is to classify and escalate the issue as multi-category AI risk before launch, not to force it into a single risk bucket.

• Model-only classification misses the data, privacy/security, operational, legal, and reputational facts.
• Data-only classification overstates the data feed as the sole cause and ignores separate control and stakeholder exposures.
• Reputational-only classification focuses on public perception but fails to address technical, privacy, and operational risk drivers.

The facts map to several major AI risk categories, so the appropriate action is cross-functional escalation rather than a single-risk classification.

Question 9

Topic: Risks and Risk Factors

A financial institution deploys a fraud-alert assistant through an external AI platform. The provider controls model updates, retention of submitted data, service uptime, and the evidence available for independent review. Which concept best matches this risk description?

• A. Prompt injection risk
• B. Third-party AI risk
• C. Internal model validation risk
• D. Data representativeness risk

Best answer: B

What this tests: Risks and Risk Factors

Explanation: Third-party AI risk occurs when an organization depends on an external provider for important parts of an AI system or service. In this scenario, the provider controls model behavior through updates, handles submitted data under its own practices, determines service availability, and limits the assurance evidence the institution can review. Those dependencies can affect operational resilience, privacy, model performance, compliance, and oversight. The key issue is not only whether the AI model works, but whether the institution can govern, monitor, and obtain assurance over externally controlled components.

• Data representativeness risk concerns whether training or input data adequately reflects the intended population, not vendor control of the AI service.
• Prompt injection risk involves malicious or manipulative prompts changing model behavior, not ordinary reliance on an external provider.
• Internal model validation risk would focus on weaknesses in the institution’s own independent review process, while the stem emphasizes external provider dependency.

The risk arises because an external provider controls key aspects of AI behavior, data handling, availability, and assurance evidence.

Question 10

Topic: Risks and Risk Factors

A bank is piloting an AI model to recommend credit-card limit increases. Validation shows acceptable overall default prediction, but customers in a neighborhood cluster with high minority representation receive recommended increases that are materially lower than comparable customers with similar income, utilization, and repayment history. The documentation provides no business rationale for the difference, and feature analysis points to neighborhood-level variables. What is the best action for the model risk team?

• A. Deploy the model and rely on customer complaints to identify unfair recommendations.
• B. Approve the model because overall predictive performance is acceptable.
• C. Require a fairness and root-cause review, with remediation or documented justification before production approval.
• D. Approve the model because explicit protected-class variables were not used.

Best answer: C

What this tests: Risks and Risk Factors

Explanation: Bias risk arises when an AI system systematically disadvantages or treats groups differently without a valid, documented justification. Here, comparable customers receive materially different credit-limit recommendations, and the disparity is linked to neighborhood-level variables that may act as proxies for group membership. Strong aggregate model performance does not resolve this concern because unfair outcomes can be hidden in subgroup results. The best action is to require a fairness and root-cause review, determine whether the difference is justified by legitimate risk factors, and remediate or document the rationale before production use.

• Overall predictive performance can mask harmful subgroup disparities.
• Excluding explicit protected-class fields does not prevent proxy bias through variables such as geography.
• Waiting for complaints is reactive and does not provide adequate pre-deployment control over systematic unfair treatment.

The facts indicate a systematic group disadvantage without an appropriate justification, so fairness testing and remediation are needed before deployment.

Continue with full practice

Use the GARP RAI Practice Test page for the full Finance Prep practice bank, mixed-topic practice, timed mock exams, and explanations.

Related focused pages

• Free GARP RAI Full-Length Practice Exam
• GARP RAI: History and Overview of AI Concepts
• GARP RAI: AI Tools and Techniques
• GARP RAI: Responsible and Ethical AI
• GARP RAI: Data and AI Model Governance

Free review resource

Use the full Finance Prep practice page above for the latest review links and practice page.