RSK4802
EXAM PACK 2025
, lOMoARcPSD|18 22266 2
Page 3 of 13 RSK4802
Confidential Jan/Feb 2024
question 1 [20 marks]
1.1 four risks under fica (4 marks)
1. regulatory exposure – banks may face penalties and sanctions for non-compliance.
2. damage to reputation – negative publicity can erode client and investor confidence.
3. operational weaknesses – gaps in monitoring, reporting, and internal controls increase risk.
4. legal challenges – non-adherence to legislation may lead to lawsuits or tighter oversight.
1.2 reasons for penalties (3 marks)
• capitec: did not submit reports on cash deposits above r24,999 as required by fica.
• deutsche bank: had ineffective “know your customer” (kyc) processes and inadequate anti-
terrorism financing measures.
• both institutions were ordered to implement corrective steps to improve compliance.
1.3 kyc duties under fica (3 marks)
compliance staff must:
1. identify and verify customers – confirm names, identity numbers, addresses, and source of
funds.
2. perform ongoing monitoring – track transactions for suspicious or irregular activity.
3. keep records and report – maintain accurate records and notify the fic of unusual or large
transactions.
, lOMoARcPSD|18 22266 2
Page 4 of 13 RSK4802
Confidential Jan/Feb 2024
1.4 compliance monitoring role of the regulator (7 marks)
the regulator’s responsibilities include:
• supervising compliance with anti-money laundering and counter-terrorist financing laws.
• carrying out inspections to evaluate the adequacy of internal systems.
• applying enforcement actions such as fines where weaknesses are detected.
• issuing guidance and instructions to strengthen compliance frameworks.
• reducing systemic risks by addressing weaknesses in banks’ operations.
• building trust and accountability in the financial system.
• protecting consumers and financial stability by ensuring consistent compliance.
1.5 valid identity documents for kyc (3 marks)
1. south african id book or smart id card.
2. valid passport.
3. driver’s license.
total = 20 marks
question 2 [30 marks]
five steps in the risk management process (applied to a bank)
step 1: identifying risks
• what it means: spotting possible threats that might affect the bank.
, lOMoARcPSD|18 22266 2
Page 5 of 13 RSK4802
Confidential Jan/Feb 2024
• why it matters: ensures nothing is overlooked that could harm operations.
• example: recognising the risk of weak kyc controls.
step 2: assessing/analysing risks
• what it means: evaluating the likelihood of a risk happening and the severity of its consequences.
• why it matters: helps prioritise the risks that could cause the most harm.
• example: estimating the impact of failing to report suspicious transactions.
step 3: responding to risks
• what it means: putting strategies in place to reduce, transfer, avoid, or accept risks.
• why it matters: minimises potential damage and keeps the bank running effectively.
• example: strengthening compliance systems and providing staff training.
step 4: monitoring risks
• what it means: regularly checking risks and reviewing whether the control measures are working.
• why it matters: detects new risks early and ensures corrective actions remain effective.
• example: performing routine compliance audits.
step 5: communicating risks
• what it means: sharing information about risks with relevant stakeholders.
EXAM PACK 2025
, lOMoARcPSD|18 22266 2
Page 3 of 13 RSK4802
Confidential Jan/Feb 2024
question 1 [20 marks]
1.1 four risks under fica (4 marks)
1. regulatory exposure – banks may face penalties and sanctions for non-compliance.
2. damage to reputation – negative publicity can erode client and investor confidence.
3. operational weaknesses – gaps in monitoring, reporting, and internal controls increase risk.
4. legal challenges – non-adherence to legislation may lead to lawsuits or tighter oversight.
1.2 reasons for penalties (3 marks)
• capitec: did not submit reports on cash deposits above r24,999 as required by fica.
• deutsche bank: had ineffective “know your customer” (kyc) processes and inadequate anti-
terrorism financing measures.
• both institutions were ordered to implement corrective steps to improve compliance.
1.3 kyc duties under fica (3 marks)
compliance staff must:
1. identify and verify customers – confirm names, identity numbers, addresses, and source of
funds.
2. perform ongoing monitoring – track transactions for suspicious or irregular activity.
3. keep records and report – maintain accurate records and notify the fic of unusual or large
transactions.
, lOMoARcPSD|18 22266 2
Page 4 of 13 RSK4802
Confidential Jan/Feb 2024
1.4 compliance monitoring role of the regulator (7 marks)
the regulator’s responsibilities include:
• supervising compliance with anti-money laundering and counter-terrorist financing laws.
• carrying out inspections to evaluate the adequacy of internal systems.
• applying enforcement actions such as fines where weaknesses are detected.
• issuing guidance and instructions to strengthen compliance frameworks.
• reducing systemic risks by addressing weaknesses in banks’ operations.
• building trust and accountability in the financial system.
• protecting consumers and financial stability by ensuring consistent compliance.
1.5 valid identity documents for kyc (3 marks)
1. south african id book or smart id card.
2. valid passport.
3. driver’s license.
total = 20 marks
question 2 [30 marks]
five steps in the risk management process (applied to a bank)
step 1: identifying risks
• what it means: spotting possible threats that might affect the bank.
, lOMoARcPSD|18 22266 2
Page 5 of 13 RSK4802
Confidential Jan/Feb 2024
• why it matters: ensures nothing is overlooked that could harm operations.
• example: recognising the risk of weak kyc controls.
step 2: assessing/analysing risks
• what it means: evaluating the likelihood of a risk happening and the severity of its consequences.
• why it matters: helps prioritise the risks that could cause the most harm.
• example: estimating the impact of failing to report suspicious transactions.
step 3: responding to risks
• what it means: putting strategies in place to reduce, transfer, avoid, or accept risks.
• why it matters: minimises potential damage and keeps the bank running effectively.
• example: strengthening compliance systems and providing staff training.
step 4: monitoring risks
• what it means: regularly checking risks and reviewing whether the control measures are working.
• why it matters: detects new risks early and ensures corrective actions remain effective.
• example: performing routine compliance audits.
step 5: communicating risks
• what it means: sharing information about risks with relevant stakeholders.
