Chapter 5 Quiz

Data Architecture for Regulatory Compliance

20 questions.

1. BCBS 239 (Principles for Effective Risk Data Aggregation and Risk Reporting) was issued primarily in response to:

a) The increasing complexity of financial derivatives products b) The discovery, during the 2008 financial crisis, that major banks could not quickly aggregate their own risk exposures c) GDPR's requirements for data minimization and data subject access rights d) The Basel III capital requirements' data reporting demands

2. The "garbage in, garbage out" problem in ML-based compliance systems refers to:

a) The tendency of ML models to generate excessive false positive alerts b) The fact that ML models trained on poor-quality data learn and reproduce errors in production c) The computational waste generated by processing large transaction datasets d) The regulatory requirement to dispose of outdated compliance data

3. Which data quality dimension is violated when the same customer has slightly different name spellings in the core banking system, CRM, and KYC database?

a) Completeness b) Timeliness c) Consistency d) Uniqueness

4. Data lineage in a regulatory reporting context refers to:

a) The historical progression of regulatory reporting requirements over time b) The ability to trace reported data from its source through every transformation to the final regulatory output c) The chain of custody for physical compliance documentation d) The sequence of approval sign-offs required before submitting a regulatory report

5. The customer "golden record" in MDM is:

a) A premium tier of customer data maintained for the most valuable clients b) A single, authoritative representation of a customer's identity and relationship with the institution, linking across all systems c) The FCA's required standard format for customer identity documentation d) The highest-quality KYC record held for a customer, used in enhanced due diligence

6. Which of the following compliance failures is MOST directly attributable to a data quality problem in reference data?

a) Filing a SAR on a transaction that turns out to be legitimate b) Missing a transaction monitoring alert due to an incomplete typology rule c) Clearing a sanctioned counterparty because the screening system was using a 6-month-old sanctions list d) Generating an incorrect capital ratio due to an error in the risk weight calculation logic

7. The FCA's regulatory guidance on cloud adoption requires firms to ensure:

a) All cloud computing is conducted on UK-domiciled servers only b) Cloud providers have minimum credit ratings before financial firms can use their services c) Firms have appropriate exit strategies, audit rights, data residency compliance, and concentration risk assessment d) Cloud costs do not exceed 15% of total IT budget for regulated activities

8. Which of the following is NOT one of the six data quality dimensions described in this chapter?

a) Completeness b) Timeliness c) Transparency d) Uniqueness

9. Why is data integration time systematically underestimated in RegTech implementations?

a) Vendors intentionally underquote integration time to win contracts b) Source systems were built independently without common data models, making integration more complex than anticipated c) Compliance teams lack the authority to request access to IT systems d) Cloud migration inevitably delays integration timelines by 6–12 months

10. In a compliance data architecture, the "data lake" differs from the "data warehouse" in that:

a) The data lake stores only structured data; the data warehouse stores both structured and unstructured data b) The data lake stores raw, unprocessed data; the data warehouse stores cleaned, modeled data c) The data lake is on-premise; the data warehouse is cloud-hosted d) The data lake is used for historical analysis; the data warehouse is used for real-time monitoring

11. BCBS 239 Principle 1 concerns "governance" and specifically:

a) Requiring that data governance committees meet at least quarterly b) Senior management accountability for risk data quality c) Mandating that data governance frameworks be approved by the board d) The technical standards for risk data infrastructure

12. An institution using a stale OFAC sanctions list creates which type of legal and compliance risk?

a) The institution may file SARs on transactions that no longer need to be reported b) The institution may process payments to currently-sanctioned parties, creating civil and criminal liability c) The institution may fail to meet GDPR data minimization requirements d) The institution's capital reporting will be inaccurate

13. "Data residency requirements" in cloud compliance refer to:

a) The requirement that data owners physically reside in the jurisdiction where data is processed b) Legal requirements specifying the countries or jurisdictions where certain types of data may be stored and processed c) The minimum storage duration for compliance data under FCA rules d) The regulatory permission required before transferring data between cloud regions

14. In the compliance data taxonomy, "reference data" differs from "customer data" in that:

a) Reference data applies to individual customers; customer data applies to product categories b) Reference data (like sanctions lists) provides context for interpreting transaction data; customer data describes individual customer identities and relationships c) Reference data is externally supplied; customer data is always generated internally d) Reference data changes infrequently; customer data is updated in real-time

15. A data quality "completeness" failure in AML monitoring would be BEST illustrated by:

a) Transaction amounts recorded incorrectly due to currency conversion errors b) The same customer having two different risk ratings in two different systems c) An entire branch's transaction data missing from the monitoring system's feed for 48 hours d) A customer record showing a date of birth that is in the future

16–20. Short answer / applied questions

16. Maya discovers that Verdant Bank's customer database contains approximately 3,200 records where the customer's address was left as "Unknown" during a legacy data migration. From a data quality and regulatory perspective, what is the correct response, and how should Maya prioritize this work?

17. Rafael is designing an audit trail requirement for Meridian Capital's new regulatory reporting system. A regulator has asked: "For any capital ratio you submit, can you show me every piece of source data that went into the calculation?" What specific components should the audit trail record to answer this question?

18. Explain the "survivorship rules" concept in master data management. Give an example relevant to KYC compliance where survivorship rules would matter.

19. Cornerstone Financial Group's AML analytics team built a trade finance fraud detection graph (as described in Chapter 4's case study). The data for the graph came from five different source systems: core banking, trade finance, CRM, onboarding documents, and an external beneficial ownership data provider. Describe three specific data quality problems that might have impeded the graph analysis, and how each should be addressed.

20. A compliance technologist argues: "We should store all compliance data on-premise to avoid the regulatory complications of cloud." Evaluate this argument. Under what circumstances would on-premise be genuinely preferable, and under what circumstances is this argument simply avoiding the work of doing cloud compliance properly?