Answers / Risk & Compliance
Risk & Compliance Interview Questions
AML, KYC, sanctions, operational risk, and regulatory frameworks — compliance and risk interviews.
52 questions · model answers · common mistakes
Risk Frameworks
- Explain the COSO ERM framework.
- Explain risk appetite versus risk tolerance.
- What is the primary purpose of the ICAAP under Basel?
- Explain the three lines of defense model and its role in risk management.
- What is the purpose of the ICAAP under Basel?
- What is the difference between a risk appetite statement and a risk limit?
- What is the difference between the LCR and the NSFR, and what does each one protect against?
- What is reverse stress testing, and why is it a useful complement to conventional stress tests?
- What is wrong-way risk in counterparty credit risk, and why is it especially dangerous?
- Explain the Basel capital stack: what qualifies as CET1, Additional Tier 1, and Tier 2, and why the distinction matters.
- Explain PD, LGD, and EAD, and how they combine into expected loss for credit risk.
- Why is the contractual maturity of deposits misleading for liquidity risk, and what is behavioral modelling?
- What is concentration risk, and why can a portfolio look diversified on paper yet be dangerously concentrated?
- What is the difference between the standardized and IRB approaches to credit risk-weighted assets, and what's the trade-off?
- What is the Basel leverage ratio, and why is it needed alongside risk-weighted capital ratios?
- What is recovery and resolution planning ('living wills'), and what problem does it solve?
- What is settlement (Herstatt) risk in FX, and how is it mitigated?
- What is intraday liquidity risk, and why isn't it captured by end-of-day liquidity metrics like the LCR?
Compliance Regulations
- Explain GDPR’s key principles.
- Explain the structure of MaRisk.
- Explain double materiality.
- What is the primary difference between model validation and model monitoring under SR 11-7?
- Walk me through IFRS 9 expected credit loss staging and what triggers a move from Stage 1 to Stage 2.
- What is individual senior-manager accountability (e.g., UK SMCR), and how does it change conduct risk management?
- What is the sanctions '50 percent rule', and why does it make ownership analysis critical?
- When using personal/transaction data for AML and fraud monitoring, how do you reconcile it with GDPR's lawful-basis and data-minimization requirements?
- What do anti-bribery laws like the FCPA and UK Bribery Act require, and what are 'adequate procedures'?
AML & Fraud
- Explain sanctions screening.
- Explain the fraud triangle and how compliance programs use it.
- How would you design an AML transaction monitoring system?
- How would you tune an AML transaction-monitoring system that is generating an unmanageable volume of false-positive alerts?
- Why is identifying the ultimate beneficial owner (UBO) central to CDD, and how do you handle complex ownership structures?
- What is trade-based money laundering, and what red flags would you train transaction reviewers to spot?
- Why is correspondent banking high-risk for money laundering, and what are nested accounts?
- What is the difference between source of funds and source of wealth, and when do you need to establish each?
- What is authorized push payment (APP) fraud, and how does it differ from traditional first- and third-party fraud?
Practical Scenarios
- How do you build a compliance culture?
- How do you handle a regulatory exam?
- How do you assess the effectiveness of a compliance program?
- How do you respond to a BaFin finding?
- How do you handle conflicting regulatory requirements across jurisdictions?
- How do you handle a data subject access request (DSAR)?
- How would you build a compliance training program?
- How do you monitor third-party risk?
- How would you design a whistleblowing program that meets the EU Whistleblower Directive and actually gets used?
- What is best execution, and how would a compliance function monitor and evidence it?
Operational Risk
- How do you quantify operational risk?
- Why did Basel move from Value-at-Risk to Expected Shortfall for market risk under FRTB, and what does ES capture that VaR misses?
- What does DORA require for ICT incident reporting, and how does it change operational resilience expectations for financial entities?
- What are the key risks in outsourcing and third-party arrangements, and what do supervisory expectations (e.g., EBA guidelines) require?
- How is climate risk being incorporated into the prudential and risk-management framework?
- What is BCBS 239, and why is risk-data aggregation and reporting capability a supervisory priority?
Reading isn't the same as answering under pressure.
Interviewers don't hand you the model answer — you deliver yours on a clock. Practice this and 1,000+ questions with AI feedback on every answer.