ABA · CERP
The ABA CERP validates expertise in enterprise risk management for banking professionals, covering risk governance, credit risk, financial risk, and non-financial risk management frameworks. It is designed for experienced risk management practitioners in the U.S. banking industry.
Questions
749
Duration
240 minutes
Passing Score
Pass/Fail
Difficulty
ProfessionalLast Updated
Mar 2026
Use this CERP practice exam to prepare for Certified Enterprise Risk Professional (CERP) with realistic questions, detailed explanations, and focused study modes. The practice bank includes 749 questions for ABA CERP, so you can review the exam steadily instead of relying on one long cram session.
As you practice, pay extra attention to recurring topics such as Risk Governance and Management, Elements of a Risk Management Structure, Credit Risk, Financial Risk, and Non-Financial Risk. Start with short sessions to identify weak areas, then move into timed quizzes once your accuracy is consistent.
The explanations are especially useful when you want to connect exam wording to the responsibilities and scenarios described in the official certification guidance. Use the free preview first, then unlock the full question bank when you are ready to build a complete study routine.
The Certified Enterprise Risk Professional (CERP) is a professional-level certification offered by the American Bankers Association (ABA), designed exclusively for risk management practitioners in the U.S. banking industry. It validates comprehensive expertise across the full spectrum of enterprise risk management, including risk governance, credit risk, financial risk, non-financial risk, and operational risk management frameworks. The designation demonstrates that a holder possesses both the knowledge and applied judgment necessary to manage complex risks across a banking organization.
The CERP is grounded in U.S. banking laws, regulations, and supervisory expectations, making it uniquely relevant for professionals operating within domestic financial institutions. The exam assesses not only theoretical knowledge of risk domains but also the practical application of risk identification, measurement, evaluation, mitigation, and monitoring within real-world banking scenarios. Candidates are expected to demonstrate proficiency across eight content domains that collectively span the enterprise risk management lifecycle.
The CERP is designed for experienced risk management professionals working within U.S. banking institutions. Target roles include Chief Risk Officers, enterprise risk managers, credit risk analysts, operational risk officers, financial risk managers, and compliance officers who have significant risk oversight responsibilities. The certification is appropriate for mid-to-senior level professionals who are either currently managing risk functions or seeking to formalize and advance their enterprise risk expertise.
Given the eligibility requirements, candidates are expected to have substantial hands-on experience in the field—making this credential most suitable for seasoned practitioners rather than early-career professionals. It is particularly valuable for those seeking leadership roles within bank risk departments or those looking to distinguish themselves in a competitive hiring environment.
The ABA specifies experience-based eligibility pathways rather than mandatory formal education requirements. Candidates with a bachelor's degree must have at least five years of experience in the banking industry, of which a minimum of three years must be in a risk management role or a closely related function. Candidates without a degree must have at least seven years of banking industry experience, with at least five years in risk management or a closely related role.
All experience must be U.S.-based, as the CERP is anchored to U.S. banking laws, regulations, and supervisory frameworks. While no specific prior certifications are required, familiarity with ABA training programs and a strong working knowledge of bank regulatory requirements, credit risk analysis, financial risk measurement, and operational risk frameworks is strongly recommended before sitting for the exam.
The CERP exam consists of 200 multiple-choice questions, which may include scenario-based and case-study style questions that test applied knowledge rather than rote recall. Candidates are allotted 240 minutes (four hours) to complete the exam. The exam is delivered through Meazure Learning's testing infrastructure and can be taken either at an authorized U.S. test center or remotely via the ProctorU live remote proctoring (LRP) platform, provided the candidate meets the technical requirements for a remote session.
Scoring is reported on a pass/fail basis. The exam fee is $775 USD. Testing windows are offered multiple times per year, with application deadlines approximately eight weeks prior to the start of each window. Candidates must submit a completed application and satisfy the eligibility requirements before being approved to register for a specific exam window.
Earning the CERP positions banking professionals for senior risk management roles, including enterprise risk officer, Chief Risk Officer, and risk governance leadership positions within commercial banks, community banks, and financial holding companies. The credential signals to employers that the holder meets the ABA's rigorous experience and competency standards for enterprise-level risk oversight—a differentiator in competitive hiring for risk leadership roles regulated under U.S. supervisory frameworks.
As regulatory scrutiny of bank risk management continues to intensify following post-2008 and post-2023 bank failure episodes, demand for credentialed enterprise risk professionals in U.S. banking has grown. The CERP is specifically recognized within the domestic banking sector and complements other risk credentials such as the FRM (Financial Risk Manager) or PRM (Professional Risk Manager), while being uniquely tailored to the operational and regulatory realities of U.S.-chartered financial institutions.
5 sample questions with answers and explanations. Start a practice session to test yourself across all 749 questions.
Preview — answers shown1. Northwind Bank's IT risk team is transitioning from the FFIEC Cybersecurity Assessment Tool to the NIST Cybersecurity Framework 2.0 following the sunset of the FFIEC CAT. The team needs to understand the key structural change in NIST CSF 2.0 compared to the original version. What core function was added in NIST CSF 2.0? (Select one!)
Explanation
NIST Cybersecurity Framework 2.0, released in 2024, added Govern as a sixth core function to the existing five functions of Identify, Protect, Detect, Respond, and Recover. The Govern function emphasizes organizational context, risk management strategy, cybersecurity supply chain risk management, and roles and responsibilities at the governance level. This addition reflects the increasing recognition that cybersecurity governance and oversight are essential foundations for effective cybersecurity risk management. Respond, Detect, and Protect were all part of the original NIST CSF 1.0 and were not new additions in version 2.0.
2. Adatum Bank's internal audit team is planning its annual assessment of the model risk management framework. An audit manager proposes that the team should also validate the institution's highest-risk credit scoring models as part of the engagement. Which response correctly reflects the appropriate role of internal audit under SR 11-7 and the three lines model? (Select one!)
Explanation
Under SR 11-7 and the three lines model, internal audit (third line) provides independent, objective assurance on the overall effectiveness of the model risk management framework. This includes assessing whether model governance policies are adequate, whether the model inventory is complete, whether validation activities are properly resourced and executed, and whether findings are appropriately escalated. However, internal audit does not perform individual model validations, which is a second-line function typically carried out by an independent model validation group within risk management. Combining validation and audit functions would compromise the independence required for both activities. The distinction is between assessing whether the MRM framework works effectively (audit) and conducting the technical validation of specific models (second-line validation). Internal audit absolutely has a role in MRM, but it is an assurance role over the framework, not a validation role over individual models.
3. Contoso Bank's model risk management team is building a comprehensive model inventory as required by SR 11-7. The CRO has asked the team to determine which items must be included in the inventory. Which combination of model categories must be captured in the inventory to comply with SR 11-7 requirements? (Select one!)
Explanation
SR 11-7 explicitly requires institutions to maintain an inventory of models implemented for use, under development for implementation, or recently retired. This comprehensive scope ensures that risk management oversight extends beyond active production models to include development-stage models that may soon influence decisions and recently retired models that may still have residual effects or require reference for audit purposes. Limiting the inventory to only production models would miss development-stage models that carry implementation risk. Restricting to validated models would exclude models awaiting validation. Excluding internally developed prototypes would leave a gap in oversight for models approaching deployment.
4. Litware Financial's credit team is evaluating the difference between Point-in-Time and Through-the-Cycle probability of default estimates for its commercial loan portfolio. The team needs to select the appropriate PD approach for different purposes. Which statement correctly distinguishes PIT PD from TTC PD? (Select one!)
Explanation
Point-in-Time PD reflects current economic conditions and tends to be more volatile, rising during recessions and falling during expansions. PIT PD is preferred for CECL provisioning under ASC 326 because CECL requires consideration of current conditions and reasonable forecasts, and for loan pricing because it captures the current risk environment. Through-the-Cycle PD averages default rates over an entire economic cycle, producing more stable estimates. TTC PD is preferred for Basel regulatory capital calculations because it provides a more conservative and stable capital requirement that does not decline during good economic periods. Both approaches can use internal models or external ratings, and they differ in methodology, not data source.
5. Fabrikam Global Bank is designated as a G-SIB and has been working to comply with BCBS 239 principles since the January 2016 deadline. During a recent supervisory review, examiners found that the bank's risk data systems can produce accurate aggregate reports under normal conditions but require several days to generate ad hoc risk reports during periods of market stress. The examiners cited a specific BCBS 239 principle deficiency. Which principle has Fabrikam most likely failed to meet? (Select one!)
Explanation
BCBS 239 Principle 5 (Timeliness) specifically requires that during stress periods, critical risk data should be available on a daily or intraday basis, not just under normal operating conditions. A bank that can only produce aggregate reports accurately under normal conditions but requires several days during stress has failed the timeliness principle. Principle 3 (Accuracy and Integrity) addresses data reliability and quality rather than speed of production. Principle 6 (Adaptability) addresses the ability to accommodate evolving requirements and new risk types rather than speed during stress. Principle 10 (Frequency) relates to risk reporting distribution frequency and is part of the reporting practices category, whereas the core deficiency here lies in the data aggregation capability of producing timely data during stress, which falls under Principle 5.
Certified AML and Fraud Professional (CAFP)
CAFP · 750 questions
Certified Financial Marketing Professional (CFMP)
CFMP · 750 questions
Certified IRA Services Professional (CISP)
CISP · 700 questions
Certified Regulatory Compliance Manager (CRCM)
CRCM · 700 questions
Certified Trust and Fiduciary Advisor (CTFA)
CTFA · 699 questions
$17.99
One-time access to this exam