When the system designers were doing the SSA, FHA, FMEA, etc... I wonder if they considered a RA failure able to lead to a Haz or Cat event? And regardless of the hazard classification, I wonder if they were assuming some sort of annunciation or other crew action as a mitigating factor.

Maybe Boeing will have Honeywell add dual RA to the AT, and add some RA fault accommodation?