RMA Enterprise Risk Management

Enterprise risk management (ERM) is an organization’s enterprise risk competence—the ability to understand, control, and articulate the nature and level of risks taken in pursuit of business strategies—coupled with accountability for risks taken and activities engaged in, which contributes to increased confidence shown by stakeholders.

The basic concept of enterprise risk management has been applied, more or less, in several industries for well over a decade. The changing regulatory environment, economic turmoil, and growing complexity of products, tools, and risks has, among other influences, helped to launch the practice of enterprise risk management into the financial services area. In this respect ERM—in the banking world—is very much in its early development, though much progress has been made.

By definition, the business of banking exposes the organization to a wide variety of risks. The ERM framework is designed to support the depth and breadth of activities by providing a structured approach for identifying, measuring, controlling, and reporting on the significant risks faced by an organization. Specific risk management (e.g., credit, operational, market), capital management, and liquidity management provide the essential underpinnings to an ERM framework.

RMA provides practical ERM guidance to members by offering an array of products and services tailored to the size and complexity of our member institutions:

What is ERM?


Benchmarking Services & Studies

Executive Education 


  • Governance and Policies Workbook
  • Risk Appetite Workbook
  • Scenario Analysis and Stress Testing Workbook for Community Banks

Regulatory Guidance (Must be an RMA Member to Access)


Comments or questions relating to enterprise risk management within RMA may be addressed to Mark Zmiewski, Director, Enterprise Risk & Product Management or Stacy Germano, Associate Director, Enterprise Risk & Product Management.