RMA Operational Risk Management


The Risk Management Association (RMA) has been at the forefront of the development of the operational risk discipline since 2003. Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events, but is better viewed as the risk arising from the execution of an institution’s business functions. Operational risk exists in every organization, regardless of size or complexity from the largest institutions to regional and community banks. Examples of operational risk include risks arising from hurricanes, computer hacking, internal and external fraud, the failure to adhere to internal policies, and others. For much of the past decade, the industry has been focused on measuring operational risk losses for capital allocation purposes, but in recent years has increased the focus on managing operational risk.

The Risk Management Association serves operational risk practitioners in large institutions, as well as regional and community banks, at both the corporate level and the business line. RMA provides peer sharing, professional development and networking opportunities for our members through discussion groups, conferences, round tables, classroom training events, and Web seminars. The Risk Management Association also undertakes surveys, benchmarking studies, and range of practice papers. In addition, RMA’s AMA Group shares industry views on aspects of AMA implementation with the U.S. financial services regulatory agencies toward a goal of successful AMA implementation. The RMA Journal® regularly carries articles on operational risk topics, and The Risk Management Association also publishes an operational risk e-newsletter.

In remarks delivered before RMA's annual Governance, Compliance, and Operational Risk Conference on May 8, 2014, OCC Comptroller Curry commended RMA for being "out in front on the issues that matter most to financial institutions" and that are also "front and center" for him as Comptroller. He pointed out that in his first weeks as Comptroller he had stated that addressing the challenges posed by operational risk would be among his foremost priorities as Comptroller. A complete summary of his speech can be found here.

Operational Risk Framework 

Cyber Security Framework (PDF)

Conferences and Discussion Groups

Round Tables

While participation is by invitation (to ensure quality of discussion among participants having common interests), RMA and the steering committees for these events would like to ensure that members of the RMA community are aware of the round tables that are coming up. Please share this schedule with your colleagues.

RMA round table meetings provide an exceptional opportunity for you to meet with peers from other financial institutions to discuss important issues in operational risk. Many of your colleagues already attend round table meetings developed and facilitated by RMA, and they often comment that it is the best meeting they attend all year because of the open, participant-led discussions and sharing of ideas and best practices. 

  • Vendor Risk Management 

RMA’s Vendor Risk Management Round Table provides you with the opportunity to share experiences with your colleagues at other institutions who have responsibility for third party/vendor risk management. The round table starts on February 26, 2015 at 8:30 a.m. and will conclude at 5:00 p.m. We will have an informal dinner on February 25, 2015 at 6:00 p.m. 

During this round table, which was planned by the Steering Committee, we will focus on categorizing non-traditional third party relationships (e.g., agents, broker-dealers, real estate agents, etc.). Participants will share their high level processes to identify special categories, and how they go about documenting and determining whether gaps exist. A key focus of this meeting will be to identify sound practices and/or issues you and your peers would like to communicate to the regulators on the topic of third party/vendor risk management with a view for undertaking a survey, and possibly drafting an industry position paper. 

NOTE: No more than two people may attend from one institution.

Examples of past round tables include: 

  • Enterprise and Operational Risk Reporting
  • Global Chief Operational Risk Officers
  • Operational Risk Large Banks
  • Regional Bank Operational Risk Officers
  • Risk Assessment Processes (including top and emerging risks)
  • Risk Governance
  • Risk Reports

Industry Position Papers


Surveys and Studies

CoursesCurriculum Tracks

  • Fundamentals of Operational Risk
  • Identification and Assessment
  • Data Collection, Measurement, and Monitoring
  • Reporting
  • Control, Mitigation, and Management
  • The Broad Spectrum

Recorded Web Seminars

Comments or questions relating to Operational Risk Management within RMA can be addressed to Ed DeMarco, Director of Operational Risk or Sylwia Czajkowska, Associate Director, Operational Risk.