RMA Operational Risk Management


The Risk Management Association (RMA) has been at the forefront of the development of the operational risk discipline since 2003. Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events, but is better viewed as the risk arising from the execution of an institution’s business functions. Operational risk exists in every organization, regardless of size or complexity from the largest institutions to regional and community banks. Examples of operational risk include risks arising from hurricanes, computer hacking, internal and external fraud, the failure to adhere to internal policies, and others. For much of the past decade, the industry has been focused on measuring operational risk losses for capital allocation purposes, but in recent years has increased the focus on managing operational risk.

The Risk Management Association serves operational risk practitioners in large institutions, as well as regional and community banks, at both the corporate level and the business line. RMA provides peer sharing, professional development and networking opportunities for our members through discussion groups, conferences, round tables, classroom training events, and Web seminars. The Risk Management Association also undertakes surveys, benchmarking studies, and range of practice papers. In addition, RMA’s AMA Group shares industry views on aspects of AMA implementation with the U.S. financial services regulatory agencies toward a goal of successful AMA implementation. The RMA Journal® regularly carries articles on operational risk topics, and The Risk Management Association also publishes an operational risk e-newsletter.

In remarks delivered before RMA's annual Governance, Compliance, and Operational Risk Conference on May 8, 2014, OCC Comptroller Curry commended RMA for being "out in front on the issues that matter most to financial institutions" and that are also "front and center" for him as Comptroller. He pointed out that in his first weeks as Comptroller he had stated that addressing the challenges posed by operational risk would be among his foremost priorities as Comptroller. A complete summary of his speech can be found here.

Operational Risk Framework 

Cyber Security Framework (PDF)

Conferences and Discussion Groups

Round Tables

By invitation only. Examples of past round tables include: 

  • Enterprise and Operational Risk Reporting
  • Global Chief Operational Risk Officers
  • Operational Risk Large Banks.
  • Regional Bank Operational Risk Officers
  • Risk Assessment Processes (including top and emerging risks)
  • Risk Governance
  • Risk Reports
  • Vendor Risk Management

Industry Position Papers


Surveys and Studies

CoursesCurriculum Tracks

  • Fundamentals of Operational Risk
  • Identification and Assessment
  • Data Collection, Measurement, and Monitoring
  • Reporting
  • Control, Mitigation, and Management
  • The Broad Spectrum

Recorded Web Seminars

Comments or questions relating to Operational Risk Management within RMA can be addressed to Ed DeMarco, Director of Operational Risk or Sylwia Czajkowska, Associate Director, Operational Risk.