Enterprise Risk Management Programs & Resources

What is ERM?

Enterprise risk management (ERM) is defined as an organization’s enterprise risk competence—the ability to understand, control, and articulate the nature and level of risks taken in pursuit of business strategies—coupled with accountability for risks taken and activities engaged in. One of the main benefits of ERM is an enhanced perspective and focus on risk management across the institution.  

The basic concept of enterprise risk management has been applied, more or less, in several industries for well over a decade. The changing regulatory environment, economic turmoil, and growing complexity of products, tools, and risks has, among other influences, helped to launch the practice of enterprise risk management into the financial services area. In this respect ERM—in the world of banks and financial institutions—is very much in its early development, though much progress has been made.

By definition, the business of banking exposes the organization to a wide variety of risks. The ERM framework is designed to support the depth and breadth of activities by providing a structured approach for identifying, measuring, controlling, and reporting on the significant risks faced by an organization. Specific risk management (e.g., credit, operational, market), capital management, and liquidity management provide the essential underpinnings to an ERM framework.

Enterprise Risk Management (ERM) is defined as an organization’s ability to understand, control, and articulate the nature and level of risks taken in pursuit of business strategies, coupled with accountability for risks taken and activities engaged in. One of the main benefits of ERM is an enhanced perspective and focus on risk management across the institution.

ERM can help answer three basic business questions:

  • Should we do it?  This aligns with strategy, risk appetite, culture and ethics.
  • Can we do it?  This aligns people, processes, structure, and technology capabilities, i.e., operational risk.
  • Did we do it?  This is the assessment of expected results, continuous learning and a robust system of checks and balances. 

ERM promotes strategies that help institutions manage their risk holistically.  ERM is not a separate risk discipline, it is the governance structure that provides the horizontal view of the risk disciplines and operational risks of an institution. 

Operational Risk is defined as the risk of loss resulting from inadequate or failed internal processes, people, controls, systems or from external events.  It is better viewed as the risk arising from the execution of an institution’s business functions. Breech of any of those functions or failure to execute effectively may lead to institution’s reputational loss.

RMA has developed a framework that demonstrates how an organization uses ERM as the governance construct manages the various risk disciplines – Strategic Risk, Reputation Risk, Credit Risk, Interest Rate Risk, Liquidity Risk, Compliance Risk – while also managing the operational risks from the people, processes, controls and external events that support the risks an institution takes.

The Governance Framework is underpinned by the organization’s ethical decisions which flows from the most important aspect, an organization’s culture, i.e., tone from the top, and echo from the bottom.

Governance of the risk disciplines, and the operational risks that arises from the execution of an institution’s business functions, are part of, and work together with, the institution’s culture and ethics to protect and promote its valuable reputation.

The tools used for each of the risk disciplines, the scope of work as well as the complexity of frameworks may vary based on the size of the institution as well as the business model and strategic initiative (risk appetite) of the institution. 

RMA provides practical ERM guidance to members by offering an array of training courses, programs, and other educational resources tailored to the size and complexity of our member institutions:

Recommendations for Third Parties Working from Home & Returning to Facilities (Member's Only)

Enterprise Risk Management Framework

Conduct Risk Definition

Culture Framework 

Cyber Security Framework

Emerging Risk Model - April 2021 (Members Only)

Principles of Ethical Conduct

ERM Benchmarking Reports & PDFs


      Round Tables

      RMA round table meetings provide an exceptional opportunity for you to meet with peers from other financial institutions to discuss important issues in enterprise risk management. Many of your colleagues already attend round table meetings developed and facilitated by RMA, and they often comment that it is the best meeting they attend all year because of the open, participant-led discussions and sharing of ideas and best practices.

      While participation is by invitation (to ensure quality of discussion among participants having common interests), RMA and the steering committees for these events would like to ensure that members of the RMA community are aware of the round tables that are coming up. 

      Examples of Round Tables include:

      • ERM Round Table (community and regional banks)
      • ERM Round Table for Mid-Tier Banks
      • ERM Round Table for Large Banks
      • Chief Data Officer Round Table
      • Fair Lending Analytics Round Table
      • Chief Compliance Officers Round Table
      • Bank Secrecy Act / Anti-Money Laundering Round Table
      • Privacy & Information Security Round Table
      • Culture & Conduct Round Table
      • Blockchain & Cryptocurrencies Round Table
      • Incentive Compensation Round Table
      • BCP / Disaster Recovery Round Table
      • Emerging Risk Round Table

      Regulatory Guidance (Must be an RMA Member to Access)

      Enterprise Risk Management Tools & Workbooks

      • Board Governance and Reporting Workbook
      • Risk Appetite Workbook
      • Scenario Analysis and Stress Testing Workbook for Community Banks
      • Risk Measurement, Evaluation, and Communication Workbook New

      Not yet a member of RMA? 

      Read more about the benefits of membership and the different types of membership we offer.