Operational Risk Management Training & Resources


Learn more about RMA's Governance, Compliance, and Operational Risk Virtual Conference here

The Risk Management Association (RMA) has been at the forefront of the development of the operational risk discipline in financial institutions since 2003.

The definition of operational risk is: the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events, but is better viewed as the risk arising from the execution of an institution’s business functions. Operational risk exists in every organization, regardless of size or complexity from the largest institutions to regional and community banks.

Examples of operational risk include:

  • Risks arising from catastrophic events (e.g., hurricanes)
  • Computer hacking
  • Internal and external fraud
  • The failure to adhere to internal policies

For much of the past decade, the industry has been focused on measuring operational risk losses for capital allocation purposes, but in recent years has increased the focus on the process of managing operational risk.

The Risk Management Association serves operational risk practitioners in large financial institutions, as well as regional, mid-tier, and community banks, at both the corporate level and the business line. RMA provides peer sharing, professional development and networking opportunities for our members through discussion groups, conferences, round tables, classroom training events and courses, and Web seminars.

The Risk Management Association also undertakes surveys, benchmarking studies, and range of practice papers. In addition, RMA’s AOR Group shares industry views on aspects of AMA implementation with the U.S. financial services regulatory agencies toward a goal of successful AMA implementation. The RMA Journal® regularly carries articles on operational risk topics, and The Risk Management Association also publishes an operational risk e-newsletter.

Explore RMA's operational risk management educational resources below.

Strategic Risk Management Framework (January 2020) (For RMA members only.)

The members of the Operational Risk Council and Enterprise Risk Management Council developed the Strategic Risk Management Framework in January 2020.

Recommendations for Third Parties Working from Home & Returning to Facilities (December 2020) (For RMA members only.)

In this document, senior level third-party risk management practitioners and subject matter experts, members of RMA’s Third-Party Risk Management Round Table, will share “lessons learned” (so far) during COVID-19. The level of detail makes this an ideal tool for third-party and operational risk management professionals, and business owners in the 1st Line of Defense.


To assist the financial services industry in navigating the ongoing transition away from IBOR rates (most notably LIBOR), RMA has created a number of resources addressing the major challenges that have been identified by the industry. 

2020 RMA Three Lines of Defense: Range of Practice Survey (For RMA members only.)

The survey was conducted by The Risk Management Association between May and June 2020. Most of the questions were multiple choice with many opportunities to provide comments. Some questions were open text and designed to provide insight into challenges and best practices in the Three Lines of Defense.

Technology Risk Framework (For RMA members only.)

With the continually changing technology environment and ongoing maturity of our understanding of risk, we developed a structure to enable a holistic look at technology risks that may be present in your environment and across the industry. This framework enables you to collapse/expand based on your size, complexity and business structure, and works in conjunction with other risk frameworks available through the RMA.

Operational Risk Framework (For RMA members only.)

RMA's Operational Risk Council has developed an operational risk framework designed to be scalable regardless of the size, scale, or complexity of the institution.

Cyber Risk Metrics (For RMA members only.)

Cyber threats continue to increase in sophistication and evolve and pose an existential risk to the government and all industries, including the financial services industry.

RMA’s Operational Risk Council has compiled metrics to assist institutions in assessing and managing cyber risk across certain dimensions. The document identifies 32 KRI/KPI metrics including descriptions for 6 dimensions.

Enterprise Risk Management (ERM) is defined as an organization’s ability to understand, control, and articulate the nature and level of risks taken in pursuit of business strategies, coupled with accountability for risks taken and activities engaged in.  One of the main benefits of ERM is an enhanced perspective and focus on risk management across the institution.

ERM can help answer three basic business questions:

  • Should we do it?  This aligns with strategy, risk appetite, culture and ethics.
  • Can we do it?  This aligns people, processes, structure, and technology capabilities, i.e., operational risk.
  • Did we do it?  This is the assessment of expected results, continuous learning and a robust system of checks and balances. 

ERM promotes strategies that help institutions manage their risk holistically.  ERM is not a separate risk discipline, it is the governance structure that provides the horizontal view of the risk disciplines and operational risks of an institution.

Operational Risk is defined as the risk of loss resulting from inadequate or failed internal processes, people, controls, systems or from external events.  It is better viewed as the risk arising from the execution of an institution’s business functions. Breech of any of those functions or failure to execute effectively may lead to institution’s reputational loss.

RMA has developed a framework that demonstrates how an organization uses ERM as the governance construct manages the various risk disciplines – Strategic Risk, Reputation Risk, Credit Risk, Interest Rate Risk, Liquidity Risk, Compliance Risk – while also managing the operational risks from the people, processes, controls and external events that support the risks an institution takes.

The Governance Framework is underpinned by the organization’s ethical decisions which flows from the most important aspect, an organization’s culture, i.e., tone from the top, and echo from the bottom.

Governance of the risk disciplines, and the operational risks that arises from the execution of an institution’s business functions, are part of, and work together with, the institution’s culture and ethics to protect and promote its valuable reputation.

The tools used for each of the risk disciplines, the scope of work as well as the complexity of frameworks may vary based on the size of the institution as well as the business model and strategic initiative (risk appetite) of the institution. 

Conduct Risk Definition (PDF)

Culture Framework (PDF)

Cyber Security Framework (PDF)

Principles of Ethical Conduct (PDF)


Operational Risk Management Conferences and Training

Virtual Round Tables

While participation is by invitation (to ensure quality of discussion among participants having common interests), RMA and the steering committees for these events would like to ensure that members of the RMA community are aware of the round tables that are coming up. Please share this schedule with your colleagues.

RMA round table meetings provide an exceptional opportunity for you to meet with peers from other financial institutions to discuss important issues in operational risk management and regulation. Many of your colleagues already attend round table meetings developed and facilitated by RMA, and they often comment that it is the best meeting they attend all year because of the open, participant-led discussions and sharing of ideas and best practices.

Examples of round tables include:

  • BCP/Disaster Recovery Virtual Round Table
  • BSA/AML Virtual Round Table
  • Chief Compliance Officer Virtual Round Table
  • Chief Data Officer Virtual Round Table
  • Culture & Conduct Virtual Round Table
  • Emerging Risks Virtual Round Table
  • ERM for Community Banks Virtual Round Table
  • ERM for Large Banks Virtual Round Table
  • ERM for Mid-Tier Banks Virtual Round Table
  • ESG Virtual Round Table
  • Fair Lending Analytics Virtual Round Table
  • Fraud Risk Virtual Round Table
  • Incentive Compensation Virtual Round Table
  • Privacy Risk Virtual Round Table
  • Technology Risk Virtual Round Table
  • Third-Party Risk Management Virtual Round Table

Operational Risk Industry Papers


Surveys and Studies

Course Calendar

    Thinking about becoming a member of the Risk Management Association?

    Learn more about RMA membership today.

    Comments or questions relating to Operational Risk Management within RMA can be addressed to Ed DeMarco, Chief Administrative Officer or Sylwia Czajkowska, Associate Director, Operational Risk.