Operational Risk Management Training & Resources

The Risk Management Association (RMA) has been at the forefront of the development of the operational risk discipline in financial institutions since 2003.

The definition of operational risk is: the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events, but is better viewed as the risk arising from the execution of an institution’s business functions. Operational risk exists in every organization, regardless of size or complexity from the largest institutions to regional and community banks.

Examples of operational risk include:

  • Risks arising from catastrophic events (e.g., hurricanes)
  • Computer hacking
  • Internal and external fraud
  • The failure to adhere to internal policies

For much of the past decade, the industry has been focused on measuring operational risk losses for capital allocation purposes, but in recent years has increased the focus on the process of managing operational risk.

The Risk Management Association serves operational risk practitioners in large financial institutions, as well as regional, mid-tier, and community banks, at both the corporate level and the business line. RMA provides peer sharing, professional development and networking opportunities for our members through discussion groups, conferences, round tables, classroom training events and courses, and Web seminars.

The Risk Management Association also undertakes surveys, benchmarking studies, and range of practice papers. In addition, RMA’s AOR Group shares industry views on aspects of AMA implementation with the U.S. financial services regulatory agencies toward a goal of successful AMA implementation. The RMA Journal® regularly carries articles on operational risk topics, and The Risk Management Association also publishes an operational risk e-newsletter.

Explore RMA's operational risk management educational resources below.

Operational Risk Framework

Enterprise Risk Management (ERM) is defined as an organization’s ability to understand, control, and articulate the nature and level of risks taken in pursuit of business strategies, coupled with accountability for risks taken and activities engaged in.  One of the main benefits of ERM is an enhanced perspective and focus on risk management across the institution.

ERM can help answer three basic business questions:

  • Should we do it?  This aligns with strategy, risk appetite, culture and ethics.
  • Can we do it?  This aligns people, processes, structure, and technology capabilities, i.e., operational risk.
  • Did we do it?  This is the assessment of expected results, continuous learning and a robust system of checks and balances. 

ERM promotes strategies that help institutions manage their risk holistically.  ERM is not a separate risk discipline, it is the governance structure that provides the horizontal view of the risk disciplines and operational risks of an institution. 

Operational Risk is defined as the risk of loss resulting from inadequate or failed internal processes, people, controls, systems or from external events.  It is better viewed as the risk arising from the execution of an institution’s business functions. Breech of any of those functions or failure to execute effectively may lead to institution’s reputational loss.

RMA has developed a framework that demonstrates how an organization uses ERM as the governance construct manages the various risk disciplines – Strategic Risk, Reputation Risk, Credit Risk, Interest Rate Risk, Liquidity Risk, Compliance Risk – while also managing the operational risks from the people, processes, controls and external events that support the risks an institution takes.

The Governance Framework is underpinned by the organization’s ethical decisions which flows from the most important aspect, an organization’s culture, i.e., tone from the top, and echo from the bottom.

Governance of the risk disciplines, and the operational risks that arises from the execution of an institution’s business functions, are part of, and work together with, the institution’s culture and ethics to protect and promote its valuable reputation.

The tools used for each of the risk disciplines, the scope of work as well as the complexity of frameworks may vary based on the size of the institution as well as the business model and strategic initiative (risk appetite) of the institution. 

Conduct Risk Definition (PDF)

Culture Framework (PDF)

Cyber Security Framework (PDF)

Principles of Ethical Conduct (PDF)


Operational Risk Management Conferences and Training

Round Tables

While participation is by invitation (to ensure quality of discussion among participants having common interests), RMA and the steering committees for these events would like to ensure that members of the RMA community are aware of the round tables that are coming up. Please share this schedule with your colleagues.

RMA round table meetings provide an exceptional opportunity for you to meet with peers from other financial institutions to discuss important issues in operational risk management and regulation. Many of your colleagues already attend round table meetings developed and facilitated by RMA, and they often comment that it is the best meeting they attend all year because of the open, participant-led discussions and sharing of ideas and best practices.

Examples of round tables include:

  • Third-Party Risk Management Round Table- November 7, 2018, National Harbor, MD
  • Technology Risk Round Table-November 8-9, 2018, Chicago IL 
  • Chief Data Officer, November 15, 2018
  • CB Information Security & Risk, Spring 2019
  • Chief Compliance Officer, February 20, 2019 
  • BSA/AML, February 1, 2019
  • Third Party Risk Management, March 1, 2019 
  • Privacy & Information Security Round Table, April 8, 2019
  • Culture & Conduct, April 8, 2019
  • Blockchain & Cryptocurrencies, April 9, 2019 
  • Incentive Compensation, April 9, 2019
  • BCP/Disaster Recovery, April 12, 2019

Please click here for a PDF of our 2019 Round Tables.

Operational Risk Industry Papers


Surveys and Studies

Course Calendar

Web Seminars On Demand

Thinking about becoming a member of the Risk Management Association?

Learn more about RMA membership today.

Comments or questions relating to Operational Risk Management within RMA can be addressed to Ed DeMarco, Chief Administrative Officer or Sylwia Czajkowska, Associate Director, Operational Risk.