1-800-677-7621� �  �

Operational Risk Catalog 2007

T H E R I S K M A N A G E M E N T A S S O C I A T I O N

www.rmahq.org 1-800-677-7621

�  TABLE�OF�CONTENTS� www.rmahq.org

Table of ContentsContact�Our�Specialists�..............................................................................................................� 1

Services

KRI�Services�................................................................................................................................� 2�Operational�Riskdata�eXchange�Association��............................................................................� 3�Aggregation�and�Reporting�Method,�NEW�...............................................................................� 3�Risk�Culture�Management�Service,�NEW�................................................................................� 4

Policy Dialogue

Advanced�Measurement�Approaches�Group�.............................................................................� 4

Publications

KRI�Services�Newsletter�.............................................................................................................� 5�Operational�Risk�Newsletter�......................................................................................................� 5�Operational�Risk�Articles�in�The RMA Journal�........................................................................� 5�Operational�Risk�in�Information�Technology,�NEW�................................................................� 5

Conferences

Global�Conference�on�Operational�Risk,�NEW�.........................................................................� 6�KRI�International�Conferences�..................................................................................................� 6�Topical�Audioconferences�...........................................................................................................� 6

Discussion Groups and Round Tables

Global�Operational�Risk�Round�Table,�NEW�...........................................................................� 7�Operational�Risk�Round�Table—North�America�......................................................................� 7�Operational�Risk�Management�Discussion�Group�....................................................................� 7�Insurance�Round�Table,�NEW�...................................................................................................� 7�Operational�Risk�in�Technology�Round�Table�...........................................................................� 7

Courses, Training, and Education

Instructor-Led�Training

� � The�Theory�and�Practice�of�Advanced�Operational�Risk�Management,�NEW�................ � 8�� � Operational�Risk:�An�Overview�..........................................................................................� 8�� � Detecting�and�Preventing�Fraud�in�Commercial�Lending�................................................� 8

Self-Directed�Training

� � Operational�Risk:�An�Interactive�Introduction,�NEW�......................................................� 9

Audioconferences�and�Web�Seminars,�NEW

� � Operational�Risk:�An�Overview�..........................................................................................� 9�� � Key�Risk�Indicators�.............................................................................................................� 9�� � Risk�and�Control�Self-Assessments�(RCSA)�.......................................................................� 9�� � Preventing�Money�Laundering�&�Protecting�Customer�Data�...........................................� 9�� � Financial�Fraud:�The�Numbers�Never�Lie…Or�Do�They?�.................................................� 9

Dear Colleague:Operational�risks�can�take�any�number�of�forms—hurricanes,�blackouts,�misdirected�wire�transfers,�computer�hacking,�organized�fraud,�or�today’s�nightmare�scenario�of�a�global�pandemic.�

The�Risk�Management�Association�has�created�this�catalog�to�provide�its�members�and�non-members�with�brief�descriptions�of�our�operational�risk�management�products�and�services.�

We hope you find the catalog useful and that you will take advantage of our many offerings to�strengthen�your�skills�and�your�institution’s�capabilities�to�manage�operational�risks.�

Charles�Taylor�Director,�Operational�Risk��The�Risk�Management�Association

1-800-677-7621� �  �

Contact Our SpecialistsFor information about subscribing to or purchasing anything in this catalog, please contact any of our specialists.

Europe, Middle East, and Africa•� �Mike�Finlay�(KRIs):�+44�7721�969�224�

(mike.finlay@riskbusiness.com)

•� �Mark�Talboys�(ORX):�+44�1225�731�397�(mtalboys@rmahq.org)

•� �Simon�Wills�or�Caroline�James�(other�operational�risk�services�including�advanced�training):�+44�1225�731�340�(swills@rmahq.org, cjames@rmahq.org)

•� �Sue�Fritz�(newsletters�and�other�publications):�+1�215�446�4004�(sfritz@rmahq.org)

Asia and Australia•� �Chris�Yip�(Singapore):�+65�6228�6105�

(cy0301@singnet.com.sg)

•� �Mike�Yahng�(Hong�Kong):�+�852�2525�6920 (mikeyahng@yahoo.com)

•� �Mike�Finlay�(KRIs�in�Australia):�+44�7721�969�224�(mike.finlay@riskbusiness.com)

•� �Hansruedi�Schuetter�(KRIs�out-side�Australia):�+�41�76�558�7632�(hansruedi.schuetter@riskbusiness.com)

•� �Simon�Wills�(ORX):�+44�1225�731�340�(swills@rmahq.org)

•� �Mark�Talboys�(ORX):�+44�1225�731�397�(mtalboys@rmahq.org)

•� �Mike�Collins�(other�countries�and�services):�+1�215�446�4056�(mcollins@rmahq.org)

•� �Sue�Fritz�(newsletters�and�other�publications):�+�1�215�446�4004�(sfritz@rmahq.org)

North, Central, and South America•� �Tara�McLenaghen�(KRIs�in�

Canada):�+�(416)�427�8007�(tara.mclenaghen@rbc.com)

•� �Jonathan�Davies�(KRIs�in�the�U.S.,�Central�and�South�America):�+�203�544�9075�(jonathan.davies@riskbusiness.com)

•� �Leslie�Mitchell�(KRIs):�+�703�533�6000�(lmitchell@rmahq.org)

•� �Simon�Wills�(ORX):�+44�1225�731�340�(swills@rmahq.org)

•� �Mark�Talboys�(ORX):�+44�1225�731�397�(mtalboys@rmahq.org)

•� �Sue�Fritz�(newsletters�and�other�publications):�+�1�215�446�4004�(sfritz@rmahq.org)

•� �Kathy�Vitale�(other�operational�risk�services):�+�1�215�446�4003�(kvitale@rmahq.org)

Regional Managers in North America•� �John�P.�Baier�(Financial�institutions�

with�assets�of�$1�billion�and�up�in�Alaska,�Alberta,�Arizona,�British�Columbia,�California,�Colorado,�Hawaii,�Idaho,�Manitoba,�Mexico,�Montana,�Nevada,�New�Mexico,�

Oklahoma,�Oregon,�Saskatchewan,�Texas,�Utah,�Washington,�and�Wyoming):�+�1�415�566�5648��(jbaier@rmahq.org)

•� �Robert�W.�Swartley�(Financial�institu-tions�with�assets�of�$1�billion�and�up�in�Alabama,�Connecticut,�Florida,�Georgia,�Maine,�Massachusetts,�Mississippi,�New�Hampshire,�New�York,�North�Carolina,�Ontario,�Puerto�Rico,�Quebec,�Rhode�Island,�South�Carolina,�and�Vermont):��+ 1 215 446 4129 (rswartley@rmahq.org)

•� �William�L.�Truscott�(Financial�institu-tions�with�assets�of�$1�billion�and�up�in�Bermuda,�Delaware,�Maryland,�New�Jersey,�New�York,�North�Carolina,�Pennsylvania,�Tennessee,�Virginia,�Washington,�D.C.,�and�West�Virginia):��+ 1 215 446 4130 (btruscott@rmahq.org)

•� �Jeff�Thormann�(Financial�institutions�with�assets�of�$1�billion�and�up�in�Ar-kansas,�Illinois,�Indiana,�Iowa,�Kansas,�Kentucky,�Louisiana,�Michigan,�Minne-sota,�Missouri,�Nebraska,�North�Dakota,�Ohio,�South�Dakota,�and�Wisconsin):�+�1�248 924 3066 (jthormann@rmahq.org)

•� �David�Arata�(Financial�institutions�with�assets�of�less�than�$1�billion�in�Connecticut,�Delaware,�Maine,�Mary-land,�Massachusetts,�New�Hampshire,�New�Jersey,�New�York,�Nova�Scotia,�Ontario,�Pennsylvania,�Quebec,�Rhode�Island,�and�Vermont):�+�1�215�446�4127�(darata@rmahq.org)

•� �Kimberly�K.�Consiglio�(Financial�institutions�with�assets�of�less�than�$1�billion�in�Illinois,�Indiana,�Iowa,�Kansas,�Manitoba,�Michigan,�Minnesota,�Mis-souri,�Nebraska,�North�Dakota,�Ohio,�Saskatchewan,�South�Dakota,�and�Wis-consin): + 1 586 939 7569 (kconsiglio@rmahq.org)

•� �Laurie�Foster�(Financial�institutions�with�assets�of�less�than�$1�billion�in�Alabama,�Arkansas,�Florida,�Georgia,�Kentucky,�Louisiana,�Mississippi,�North�Carolina,�Puerto�Rico,�South�Carolina,�Tennessee,�Virginia,�and�West�Virginia):�+ 1 317 202 0705 (lfoster@rmahq.org)

•� �Lisa�Poirot�(Financial�institutions�with�assets�of�less�than�$1�billion�in�Alaska,�Alberta,�Arizona,�British�Columbia,�California,�Colorado,�Hawaii,�Idaho,�Montana,�Nevada,�New�Mexico,�Okla-homa,�Oregon,�Texas,�Utah,�Washing-ton,�and�Wyoming):�+�1�281�392�1478�(lpoirot@rmahq.org)

�  SERVICES� www.rmahq.org

KRI Services

OverviewFinancial�institutions�are�often�challenged�to�use�Key�Risk�Indicators�(KRIs)�effectively�in�managing�operational�risk.�KRI Services is�an�initiative�that�provides�subscribing�financial institutions with a combination of�online�resources�and�opportunities�to�participate�in�various�forums.�

There�are�now�over�70�subscribers�drawn�from every major financial market in the world.�The�services�are�based�on�a�KRI�framework,�developed�by�RiskBusiness International,�RMA’s�partner�consulting�firm. For different products, the framework describes�the�points�in�various�processes�where�operational�risks�of�different�types�arise in any financial services company.

KRI Services�has�two�components:�the�Library�Service�and�the�Benchmarking�Service.�

The�online�searchable�library,�which�contains�more�than�2,000�KRIs�that�are�defined, specified, and evaluated, can be ac-cessed�through�industry�risk�maps�built�on�the�KRI�framework.�These�maps�describe�the�typical�pattern�of�risk�faced�by�differ-ent�businesses�in�different�regions�and�in�institutions�of�different�sizes.�The�Library�Service�provides�a�common�structure�and�language�for�many�aspects�of�operational�risk�management.�

The�Benchmarking�Service�supports�stan-dardized�and�quality-assured�benchmarking�of�KRIs�in�an�anonymous�and�secure�online�environment.�The�service�allows�subscrib-ers�to�compare�performance�of�different�business�units�with�comparable�units�from�across�the�industry�and�from�elsewhere�within�their�own�organizations.

In�addition�to�these�online�components,�new�subscribers�to�KRI Services�receive�one-on-one�help�in�risk-mapping�their�own�institutions�and�thereafter�are�invited�to�participate�in�several�forums.�Working�groups�offer�a�chance�to�combine�thought�leadership�and�share�intellectual�capital�in�particular�businesses,�regions,�and�risk�areas.�Conferences�provide�updates�on�data,�regulatory�developments,�reporting,�analysis,�integration,�and�other�important�current�issues.�

The�public�area�of�the�KRI Services�Web�site,�www.KRIeX.org,�contains�current�information�on�both�services.�

Who Will Benefit?Operational�risk�owners�and�manag-ers throughout subscriber firms benefit directly�from�KRI�Services.�Established�for�large�banks�and�broker-dealers,�the�ser-vice�now�has�been�extended�to�insurance�companies.�Hedge�fund�and�central�bank�versions�will�follow.�

What Are the Benefits? As�a�subscriber,�you�will�be�able�to�im-prove�your�ability�to�track,�measure,�ana-lyze,�and�communicate�operational�risk�at�every�level.�In�particular,�KRI Services�will�help�you:

•� �Use�a�standard�language�to�describe�and�analyze�operational�risk�across�your�institution.

•� �Pinpoint�your�greatest�operational�risks�and�see�how�they�compare�to�the�industry.

• Adjust risk capital estimates for busi-ness�environment�and�control�factors.

•� �Track�control�effectiveness�and�re-sidual�risk�levels�and�compare�them�to�industry�levels�and�trends.�

•� �Set�internal�goals�against�the�emerging�industry�standards�for�KRI�programs.

•� �Participate�in�workshops,�conferences,�and�other�peer-group�forums�to�discuss�current�issues�and�best�practices.

KRI Services�is�available�with�an�annual�subscription�that�depends�on�the�size�of�the�institution�and�the�scope�of�services.�

Pricing�and�subscription�information�to�KRI Services�are�available�online�at�www.KRIeX.org,�or�you�may�contact:�

•� �Jonathan�Davies�(North,�Central,�and�South�America)

•� �Tara�McLenaghen�(Canada)

•� �Mike�Finlay�(Europe,�Africa,�Middle�East,�and�Australia)

•� �Hansruedi�Schuetter�(Asia)

•� �Leslie�Mitchell�(all�regions)

(See�p.�1�for�phone�numbers�and�e-mail�addresses.)

1-800-677-7621� SERVICES  �

Operational Riskdata eXchange Association

OverviewEven�large�banks�rarely�have�enough�loss�data�to�be�able�to�understand�their�opera-tional�risks�as�well�as�they�need�to.�The�Operational�Riskdata�eXchange�Association�(ORX)�supports�the�exchange�of�loss�data�on�operational risks among financial institu-tions.�ORX benefits its members by giving them�access�to�a�large�and�growing�pool�of�data�for�estimating�capital�and�for�under-standing�and�analyzing�the�severity�and�frequency�of�losses.�

ORX�is�growing�steadily,�with�membership�rising�to�over�30�member�institutions�in�2006.�Its�database�now�records�over�40,000�losses, each in excess of € 20,000.

Through�its�data�analysis,�publications,�and�forums�and�its�senior�working�groups�and�committees,�ORX�is�rapidly�becoming�a�principal�venue�for�industry�discussion,�standards�development,�and�regulatory�liaison.�

ORX is an international consortium of fi-nancial�institutions�based�in�Switzerland,�independent�of�RMA�but�managed�under�contract�by�RMA.

Who Will Benefit?ORX membership is open to any financial institution�that:

• Is subject to the operational risk provisions�of�Basel�II�(or�an�equivalent�regulatory�regime).

•� �Can�map�its�operational�risk�losses�to�the�ORX�data�categories.�

•� �Can�collect�and�deliver�data�according�to�ORX�standards.�

What Are the Benefits? As�a�member�of�ORX,�you�will:

•� �Understand�better�the�pattern�of�operational�risks�and�losses�to�which�your�institution�is�exposed.

•� �Have�access�to�the�largest�industry�pool�of�anonymized�data�on�operational�risk�loss available for refining regulatory and economic�capital�estimates.

•� �Be�aligned�with�regulatory�requirements�for�business�lines�and�loss�categories.

•� �Be�assured�reports�are�based�on�high-quality,�standardized�data.�

• Enjoy the protection of anonymized data handled�in�a�secure�environment�by�an�independent�custodian�in�Switzerland.

To�learn�more�about�ORX�or�to�become�a�member,�please�visit�www.orx.org�or�contact�Simon�Wills�or�Mark�Talboys.�(See�p.�1�for�phone�numbers�and�e-mail�addresses.)

Aggregation and Reporting Method (ARM) Service

OverviewOrganizations�often�face�a�problem�taking�large�amounts�of�information�and�sum-marizing�them�for�management�in�use-ful,�reliable,�and�easily�understood�ways.�The�Aggregation�and�Reporting�Method�(ARM)�Service�addresses�one�aspect�of�this�problem.�It�applies�to�any�quantitative�indicators,�indices,�or�metrics�on�perfor-mance,�control,�or�risk.�It�can�be�used�to�understand�changing�situations,�prioritize�tasks,�shape�action,�and�report�on�issues�and�progress.�

The�ARM Service�is�especially�helpful�in�making�key�decisions�to�escalate�or�delegate,�depending�on�the�situation.�It�summarizes�several�indicators�used�at�one�level�of�management�into�a�smaller�number�of�composite�indicators�for�use�by�the�next�level�of�management.�Applied�one�reporting�relationship�at�a�time,�composite�indicators�at�one�level�can�be�summarized�into�higher-level�composites,�so�that�a�large�number�

of�underlying�indicators�at�the�lowest�levels�of�an�organization�can�be�reduced�to�a�handful�of�composites�at�the�highest�levels.�

Who Will Benefit?Large financial institutions can benefit from�the�ARM Service.�It�can�be�used�in�any�area�where�a�large�amount�of�informa-tion�needs�to�be�summarized�in�a�struc-tured,�consistent�way.�In�particular,�it�can�be applied to KRIs throughout a financial institution.�

What Are the Benefits? You�will�be�able�to:�

•� �Make�sense�of�large�numbers�of�dispa-rate KRIs, efficiently and effectively at every�level�of�your�organization.�

•� �Deepen�your�understanding�of�the�ways�in�which�different�risk�factors�combine.

•� �Improve�decision-making�around�risk�management,�particularly�decisions�to�escalate�and�delegate.�

• Reflect the different levels of confidence managers�have�in�their�direct�reports�in�the way information is filtered and sum-marized�upwards.�

The�ARM Service�can�be�licensed�from�RMA.�For�more�information,�visit�www.KRIeX.org�or�www.rmahq.org�or�contact�Kathy�Vitale.�(See�p.�1�for�phone�numbers�and�e-mail�addresses.)

NEW!

�  SERVICES� www.rmahq.org

Advanced Measurement Approaches Group

Risk Culture Management Service

OverviewIt�is�not�easy�to�understand�how�well�cul-ture�and�controls�work�in�a�large�institu-tion. Not many chief risk officers can say with confidence if:

•� �Controls�work�better�or�worse�than�average.

•� �Where�the�next�control�failure�is�likely�to�occur.

•� �Every�part�of�the�organization�shares�the�same�culture�of�trust,�care,�integrity,�and�openness.

•� �Every�part�of�the�organization�really�does�use�the�processes�for�managing�risk�they�are�supposed�to,�meeting�the�regulators’�use�test.

The�Risk Culture Management Service�is�designed to help answer just these kinds of questions.�

Developed�and�executed�with�Human�Factors�Associates�(HFA),�a�U.S.�consultancy�on�safety�and�risk�in�large�organizations,�the�Risk Culture Management Service will�provide�participating�institutions�with�a�customized�survey�design,�anonymous�online�survey�execution,�and�results�reporting�to�help�them�identify�and�understand�operational�

risk�culture�issues�at�different�levels�in�their�organizations.�

The�survey�is�based�on�extensive�research�conducted�by�the�U.S.�Navy�and�HFA�organizational�scientists.�Their�model�of�a�high-reliability organization stresses five factors:

•� �Process�integrity�

•� �Reward�alignment�

•� �Quality�commitment�

•� �Risk�management�effectiveness

•� �Leadership�buy-in

The�anonymous�survey�seeks�respondents’�views on these five factors. The survey can be�conducted�periodically�to�check�prog-ress�in�managing�problem�areas�and�to�detect�emerging�issues.�Online�reporting�begins as soon as there is sufficient data for�anonymity�to�be�protected.�Managers�at�different�levels�will�see�results�for�their�units�compared�with�other�units�in�their�institutions�and�in�other�participating�financial services firms.

Who Will Benefit? The�pilot�for�the�Risk Culture Management Service,�scheduled�for�early�2007,�will�be�

targeted at large financial institutions ac-tive�in�trading�and�sales�or�payments�and�settlement�in�North�America�or�Europe.�Subsequently,�the�service�will�be�more�widely�available�and�targeted�at�a�wider�range�of�business�lines�and�institutions.�

What Are the Benefits? As�a�subscriber�to�the�Risk Culture Manage-ment Service,�you�will:�

•� �Lead�risk�culture�management�practice�in the financial services industry.

•� �Give�managers�at�different�levels�a�com-prehensive�assessment�of�their�units,�benchmarked�against�internal�and�external�peers.

• Gain firsthand experience in the de-velopment�of�a�new�and�valuable�risk�management�tool.

U.S.�Navy�experience�is�that�the�survey�results�are�a�powerful�predictor�of�safety�problems.�RMA�is�working�to�achieve�the�same value for operational risks in financial institutions.�

To�learn�more,�please�contact�Simon�Wills�or�Kathy�Vitale.�(See�p.�1�for�phone�num-bers�and�e-mail�addresses.)

NEW!

OverviewThe�Advanced�Measurement�Approaches�Group�(AMAG)�is�a�unique�forum�in�which�leading�operational�risk�practitioners�in�the�U.S.�come�together�to�discuss�implementa-tion�issues,�to�exchange�ideas,�and�to�de-velop�a�coordinated�response�to�regulators.�

The�group’s�aim�is�to�support�steady�improvement�in�public�policy�and�industry�practice�in�operational�risk�management.�It�meets�with�the�federal�bank�regulatory�agencies�to�discuss�matters�of�common�con-cern�including�risk�management�principles,�data�collection�and�sharing�issues,�policies�for�regulation,�and�practices�for�supervision�and�examination.�

AMAG�expects�to�respond�to�the�regulators�whenever significant new regulatory rules or�guidance�are�published�for�comment.�It�also�plans�to�publish�independent�papers�on�ranges�of�operational�risk�management�practice,�to�illustrate�how�different�ap-proaches�can�contribute�with�equal�effect�to�sound�operational�risk�management,�depending�on�the�organizational�charac-teristics�and�the�market�circumstances�of�the�individual�institutions�concerned.

Who Will Benefit?AMAG is intended for major banking institutions�regulated�in�the�U.S.�that�are�either�mandated,�opting�in,�or�considering�opting�in�to�Basel�II.

What Are the Benefits? AMAG�provides�participating�institutions�with:�

•� �Up-to-date�analyses�of�U.S.�regulatory�developments.�

•� �An�opportunity�to�shape�and�participate�in�the�industry�response�to�new�rules.

•� �An�opportunity�to�work�with�the�regula-tors�on�the�implementation�of�policy.�

For�more�information,�contact�Kathy�Vitale.�(See�p.�1�for�phone�numbers�and�e-mail�ad-dresses.)

POLICY�DIALOGUE

1-800-677-7621� PUBLICATIONS  �

Publications

KRI Services Newsletter

Overview

The�KRI Services Newsletter,�published�once�or�twice�a�quarter,�is�an�online�and�e-mailed�publication�that�provides�updates�on�the�use of KRIs in financial institutions.

The�newsletter�focuses�mostly�on�activities�within�KRI Services.�Developments�in�risk�mapping,�the�KRI�framework,�cooperation�with�ORX,�the�creation�of�working�groups,�and�progress�in�the�Library�and�Bench-marking�services�are�all�reported�here.�Noteworthy�developments�independent�of�KRI Services�are�also�covered.�

Who Will Benefit?

The�newsletter�should�interest�any�opera-tional risk practitioner in any financial institution. It is neither confidential nor proprietary,�and�it�is�free.�

To�view�recent�copies,�go�to�www.kriex.org.�To�subscribe,�please�e-mail�Sue�Fritz.�(See�p.�1�for�phone�numbers�and�e-mail�ad-dresses.)

Operational Risk Newsletter

Overview

RMA’s�Operational Risk Newsletter alerts�operational�risk�professionals�to�informa-tion�about�operational�risk�news�and�com-ing�events�from�The�Risk�Management�As-sociation�and�other�industry�organizations.�

The�Operational Risk Newsletter�provides�operational�risk�professionals�with�a�listing�of�conferences,�recent�information�on�key�risk�issues,�topical�information�on�the�latest�

developments,�and�available�services,�products,�events,�and�training.

To�subscribe�to�this�free�newsletter,�please�e-mail�Sue�Fritz.�(See�p.�1�for�phone�num-bers�and�e-mail�addresses.)

Operational Risk Articles in The RMA Journal

Overview

The�award-winning�RMA Journal�is�The�Risk Management Association’s flagship publication.�Most�issues�contain�one�or�two�articles�that�look�at�some�aspect�of�operational�risk�management�in�depth.�Every�12�to�18�months,�RMA�publishes�an�issue�focused�on�operational�risk.�

All�articles�in�the�Journal�are�reviewed�before�publication�by�internal�and�external�advisory�boards�of�industry�experts.�Over�the�years,�the�Journal�has�become�one�of�the�leading�publications�providing�impor-tant,�practical�ideas�for�improving�risk�management in financial services firms.

For�information�on�subscriptions�to�The RMA Journal,�please�visit�www.rmahq.org�or�e-mail�Sue�Fritz.

(See�page�1�for�phone�numbers�and�email�addresses.)

Operational Risk in Information Technology

Overview

Operational Risk in Information Technology is�a�book�based�on�the�deliberations�of�a�re-cent�round�table�of�senior�industry�experts�held�in�late�2005.�This�book,�which�should�be�available�in�2007,�will�identify�common�practices,�challenges,�and�possible�solu-tions�for�technology�risk.�Different�chapters�will�address�these�areas:�operational�risk�assessments�in�IT;�Sarbanes-Oxley�and�its�relevance�to�IT;�incentives�and�behavior;�KRIs;�reporting;�and�strategic�planning.�

For�more�information�or�to�order�your�copy,�please�visit�www.rmahq.org�or�e-mail�Sue�Fritz.�(See�p.�1�for�phone�numbers�and�e-mail�addresses.)

NEW!

�  CONFERENCES� www.rmahq.org

Conferences

Global Conference on Operational Risk

Overview

This annual two-day conference is a joint event�of�RMA�and�the�Operational�Riskdata�eXchange Association (ORX). It is the first truly�global�conference�on�operational�risk�developed�by�operational�risk�practitioners�for�operational�risk�practitioners.�It�is�preceded�by�a�day�of�workshops�and�forums�on�advanced�measurement�issues,�KRIs,�and�the�fundamentals�of�operational�risk�management.�

This�early�spring�conference�is�unique,�featuring�information�of�practical�value�including:�

•� �Lessons�learned�from�the�ORX�loss�database.�

•� �Lessons�from�the�KRI�Benchmarking�Service.�

•� �Presentations�based�on�the�annual�“State�of�ORM”�Survey.

Outstanding�keynote�speakers,�presenters,�and�panelists�are�a�feature�of�this�premier�event.�Aside�from�plenary�sessions,�there�are�streams�dealing�with�such�topics�as�the�frontier�of�operational�risk�management�and�delivering�value�in�different�operational�risk�management�functions.

Who Will Benefit?

Operational�risk�managers�at�all�levels,�senior�managers�from�businesses,�and�cor-porate�services�personnel�such�as�auditors�and compliance officers can benefit from attending.�Financial�regulators�should�find the conference valuable too.

What Are the Benefits?

You�will:�

•� �Be�among�your�peers.�RMA�events�at-tract�90%�practitioner�audiences.�This�creates�an�atmosphere�where�debate,�challenge, and dialogue can flourish.

•� �Acquire�practical,�timely,�and�critically�useful�knowledge�and�insights�about�operational�risk�management.�

• Enjoy value for money. Our pricing reflects our not-for-profit status. Money we�make�from�the�conference�will�be�reinvested�in�the�operational�risk�man-agement�discipline.

For�dates�and�locations�and�to�register�for�the�next�conference,�visit�the�RMA�Web�site�at�www.rmahq.org.

KRI International Conferences

Overview

These�conferences�are�held�periodically�in�different�regions�and�as�one�of�the�forums�before�the�Global Conference on Operational Risk�each�year.�They�provide�an�opportunity�for�experts�to�share�their�experience�on�KRIs�and�for�non-experts�to�learn�about�their�uses�and�the�issues�associated�with�them.

Aside�from�updates�and�orientation�on�KRI�Services,�these�events�feature�presen-tations,�workshop�exercises,�case�studies,�and�reports�by�individual�subscribers�and�working�groups�on�such�topics�as�using�KRIs for adjusting capital estimates, employing KRIs in specific business lines, aggregating�and�reporting�KRIs,�dem-onstrating�KRI�effectiveness,�adopting�best�practices,�identifying�the�“Top�10”�indicators, defining risk appetite, setting thresholds,�applying�triggers,�and�other�KRI�issues.

Some�sessions�at�these�conferences,�which�are�free�for�KRI�Services�subscribers,�focus�on�the�use�of�the�KRI�Library�and�the�Benchmarking�Service.�

Who Will Benefit?

This�conference�is�for�risk�managers�from�the�business�lines�and�the�corporate�functions in financial institutions who are interested�in�exchanging�experiences�or�learning�about�KRIs�and�related�opera-tional�risk�management�issues.�

For�dates�and�locations,�visit�the�RMA�Web�site�at�www.KRIeX.org�or�contact�Leslie�Mitchell.�(See�p.�1�for�phone�num-bers�and�e-mail�addresses.)

Topical Audioconferences

Overview

Audioconferences�are�held�from�time�to�time�to�address�emerging�operational�risks�of�wide�interest.�They�often�take�the�form�of�a�panel�discussion�among�experts,�chaired�by�a�member�of�the�RMA�staff.�The�series�was�launched�in�the�summer�of�2006�with�a�set�of�three�audioconfer-ences,�each�lasting�an�hour�and�a�half,�that�looked�at�pandemic�preparations�in�the�banking�sector.�Future�topics�under�consideration include regulatory briefings, IT�security,�and�the�use�of�external�data.�

Who Will Benefit?

These�events�are�intended�to�reach�a�wide�audience�of�general�managers�and�risk�managers�worldwide.�

For�topics,�times,�and�dates,�visit�the�RMA�Web�site�at�www.rmahq.org�or�contact�Sue�Fritz to receive e-mail notifications of com-ing�events.�(See�p.�1�for�phone�numbers�and�e-mail�addresses.)

NEW!

1-800-677-7621� DISCUSSION�GROUPS�AND�ROUND�TABLES  �

Discussion Groups and Round Tables(available by invitation only)

Each event below brings together subject-matter�experts�and�one�or�two�guest�speak-ers�from�different�disciplines�of�interest�to�participants, including experts on specific risks,�experts�in�operational�risk�manage-ment�from�other�industries,�and�senior�regulators.�

The�agendas�provide�an�opportunity�for�a�free�exchange�of�ideas�among�participants�so�they�can�explore�issues�and�insights�on�the major tactical and strategic challenges they�face�in�leading�their�institutions’�operational�risk�management�initiatives.�To�be�considered�for�any�of�the�four�events�below,�please�e-mail�Sue�Fritz.�(See�p.�1�for�phone�numbers�and�e-mail�addresses.)

Global Operational Risk Round TableThis�round�table�is�for�heads�of�operational�risk�from�global,�internationally�active�financial institutions. It meets in different locations�around�the�world.�

Operational Risk Round Table—North America This�select�semiannual�round�table�is�pri-marily�for�senior�operational�risk�managers�

from large, internationally active financial institutions�based�in�North�America.�

Operational Risk Management Discussion GroupThis�discussion�group�is�primarily�for�se-nior�operational�risk�managers�from�U.S.�and Canadian financial institutions.

Insurance Round TableThis�round�table�is�for�senior�operational�risk�managers�from�large,�internationally�active�insurance�institutions.�Its�meetings�are�generally�held�in�North�America.�

Operational Risks in Information Technology Round Table This�round�table�meets�to�discuss�the�challenges�facing�operational�risk�manage-ment�in�information�technology.�Its�meet-ings�are�generally�held�in�North�America.

NEW!

NEW!

�  COURSES,�TRAINING�&�EDUCATION� www.rmahq.org

Courses, Training & EducationInstructor-Led Training

The Theory and Practice of Advanced Operational Risk Management

Overview

The Theory and Practice of Advanced Operational Risk Management will�offer�participants�the�opportunity�to�learn�how�to�build,�test,�and�apply�the�latest�techniques�in�operational�risk�management.�The�course�will�be�taught�and�facilitated�by�experi-enced�heads�of�operational�risk�and�have�a�heavy�emphasis�on�inductive�learning.�Par-ticipants�will�undertake�structured�techni-cal�exercises�and�management�role-playing.�

The syllabus will include:

•� �Organization,�governance,�and�commit-tees.�

•� �Incident�management.

•� �Risk�self-assessment�(role-play�exercise).�

•� �Scenario�analysis�(technical�exercise).

•� �KRIs�(technical�exercise).�

•� �AMA�capital�models�overview�and�capital�allocation�techniques�(technical�exercise).�

•� �Risk�mitigation�and�management�response.�

•� �Management�reporting�and�information.�

•� �How�to�get�the�buy-in�of�the�businesses�(role-play�exercise).�

Who Will Benefit?

The�course�is�aimed�at�experienced�profes-sionals�who�need�a�comprehensive�and�rigorous�review�of�advanced�operational�risk�management,�including:

•� �Existing�operational�risk�professionals�expanding�into�a�broader�role.�

•� �Business�line�operational�risk�champi-ons�and�managers.�

•� �Existing�credit�risk,�market�risk,�or�audit�professionals�moving�into�opera-tional�risk.

The�course�should�enable�delegates�in�practice�to:�

•� �Assess�and�manage�their�banks’�opera-tional�risk�exposures.�

•� �Deliver�the�appropriate�level�of�policies�and procedures to their firm.

•� �Obtain�better�buy-in�from�the�busi-nesses�regarding�operational�risk.

•� �Understand�the�capital�implications�of�operational�risk�exposures.�

If�you�would�like�to�receive�details,�please�register�an�interest�by�e-mailing�Caroline�James.�(See�p.�1�for�phone�numbers�and�e-mail�addresses.)

Operational Risk: An Overview

Overview

Operational Risk: An Overview�is�of-fered�in�a�two-day�version,�“Operational�Risk�Management�for�Large�Banks,”�and�a�one-day�version,�“Operational�Risk�Management�for�Regional�and�Community�Banks.”�

Both�versions�teach�participants�about:�

•� �Risk�drivers�and�the�types�and�pat-terns�of�operational�risk.�

•� �A�risk�management�framework.

•� �The�main�processes�for�managing�operational�risk.

•� �Leadership�requirements�at�the�top�of�an�institution.�

•� �The�regulatory�regime,�including�Sarbanes-Oxley�and�data�security�issues.

Both�versions�use�case�studies.

The�two-day�version�tackles�these�topics�from�a�big-bank�perspective�and�drills�down�into�issues�of�data�measurement,�capital�estimation,�KRIs�and�other�tools,�and�international�regulation.�It�is�available�as�an�in-house�course�as�well�as�an�open-enrollment�course.�The�one-day�version�is�available�only�as�an�open-enrollment�course.�

Who Will Benefit?

Both�versions�are�designed�for�any�indi-vidual�interested�in�an�introduction�to�or�an�overview�of�operational�risk�manage-ment.�The�two-day�version�is�suitable�for�any�large�institution�that�needs�to�give�a�group�of�professionals�an�introduction�to�or�an�overview�of�operational�risk�manage-ment.�

For�more�information,�visit�the�RMA�Web�site�at�www.rmahq.org.

Detecting and Preventing Fraud in Commercial Lending

Overview

This�newly�updated�course�provides�an�understanding�of�the�relationships�between�fraud,�operational�risk,�and�credit�risk.

Credit�scoring,�credit�analysis,�and�ratio�analysis depend on the financial informa-tion�provided�by�bank�customers.�But�if�the�information�is�fraudulent,�the�analysis�won’t�be�reliable�and�it�won’t�provide�the�intended benefits.

This�one-day�classroom�course�uses�several�case�studies�and�exercises�to�introduce�lend-ers�to�fraud�and�ways�to�reduce�the�chances�of�fraud�in�a�new�or�ongoing�borrowing�relationship.�

Who Will Benefit?

This course is for members of the financial services�industry�who�need�a�basic�un-derstanding�of�fraud.�It�is�for�new�fraud,�security, or risk management officers; credit risk�professionals;�business�unit�manag-ers; auditors and compliance officers; and regulators.

For�more�information,�visit�the�RMA�Web�site�at�www.rmahq.org.

NEW!

1-800-677-7621� COURSES,�TRAINING�&�EDUCATION  �

Courses, Training & EducationSelf-Directed Training

Operational Risk: An Interactive Introduction

Overview

This�modular�course�uses�interactive,�com-puter-based�instruction�to�introduce:�

•� �Risk�drivers�and�the�types�and�patterns�of�operational�risk.�

•� �A�risk�management�framework.

•� �The�main�policies�and�processes�for�managing�operational�risk.

•� �Data�measurement�and�capital�estimation.

•� �Tools�such�as�KRIs,�RCSAs,�and�external�databases.�

NEW! •� �The�national�and�international�regulatory�regimes.

The�above�topics�are�covered�using�a�com-bination�of�case�studies�and�presentations.�Questions�at�the�end�of�each�module�are�designed�to�test�user�retention.�

Beginning�in�late�2006,�this�course�in�its�standard�form�will�be�available�to�individ-uals�and�small�institutions�either�online�(from�the�RMA�Web�site)�or�as�a�stand-alone�CD-ROM.�For�larger�institutions,�it�will�also�be�available�for�use�on�company�intranets�in�a�more�customized�form,�reflecting a firm’s own policies, logo, and look�and�feel.�The�customized�version�has�an�interface�to�allow�an�HR�department�to�monitor�training�program�implementation�automatically.�

Audioconference and Web Seminars

Several�of�these�courses,�which�will�be�launched�in�late�2006�though�2007,�are�based�on�approaches,�curricula,�and�materi-als�used�in�successful�classroom�instruction.�Individual�sessions�last�one�to�two�hours.�If�the�material�requires�a�longer�treatment,�courses�can�include�up�to�four�sessions,�usu-ally�scheduled�over�a�period�of�weeks.�

Who Will Benefit? These�courses�are�intended�primarily�for�institutions�and�individuals�who�want�the benefit of interaction with experts in operational�risk�but�who�have�neither�the�time�nor�the�money�to�attend�face-to-face�courses�in�operational�risk�management.�All�courses�are�intended�to�introduce�and�explore�a�single�topic�in�some�depth.�None�have�prerequisites.

For�more�information�on�any�of�these�courses�or�to�register,�visit�the�RMA�Web�site,�www.rmahq.org.�

Operational Risk: An OverviewThis�course�introduces�the�RMA�opera-tional�risk�framework�and�its�application�to�specific loss situations as a way to show the value�of,�and�highlight�key�success�factors�in,�operational�risk�management.�

Key Risk IndicatorsThis�course�introduces�participants�to�the�systematic�collection�and�use�of�key�risk�indicators,�basing�the�discussion�on�individual�examples�and�illustrative�data.�It�explains�and�illustrates�KRIs’�strengths�and�weaknesses�in�the�areas�of�day-to-day�management,�reporting,�loss�forecasts,�and�capital adjustments.

External Data This�course�introduces�the�different�types�of�external�loss�data,�including�narrative�and�statistical�loss�data�and�external�data�for�KRI�values.�It�examines�their�uses�in�day-to-day�management,�stress�testing,�scenario�analysis,�and�capital�estimation.�It�introduces�the�issues�of�data�aggrega-tion�and�explains�the�usefulness�of�bench-marking.�

Risk and Control Self-AssessmentsWhile�risk�and�control�self-assessments�are�now�widely�used,�different�institutions�have�very�different�ways�of�conducting�them.�This�course�considers�different�ap-proaches,�examines�the�practical�problems�of�doing�assessments�well,�and�consid-

ers�what�it�takes�to�manage�a�program�of�assessments�across�an�institution�and�be�confident in the results.

Preventing Money Laundering and Protecting Customer Data This�course�deals�with�regulation�and�the�ways�to�meet�current�and�emerging�regula-tory�requirements�in�these�critical�areas.�

Financial Fraud: The Numbers Never Lie…Or Do They? This�course�introduces�participants�to�the�methods�used�by�companies�to�commit�financial statement fraud when they bor-row�from�a�bank.�It�works�through�several�examples�to�show�how�bankers�and�analysts�can identify false financial information.

Who Will Benefit?

This�course�is�designed�for�any�individual�or�small�institution�interested�in�an�introduc-tion�to�or�an�overview�of�operational�risk�management.�The�customizable�version�is�suitable�for�any�larger�institution�that�needs�to�provide�an�operational�risk�over-view�or�introduction�to�many�members�of�staff.�

For�more�information,�visit�the�RMA�Web�site�at�www.rmahq.org.�To�discuss�custom-ization,�contact�Kathy�Vitale.�(See�p.�1�for�phone�numbers�and�e-mail�addresses.)

�0  COURSES,�TRAINING�&�EDUCATION� www.rmahq.org

1801 Market Street, Suite 300 Philadelphia, PA 19103-1628Phone: 215-446-4000 Fax: 215-446-4101

PRESORTEDSTANDARD

U.S. POSTAGE

PAIDBensalem, PA Permit No. 118