Skip to main content
Image coming soon

The Super-Regional Bank Operational Risk Manager Playbook

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

The Super-Regional Bank Operational Risk Manager Playbook

The RCSA-to-MRA workflow a bank risk manager runs when the OCC examiner asks where the gap evidence lives.

The Operational Risk Committee packet, the Heightened Standards examiner ask, and the line-of-business heat-map all read back to the same RCSA refresh. The gap is not the assessment itself. It is the evidence trail that joins one RCSA finding to the issue log, to the corrective action plan, to the MRA response, to next quarter's residual rating, in a way an examiner can walk end to end without a side spreadsheet.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

A risk manager at a US super-regional bank carries three audiences in one workflow. The Operational Risk Committee wants a clean KRI breach narrative with a credible owner and a credible date. The OCC examiner under Heightened Standards wants the issue-to-action chain documented at a level of detail that survives a transaction test. The line-of-business head wants a heat-map and a residual rating that does not whipsaw quarter to quarter. The risk manager is the connective tissue. The pain is that the RCSA tool, the issue log, the action tracker, the third-party register, and the model inventory rarely share a primary key. So the connective tissue lives in a personal spreadsheet that nobody else can audit. The playbook closes that gap.

What you walk away with

  • Rebuild the RCSA refresh so a single finding traces cleanly to issue, action, and residual rating.
  • Calibrate the KRI library so a breach triggers a narrative the Operational Risk Committee accepts on first pass.
  • Produce an MRA response memo structure that survives an OCC transaction test.
  • Integrate third-party risk and model risk hand-offs into one operational risk evidence trail.
  • Deliver a residual heat-map that the line-of-business head trusts quarter over quarter.

The 12 modules

Module 1. RCSA Refresh Scoping Under Heightened Standards
How a super-regional bank risk manager scopes the quarterly RCSA refresh so the universe of processes covered satisfies OCC Heightened Standards Appendix D coverage expectations. Walks the trigger events that force a process back into scope (new product, new vendor, an MRA, a loss event over threshold) and the documentation a second-line reviewer needs on file before the refresh kicks off. Includes the scoping memo template the Operational Risk Committee signs off.
Module 2. Inherent Risk Scoring Discipline Across Business Lines
Walks the inherent risk scoring conventions that hold up across Retail, Commercial, Wealth, and Treasury Services so heat-maps remain comparable. Covers the volume, complexity, change, and customer-impact factors a bank uses to differentiate a high-inherent Commercial loan origination process from a high-inherent Wealth onboarding process, and how to document scoring rationale so it survives a peer review challenge inside the second line.
Module 3. Control Design and Operating Effectiveness Evidence
Covers the evidence a control owner produces for the RCSA so the second line can rate design effectiveness and operating effectiveness separately. Walks the difference between a control attestation that a Heightened Standards examiner accepts and one a transaction test will rip apart. Includes the control evidence checklist by control type (preventive system, detective monitoring, manual reconciliation) and the second-line challenge questions.
Module 4. KRI Library Design and Threshold Calibration
Builds the KRI library a second line needs to detect emerging operational risk before a loss event materialises. Covers KRI selection criteria, threshold calibration against historical loss data, breach-narrative templates the Operational Risk Committee wants on the page, and the escalation matrix that names the senior risk officer and the line-of-business head who must acknowledge a red breach inside a defined window.
Module 5. Issue and Action Management Under SR Letters
Walks the issue-to-action workflow that joins an RCSA finding to a corrective action with an owner, a date, and a residual rating trajectory. Covers the OCC and Federal Reserve expectations for issue aging, the closure evidence a second-line reviewer requires, and the reopen criteria when verification testing fails. Includes the issue and action register schema that integrates cleanly with the RCSA tool primary key.
Module 6. Third-Party Risk Integration Into Operational Risk
Closes the seam between the third-party risk register and the RCSA so a vendor-driven operational risk shows up in the heat-map without a side spreadsheet. Covers the inherent risk inheritance from a critical vendor, the control delegation evidence the second line needs when a control sits at the vendor, and the contingency assessment for a vendor that fails an SOC 2 or that breaches an SLA tied to a regulatory deliverable.
Module 7. Model Risk Hand-Off to SR 11-7 and the Model Inventory
Walks the hand-off between the operational risk function and the model risk management function for models that sit inside RCSA-scoped processes. Covers the SR 11-7 model definition, the operational risk responsibilities for the business owner of a model, the documentation a model risk manager expects from the line of business, and the integration point that prevents a model issue from being raised twice or missed entirely.
Module 8. Operational Risk Committee Packet Structure
Designs the Operational Risk Committee packet so a single KRI breach reads as a coherent narrative for a senior risk officer audience. Covers the cover memo structure, the KRI breach exhibit, the issue and action aging exhibit, the loss event narrative, the emerging risk section, and the action requested page. Includes the timing discipline that gets the packet to committee members the contractual number of business days before the meeting.
Module 9. Heightened Standards Mapping and Self-Assessment
Walks the OCC Heightened Standards self-assessment for the operational risk function so the risk manager knows where the function meets, falls short of, or exceeds each standard. Covers the three-lines-of-defence assertion language, the risk appetite linkage exhibit, the talent and resource adequacy assertion, and the gap remediation plan structure that maps each shortfall to a dated, owned action.
Module 10. MRA Response Memo Construction
Builds the Matters Requiring Attention response memo structure that survives an OCC follow-up examination. Covers the root cause analysis discipline the OCC expects, the corrective action design that links to existing control framework rather than inventing parallel controls, the validation evidence schedule, and the sustainability assertion the bank stands behind at the next supervisory cycle.
Module 11. Loss Event Capture, Categorisation, and Disclosure
Walks the loss event capture workflow from incident detection through Basel categorisation to internal disclosure and, where applicable, external regulatory notification. Covers the gross loss versus recovery accounting discipline, the boundary case adjudication when a loss could be credit or operational, the linkage to the issue and action register, and the trend analysis the Operational Risk Committee uses to direct attention.
Module 12. Year-End Residual Rating Roll-Up and Risk Appetite Linkage
Closes the cycle with the year-end residual risk roll-up that feeds the bank's risk appetite statement and the Board Risk Committee narrative. Covers the residual rating aggregation discipline across business lines, the qualitative override evidence the second line documents when aggregation alone misses an emerging concentration, and the risk appetite breach narrative when residual operational risk sits above the green threshold for two consecutive quarters.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

Module 1 lands when the next quarterly RCSA scoping memo is due to the Operational Risk Committee.
Modules 4 and 5 land when a KRI breach has triggered an open issue that the line-of-business head is questioning.
Module 10 lands when an OCC examiner has issued an MRA and the response memo is on a clock.
Module 12 lands when the year-end residual roll-up feeds the next risk appetite statement.

What you get with this course

  • Twelve written modules in the Art of Service learning environment.
  • Downloadable templates for the RCSA scoping memo, KRI breach narrative, issue and action register, MRA response memo, and Operational Risk Committee packet.
  • Worked examples drawn from US super-regional bank operational risk workflows.
  • Hand-built implementation playbook delivered alongside course access, tuned to the size of book the risk manager covers.
  • 30-day course access window with the playbook retained beyond that window.

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours: course access provisioned and implementation playbook delivered.

Week 1: Modules 1 through 3 (RCSA scoping, inherent scoring, control evidence).

Week 2: Modules 4 through 6 (KRI library, issue and action workflow, third-party integration).

Week 3: Modules 7 through 9 (model risk hand-off, Operational Risk Committee packet, Heightened Standards self-assessment).

Week 4: Modules 10 through 12 (MRA response, loss event capture, year-end residual roll-up).

Before and after

Before

The RCSA refresh, the KRI breach narrative, the MRA response memo, and the Operational Risk Committee packet each live in a separate workbook. The connective tissue is a personal spreadsheet that nobody else can audit. An OCC examiner asking for the evidence trail forces a manual reconstruction every cycle.

After

One evidence trail joins RCSA finding to issue, to corrective action, to MRA response, to residual rating, to risk appetite linkage. The Operational Risk Committee packet writes itself from the same source. An examiner walks the trail end to end without a workaround spreadsheet.

What happens if you do not address this

The next OCC supervisory cycle under Heightened Standards turns a documentation gap into an MRA, which turns into a Consent Order trajectory for the bank and a credibility hit for the risk manager who owned the workflow.

Who it is for

A Risk Manager at a US super-regional or large regional bank holding company. Sits inside Operational Risk, Enterprise Risk Management, or a line-of-business risk function (Retail, Commercial, Wealth, Treasury Services). Owns the RCSA cycle for one or more business units, manages the KRI library, tracks issues and corrective actions, prepares Operational Risk Committee materials, and contributes to OCC examiner responses under Heightened Standards. Reports up to a Senior Risk Officer or Chief Risk Officer through a director or managing director layer. Has three to ten years inside the second line.

Who this is NOT for. Not for credit risk officers, market risk quants, or treasury rates traders. Not for community-bank compliance generalists below 10 billion in assets where Heightened Standards do not apply. Not for consultants without a current second-line role inside a regulated US bank.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Roughly six to eight hours per week across four weeks, plus the playbook implementation work the risk manager schedules against the next RCSA refresh and Operational Risk Committee cycle.

Why $199 is the right number

A national consultancy engagement on the same scope runs into six figures and ships a generic methodology deck. An internal Center of Excellence build takes two quarters and three FTE. This playbook is 199 USD, hand-built for the size of book the risk manager covers, delivered in days not quarters.

FAQ

Is this scoped to OCC-regulated banks specifically?
Yes. The MRA response memo structure, the Heightened Standards self-assessment, and the SR 11-7 hand-off all assume an OCC-regulated US bank holding company. The RCSA, KRI, and issue and action modules port cleanly to Federal Reserve and FDIC-regulated banks as well.
Does the playbook integrate with a specific GRC tool?
The playbook is tool-agnostic. The schema for the issue and action register, the KRI library, and the residual rating roll-up will integrate with Archer, ServiceNow IRM, MetricStream, or an in-house build. The implementation playbook calls out the integration decisions the risk manager makes against the bank's existing tool.
Who delivers the implementation playbook?
Hand-built per buyer. Tuned to the size of book the risk manager covers and the specific OCC supervisory letters in scope.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.