Common Enterprise Risk Management (ERM) Risk Categories 

Strategic Risks 

Strategic risks arise from the institution’s business strategy and objectives. For example, entering a new market or launching a new program may have associated strategic risks. 

Operational Risks 

Operational risks arise from the institution’s day-to-day activities and processes. Examples include technology failures, employee errors, or staffing insufficiency. 

Financial Risks 

Financial risks arise from financial operations and management. Examples include credit risk, market risk and liquidity risk. 

Legal/Compliance Risks 

Legal/Compliance risks arise from the failure to comply with laws, regulations or industry standards. Examples include contract disputes, intellectual property disputes, employment law violations, data privacy violations. 

Reputational Risks 

Reputational risks arise from damage to the institution’s reputation, image, or brand. Examples include lawsuits or negative media coverage.