This paper focuses on the risk chain of“illegal activity - operational risk - credit risk”which has not been paid enough attention to by risk management literatures． As the most basic type of risk among all types of risk under Basel Commit’s framework，compliance risk and operational risk need to be managed effectively to lay the foundation to control other types of risk． However，the theoretical research on these two types of risk cannot be deepened due to the lack of data support． By constructing a correlation model containing a“risk-activity-event-control-case”structure，the cause and loss database is established for compliance and operational risk，and the risk transference along the risk chain is studied preliminarily． The paper mainly discusses the following topics: ( 1) factors of compliance and operational risk，( 2) the ways to improve compliance and operational risk management through business process reengineering，( 3) operation risk quantification modeling based on process． According to real world practice，a trinity system made up of theoretical research，IT systems and guarantee mechanisms is put forward． Years of practice has proved that this trinity systemcan serve as an important guidance for financial institutions to manage compliance and operational risk．