This descriptive case study analyzes more than 5000 operational risk incidents from a major New Zealand bank to document risk patterns within a concentrated, dual-regulated banking environment. Using incident-level data from 2007 to 2023, the analysis reveals that human factors (such as training deficiencies and procedural lapses) accounted for more than half of all recorded incidents, challenging prevailing assumptions that technology failures dominate in digitally transforming banks. Regression analysis shows that, while human errors occur frequently, they are associated with lower-severity outcomes. Process-related risks exhibit significant associations with customer, financial and regulatory impacts, whereas system failures (though less frequent) are uniquely linked to reputational damage in baseline models. This association becomes statistically insignificant when macroeconomic factors are controlled for, highlighting the contextual nature of operational risk dynamics. Incident patterns evolved alongside key regulatory reforms, including New Zealand’s Financial Markets Conduct Act 2013 and Financial Markets (Conduct of Institutions) Amendment Act 2022, though these temporal correlations do not imply causation. Approximately 80% of incidents originated from front-office functions, particularly within practices relating to clients, products and business, underscoring concentration in customer-facing processes. A forensic review of around 400 material incidents identifies six operational risk concentration areas: documentation verification, customer engagement, compliance processes, fraud prevention, payment processing and data management. These areas represent priorities for future risk mitigation but are beyond the study’s evaluative scope. As one of the first analyses to use incidentlevel operational risk data from a live banking environment, this research offers rare empirical evidence in a data-scarce domain and establishes a replicable approach for confidential case studies in concentrated banking markets.