The Evolution of 3 Lines of Defence Ruth

The Evolution of 3 Lines of Defence Ruth Hutchinson Head of Financial Crime Compliance

Learning Objectives • Review the history of the 3 lines of defence model; what have we learned since it was introduced? • Evaluate its current use in managing financial crime risk. • Consider ways in which the model might be changing in response to the rapidly evolving risk environment.

History of 3 Lo. D • Where did it all begin? • Military strategy! • Financial scandals • Economic crisis • Financial crime • The need for a flexible, adaptable model of risk management • Application to financial crime prevention

The Traditional Model 1 st Line Business Units 2 nd Line Risk and Compliance 3 rd Line Audit • Customer facing • First to detect any risk issues • Apply risk management controls and mitigators • Best informed about the firm’s exposure to risks • Subject matter experts • Oversee and challenge risk management approach • Horizon scanning • Design risk management framework • Independent oversight • Objective review and testing • Provide challenge

Does it work? Benefits Challenges Clarifies risk management accountabilities Difficult to understand apply Strengthens governance approach Lack of clarity of roles Supports embedding a strong culture Not consistently applied Encourages dialogue Siloed 2 LOD Doesn’t take account of technologies

What’s next? Evolution. Board/Audit Committee Regulatory supervisors Senior Management 1 st line of defence. Functions that own and manage risk Risk ownership Risk Management Controls 2 nd line of defence. Oversee controls Financial Crime SMEs Policy & Advisory Compliance 3 rd line of defence Independent assurance Audit External Audit Risk 3 Lines of Defence 4 th Line of Defence https: //www. bis. org/fsipapers 11. pdf

Thank you