Three Lines of Defence Model

From ACT Wiki
Revision as of 22:22, 13 November 2016 by imported>Doug Williamson (Add links.)
Jump to navigationJump to search

Financial services - risk management

The Three Lines of Defence Model is designed to assure the effective and transparent management of risk by making accountabilities clear.

  • Under the first line of defence, customer facing operational management has ownership, responsibility and accountability for directly assessing, controlling and mitigating risks.
  • The second line of defence consists of independent risk management, compliance and operational risk functions, including oversight and challenge to the first line of defence. This line of defence monitors and facilitates the implementation of effective risk management practices by operational management and assists the risk owners in reporting adequate risk related information.
  • The third line of defence is internal audit, reporting directly to the board. Internal audit reviews and reports on both the first and the second lines of defence.


See also