Three lines of defense optimization

Recent studies indicate that while most financial institutions made significant progress in establishing three lines of defense risk management model to respond to regulatory expectations, the model still has not been consistently applied and fully embedded within organizations.




Among the top issues that derails the model's effectiveness are process duplication, resource incongruence, and lack of appropriation of roles and responsibilities by the process stakeholders. These often result in reluctance to fully accept the accountabilities by the first line of defence and isolation of the second line function into a silo.
A growing consensus among the industry practitioners that the model needs an upgrade has never been stronger.
A refreshed model needs to provide mechanisms to ensure greater accountability by the first line while establishing an effective collaboration with the second lime. These would require implementing new technologies, processes and revising talent management strategies to place the right people in the right roles. Furthermore, to enable a more coordinated and effective approach the companies must revise existing risk assessment programs and develop a common scope and taxonomy to eliminate duplications and lack of clarity.

We help our clients to:

  • Establish Risk Management Accountability
  • Risk management roles should be defined, right from the board to the functional level, and accountabilities
  • assigned at strategic, tactical, and operational levels. Each identified risk should have an assigned owner. Moreover,
  • employees handling risk management tasks should be trained to carry out their responsibilities efficiently.
  • Integrate Security, Business Continuity, and Compliance Programs with Risk Management