# Resolving swaps, early warnings and the three lines of defence

## The week on Risk.net, October 27–November 2 2017

Long stay parking: G-Sibs seek BRRD swap stays exemption
Resolution authorities do not want systemic implications of extended moratorium, say banks

Crisis alert: new model aims to give early warning of downturn
Academics say tool could offer policymakers up to three years’ notice of impending crash

The three lines of defence: a Sisyphean labour?
Banks have revised Basel’s model to suit their risk profile, but some remain sceptical of its impact on risk culture

COMMENTARY: The inner chimp

Eight years before the global financial crisis, as the dotcom collapse was making headlines, the 2000 film Boiler Room took its audiences into the world of pump-and-dump scams. A naive new recruit at the dubious JT Marlin brokerage wonders “But how can we do that? Isn’t there a compliance officer here?”

“John?” his mentor asks scornfully, glancing over at an inert figure in a distant office. “He works for us. He’s a chimp. He’s only here because the SEC requires it.”

The same attitude held at too many firms before and during the 2008 crisis – including many that were far larger and more powerful than JT Marlin. Changing that mind-set was a key objective for regulators, and with operational risk, their chosen approach was the three lines of defence model, which predicates that risks should be managed by the front office (first line) with oversight of controls and compliance provided by specialist risk managers (second line) and failures analysed and accounted for by auditors (third line).

Now, six years after the three lines model was stipulated by the Basel Committee, operational risk professionals are asking whether it has worked – and this week we found the answer is far from clear.

Reinforcing the status of the third line was never the problem. The aim of the three-lines approach was to make the front office more risk-conscious (rather than having it focus on profit, and leave compliance to the chimps). Also, the intention was to take the second line out of its silos, by giving it the skills and experience needed for effective oversight – and the clout to talk to senior management if necessary. This has taken several years, and is still far from complete, as Risk.net found earlier this year.

So, although banks reacted to the 2011 announcement with significant changes in structure and reporting lines, and extensive new hiring, the objective was never really structural change – the point was to change the culture around managing operational risk. It is notoriously difficult to tell how much this has actually happened, and, if it has, whether this is due to the three lines of defence model.

Other regulations, such as the Comprehensive Capital Analysis and Review in the US, have also forced banks to change their op risk approach, even if that wasn’t the main reason behind them. Then the massive fines imposed since the crisis, especially in the US, have had their own impact – some risk managers say a deeper one than any Basel recommendation.

If the three lines of defence model has helped, that’s good. But the failure mode of compliance is becoming process-focused – concentrating too much time and effort on the right structures and procedures rather than the right outcome. Cultural change is hard to track, and may not be permanent – that is where the spotlight should really fall in the years ahead.

STAT OF THE WEEK

US banks may need to set aside an extra $50 billion–$100 billion against credit losses as a result of the planned Current Expected Credit Loss rule, due in 2020, which would shave 25 to 50 basis points off tangible common equity ratios as retained earnings are diverted to boost loan reserves

QUOTE OF THE WEEK

“The prior leadership at the [Commodity Futures Trading] Commission poorly defined populations and risk while broadly imposing costs. Good public policy always appropriately defines risk, then defines the population relative to that risk. It then tailors its regulations and its rules to focus on each” – Brian Quintenz, CFTC

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here: http://subscriptions.risk.net/subscribe

#### 7 days in 60 seconds

###### Behavioural finance, alt data and risk-free rate problems

The week on Risk.net, June 27–July 3, 2020