Risk ratings, swaps margin and riding bubbles

The week on Risk.net, 21–27 April, 2018

7 days montage 270418

Fed risk rating system unifies stress testing and 3LOD

Some banks have qualms over potential downgrades and overlap between first and second lines

Swaps market off pace for IM rules – Isda survey

Participants want to see more standardisation in collateral and custodial contracts

Start-up fund looks to profit from early-stage bubbles

Market feedback loops have a signature that can be spotted and monetised, new fund SIMAG says


COMMENTARY: One line of defence

The three lines of defence model of operational risk management sounds simple: the first line is the business; the second is the risk management specialists, constructing and overseeing risk controls and compliance measures; the third is internal audit. But it has still not been universally accepted – the US Federal Reserve Board, to pick one of several regulators, has never endorsed it officially.

And though it has become widely known, and praised for the way in which it encourages the business to take responsibility for risk – an important cultural shift – it often seems the institutions who praise it turn immediately to explaining how and why they have decided to deviate from it, with the use of an intermediate line of defence, a 1.5 line between business units and the risk management function being particularly popular. Banks with a 1.5 line justify it as a response to a system that would otherwise make virtually everyone in the business a risk owner. Some have even gone further: HSBC has divided its first two lines into no less than five distinct categories. And still some op risk managers complain front-line business unit managers have a tendency to shrug off responsibility for risk management, arguing more or less that there is a specific risk management function, so surely it’s their responsibility.

Maybe it’s time for a rethink.

With multiple lines of defence in any other context – whether it be flooding, sports or war – the implication is that if the first line fails to stop a threat, the second line can catch it – and if not, then the third line may still hold.

But this analogy doesn’t really hold when it applies to financial risk management. The second and third line help to construct the defences, but they don’t man them. They can do their best to help, say, a desk head keep his risk exposure within agreed limits; they can set the limits and build the tools necessary to assess and monitor risk; but if the desk head manages, through inattention or deliberate intent, to take on an undesirable exposure, there is nothing the risk function or internal audit can do at that moment to stop him. They don’t have the authority, the expertise or the resources to second-guess every decision the business makes. Once the first line is breached, that’s it.

Should we instead start talking about one line of defence and two lines of advice?



Transitional measures introduced to spare European dealers the full impact of the switch to IFRS 9 accounting standards saved Lloyds Banking Group over half a billion pounds in core capital in the first quarter. Without the stop-gap measures, Lloyds’ common equity Tier 1 (CET1) would have been £29.1 billion, rather than £29.6 billion, at the end of March – a 2% difference.



“The optimistic viewpoint that the EU/UK relationship could be the basis of one of the first free-trade agreements including financial services, in some ways could be worrying for the United States because it could be a tremendously powerful free-trade agreement that we would not have had a part in. That template would be presented to the United States and could put us in a tough position in terms of our own negotiations with the UK – maybe – on a free-trade agreement” – Michael Gill, CFTC

  • LinkedIn  
  • Save this article
  • Print this page  

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact [email protected] to find out more.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: