Why do 66% of risk and compliance practitioners think the three lines of defence model should be updated?
As banks survey the new post-financial crisis regulatory landscape, there is a growing need to refresh or even restructure risk management strategies at most financial firms. In areas such as regulatory compliance in particular, banks must now find new ways to monitor and manage risk effectively because traditional methods are failing to address the new regulatory regime.
This white paper examines current attitudes towards the three lines of defence (3 LoD) model for risk governance. It is based on a survey of compliance and risk practitioners across all three lines working at banks worldwide. Respondents were asked to rate the effectiveness and efficiency of the model in relation to regulatory risk management, and to discuss the main impediments to its implementation within their respective organisations. The results show that banks currently face challenges in terms of delineating roles and responsibilities, and evidencing individual accountability – key elements of the 3 LoD approach. The use of manual controls and an inconsistent approach to information security cause major problems when implementing this model, according to the survey results.
Updates to 3 LoD have been suggested, but the paper argues that the growing field of regtech will play a crucial role in helping banks address the shortfalls in traditional risk management models such as 3 LoD in the new regulatory era.