Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


Todd Partridge, Vice President, Strategy at Intralinks, a Synchronoss business

The three lines of defence (3LoD) model of risk management has long been held in high esteem by risk managers in banks across the world.

However, the model, in which the responsibility for managing risk is shared between operational management, internal governance activities (such as risk management and compliance), and an organisation’s internal business functions, is being called into question.

Ever since the start of the global financial crisis in 2008, the resulting increase in regulatory burdens carried by financial firms has led to doubts around just how effective and efficient the 3LoD model actually is.

A recent global survey of practitioners working across all three lines, carried out by Intralinks, highlighted the extent of these doubts and identified the challenges they faced in implementing the 3LoD model.

A lack of agreement

The survey revealed, for example, a lack of agreement regarding roles and responsibilities across and within each line of defence, along with an inconsistent approach to protecting confidential supervisory information. It also identified difficulties in evidencing individual accountability, such as decision making, as well as issues around inefficient manual controls which could be left open to the risk of manual error.

Fundamentally, the survey found that without clear lines of communication, strong controls, and a robust, enterprise-wide risk culture, it is practically impossible for a business to implement effective and efficient regulatory risk management infrastructure.

As they contemplate implementing the raft of regulations rolled out as a result of the financial crisis, banks must take time to re-examine the methods, such as the 3 LoD model, that they have traditionally used to manage risk.

For an organisation to develop an effective and efficient risk management regime on an enterprise-wide basis requires clear communication, agreement, and documentation. This ensures that all participants understand and agree the roles and responsibilities of individuals working within and across each line, and where those lines interact.

However, according to the research, a lack of clarity in this area has become a barrier to putting such a regime in place.

It’s important for organisations to find a way of creating an enterprise-wide approach to risk management that will provide employees with a clear agreement of their roles and responsibilities, along with more efficient ways of monitoring and managing their activities.

In addition, “vague guidelines from the regulator” have led to a lack of clarity around “individual accountability”, posing a further challenge to organisations looking to implement the 3 LoD model. Indeed, only 6.1 percent of respondents strongly agreed that operational controls were in place evidence individual accountability across all three lines of defence.

And information security, while a crucial element to any regulatory risk management regime, was revealed by the survey as attracting varying degrees of support across the three lines. Yet given the current threat landscape and heavyweight regulations such as the upcoming GDPR, it’s never been more important for employees across all lines to be fully on board with the need for control and compliance with data privacy rules

Room for improvement

There is, however, a light on the horizon.

The Bank for International Settlements (BIS) suggested an additional line of defence in which external parties, such as auditors and banking supervisors, would have a say in how an organisation’s internal control system was designed.

It’s also highly likely that technology is set to play a key role in breaking down the barriers to effectiveness and efficiency. Banks are now able to access a range of solutions from the rapidly expanding field of regulatory technology, otherwise known as RegTech.

Such tools are becoming increasingly sophisticated, replacing manual processes and controls, as well as improving lines of communication, supporting individual accountability and offering greater levels of information security by providing encryption for files at rest, in use, and in motion.

The 3 LoD model provides the basic foundation for risk management butthere’s clearly room for improvement. Developing and adopting RegTech solutions is key to not only improving risk management and governance systems, but also to increasing individual accountability across the enterprise.