The Three Lines of Risk Defence

The rapid rise in technology and the greater need for additional interoperability is now the dominant theme and characteristic in both domestic banking and international banking.

Here in the UK, and further afield, with more exacting legislative requirements such as Open Banking and PSD 2, enabling new entrants and “disruptors” to now enter the market and disintermediate the UK Clearing Banks and other well-known participants, one area is still present, and will never disappear. That is RISK! Apart from Client Risk, there is also now a greater operational risk as new services are established across new infrastructures that require more sophisticated interoperability, in order to offer seamless payments to the “end-user”. As such, greater operational and systemic connectivity and accompanying risk increases too, in spite of the API applications needed to support this wider interoperability.

Consequently, strict risk management and strong financial discipline as opposed to “risk aversion” and “over-caution” are still the order of the day, and will always continue to be so. Therefore, the THREE LINES OF DEFENSE are now more prevalent than ever; and as Corporate Bankers, Personal Bankers, Credit and Operations personnel, we are all familiar with this methodology – are we not?

However, just in case these key criteria have inadvertently slipped from our minds, I have listed them below:

First Line of Defense

The bank’s Client Relationship Officer as the initial risk owner, supported by operational management.

Second Line of Defense

The bank’s Risk Control/Credit and Compliance departments with limited independence in line with internal risk policy and procedure, report directly and primarily in to the bank’s senior management.

Third Line of Defense

The bank’s internal audit department with greater independence than those in the “second” line of defense, reports all activity (good, bad, and doubtful) given agreed risk policy, and current “risk register” in to the relevant industry governing authority, and/or authorities.

Author: Eliot Charles Heilpern, Director, The Payments Business

Leave a Reply

Join The Debate!

Do you have a question about The Payments Business?
Do not hesitate to visit our Knowledge Base, most answers are found there.