A RegTech Journal; a place where we cover the latest news on regulatory compliance, anti-money laundering and data privacy.

Recent Posts

Regtech Journal +44 20 3807 8680 anjali@complystreet.com
Back to top

A brief look at 3LOD

  /  Anti-Money Laundering   /  A brief look at 3LOD
Anti-Money Laundering, Compliance

A brief look at 3LOD

3 Lines of Defence

What are lines of defence? In compliance the lines of defence are refer to the departments of an organisation responsible for stages of risk management. It essentially involves the employees, their controls, policies, procedures, and escalation and reporting guidelines. In short, it is an effective risk management technique adopted by organisations by defining roles and responsibilities. It provides clarity within the organisation and helps identify the gaps within the system more efficiently due to different perspectives and roles involved.

Let’s take a look at the three lines of defence.

First line of defence

The first line usually are people involved in the creating the products and services. This includes the sales and operational processes of the business. They are responsible for maintaining internal controls, risks, implementation of policies and understanding the roles. The management ensures that business goals are met and oversee the risks.

Second line of defence

The second line helps the management (or first line) manage their risks and controls effectively by providing advisory services. Apart from this, they are also responsible for providing a compliance framework, assessing risk areas to ensure compliance with regulations, draft and implement policies, internal procedures and processes that have been approved by the first line.

Third line of defence

The third line of defence is the independent assurance, which is, external and internal auditors who are responsible for independently evaluate the compliance risks and controls. They test the products and services and report to the Senior Management’s oversight functions. This function may not execute the processes such as performing risk management or due diligence, but help provide advice and recommendations regarding the processes they test in accordance with international audit guidelines and practices.

One thing I would want to add is that it is imperative that the second line of function possesses risk management skills as they have a responsibility to build a compliance plan for the organisation. The second line must also be given independence to perform their compliance functions, as a lot of times, the operational or sales side of the business could hinder this by trying to bring in as many clients and business as possible. This will affect the credibility and reputation of the business in the long run.

Every organisation, despite the size, must have these three lines. It is more effective to carry out risk mitigation procedures when there is clarity of roles and responsibilities among the functions within the organisation. Although, there are exceptions to every organisation and circumstances where sometimes the lines of defence may integrate, especially in smaller firms/companies.

Please note that all opinions made on this blog should be treated as a guide and not legal advice. Sources have been linked.

Share: