RiskBusiness International, the operational risk advisory and solutions firm, has published guidance for those companies wishing to develop, implement and maintain a formal three lines of defence structure for corporate governance and risk management.
While there has been much discussion as to what constitutes a three lines of defence model, there remains across all industries (and, notably, within financial services) little understanding of the ramifications of actually implementing a risk agnostic, organisation-wide three lines of defence model.
Drawing upon its experiences in working with a wide range of organisations across the globe exhibiting different sizes, complexities and management structures, RiskBusiness International has established a step-by-step guide to assist companies in establishing a robust, proactive three lines of defence model which is able to stand the test of time.
The resultant approach allows for custom models – there’s no ‘one size fits all’ – which have been tried and tested across corporate entities, banks, insurers, asset managers and other entities.
“Three lines of defence is not about risk management,” stated Mike Finlay, CEO of RiskBusiness International. “You cannot try and apply a model that affects corporate structure, individual accountability and, as a consequence, corporate culture by thinking it’s a risk management initiative – even worse if you think it only applies to operational risk and perhaps to the compliance function.”
Finlay continued: “Three lines of defence is integral to the DNA of the firm. It begins with the vision, mission and values and flows through corporate governance, corporate strategy and overall business objectives into the everyday functioning and decision-making of the entire enterprise. It’s all about the core principles on which we base our business and how we measure ourselves against the achievement of those principles and our defined business objectives.”
Global regulation, particularly in the financial services sector, is increasingly focused on good governance and how the Board and executive management behave and run the enterprise. To comply with the ever-increasing volume of regulation and achieve the firm’s potential, every enterprise should implement a robust governance structure which embraces the three lines of defence concept. On that basis, this new guidance from RiskBusiness International is an invaluable resource for every firm, irrespective of geography, size or nature.
Companies interested in more information about the RiskBusiness International Position Paper on the Three Lines of Defence should visit the RiskBusiness website at: http://www.RiskBusiness.com