Four Eyes Principle

From Open Risk Manual


The Four Eyes Principle (also Two-man rule) is a widely used Internal Control mechanism that requires that any activity by an individual within the organization that involves Material Risk profile must be controlled (reviewed, double checked) by a second individual that is independent and competent.[1]


The objective of the control is to mitigate risks primarily of the following two types:

  • Business Execution, adverse outcomes as the result of poor execution of regular business tasks (mistakes, oversights)
  • Internal Fraud, adverse outcomes as the result of fraudulent action of persons internal to the firm

Depending on the context, potentially other types of risk may also arise from the absence of this control (e.g. Physical Damage)


Implementing this control is relatively simple in document based approval processes. It requires:

  • Adding qualified persons in the approval list
  • Double / multiple signatures

More stringent forms of this control may require that no sensitive operation can be performed without the simultaneous presence of two people (Dual Control).

An instructional (if extreme) example is the manner in which missile launching crews are organized:

  • Once a missile launch order is received, two operators must agree that it is valid by comparing the authorization code in the order against a Sealed Authenticator (a special sealed envelope which holds the code)
  • These Sealed Authenticators are stored in a safe which has two separate locks
  • Each operator has the key to only one lock, so neither can open the safe alone
  • Also, each operator has one of two launch keys; once the order is verified, they must insert the keys in slots on the control panel and turn them simultaneously
  • As a further precaution, the slots for the two launch keys are positioned far enough apart to make it impossible for one operator to reach both of them at once
  • For additional protection, the missile crew in another launch control center must do the same for the missiles to be launched
  • A total of four keys are thus required to initiate a launch.


  • A classic example of implementing "Four Eyes" is in the Credit Approval Process where any credit decision must be reviewed and signed by a second independent person
  • In many areas the principle is generalized in requiring a separate review by a different team. An important example is the review any risk models by Independent Model Validation

Issues and Challenges

  • Implementing the principle may be excessively onerous in resources (or even impossible) when individuals within the organization possess unique knowledge / expertise that cannot be replicated
  • When internal processes and/or decision making are not fully reflected in traceable documentation a documents based control might be inadequate
  • The lack of sufficient depth in implementing check and balances is related also to Key Person Risk

See Also


  1. BIS, Core Principles for Effective Banking Supervision

Contributors to this article

» Wiki admin