Three Lines of Defense

From Open Risk Manual


A popular management consultancy scheme for organizing the overall risk management activities in financial institutions. The origins of the concept are unclear. Broadly speaking it recommends

  • a "first line of defense" provided by the business unit itself (front office)
  • a "second line of defense" provided by a specific and specialized risk management function
  • a "third line of defense" provided by an internal audit function

Issues and Challenges

The concept has been criticized [1] for being essentially vacuous when the business line dominates other functions and places excessive emphasis on revenue growth


Contributors to this article

» Wiki admin