Three Lines of Defense

From Open Risk Manual
Revision as of 17:45, 30 November 2019 by Wiki admin (talk | contribs)


The expression Three Lines of Defense (3LoD) denotes a popular management consultancy scheme for representing the overall Risk Management activities of (in particular) financial institutions. The origins of the concept are unclear. Broadly speaking it identifies:

  • a "first line of defense" (1LoD) provided by the business unit itself (also front office)
  • a "second line of defense" (2LoD) provided by a specific and specialized Independent Risk Management function
  • a "third line of defense" (3LoD) provided by an Internal Audit function

The motivation for the scheme is to stress both the need for accountability for prudent risk management in all parts of the organization and the need for multiple layers of independent control and verification

Issues and Challenges

The concept has been criticized [1] for being essentially vacuous when the business line dominates other functions and places excessive emphasis on revenue growth


Contributors to this article

» Wiki admin