Three Lines of Defense
From Open Risk Manual
Revision as of 10:35, 25 February 2020 by Wiki admin (talk | contribs)
Definition
The expression Three Lines of Defense (3LoD) denotes a popular management consultancy scheme for representing the overall Risk Management activities of (in particular) financial institutions. The origins of the concept are unclear. Broadly speaking it identifies:
- a "first line of defense" (1LoD) provided by the business unit itself (also front office)
- a "second line of defense" (2LoD) provided by a specific and specialized Independent Risk Management function
- a "third line of defense" (3LoD) provided by an Audit function
The motivation for the scheme is to stress both the need for Accountability for prudent risk management in all parts of the organization and the need for multiple layers of independent control and verification
Issues and Challenges
The concept has been criticized[1] for being essentially vacuous when the business line dominates other functions and places excessive emphasis on revenue growth