Is the Three Lines of Defense Paradigm Dead?

Nieuws

31-05-2024

Clifford Rossi

A three-pronged approach to risk management has been widely employed by the financial services industry for the past 10 years. This model, however, has relegated ERM to second-tier status while causing friction between different business units – and adjustments are therefore needed.

By Clifford Rossi, Professor University of Maryland

The three lines of defense (3LoD) doctrine has been one of the major pillars of enterprise risk management at banks and regulators for more than a decade. But has it outlived its usefulness? If so, should it be revised or replaced?

Serious risk events of various types continue to occur with some regularity, so the effectiveness of 3LoD is highly questionable. Last year’s bank failures grabbed headlines, but, over the past decade, we’ve also seen risk fiascoes at Wells Fargo, Credit Suisse, Citigroup and even JP Morgan, among other high-profile banks.

Given the recurrence of risk failures in the banking system, it is logical to revisit the efficacy of the 3LoD model and ask if there are better ways to strengthen the way banks manage risk.

What’s Wrong with Three Lines of Defense?

The concept of 3LoD in banking surfaced as far back as 2003, when it was mentioned by the Financial Services Authority. But it really took off after the Institute of Internal Auditors fleshed out the idea more broadly in 2013. The IIA itself recommended an update to 3LoD as recently as 2019, but, at its core, it hasn't changed much.

[….]

Lees verder op: GARP

Gerelateerde vacatures

Geïnteresseerd in een carrière bij organisaties in ditzelfde vakgebied? Bekijk hieronder de gerelateerde vacatures en vind de perfecte match voor jou!

Cybersecurity Officer

NWB Bank

55.000 - 100.000

Medior, Senior

Den Haag

Als Cybersecurity Officer bij NWB Bank bouw je mee aan het IT-securityteam en verhoog je de cyberweerbaarheid met IAM/PAM, SIEM/MDR, monitoring, pentests/audits en gestructureerd vulnerability-, hardening- en patchmanagement.

Meer lezen Direct solliciteren

IT Compliance Officer

Blue Sky Group

5.500 - 8.000

Senior

Amstelveen

Als IT Compliance Officer bij BSG identificeer, beoordeel en beheer je risico's om naleving van interne en externe regelgeving te waarborgen. Je ontwikkelt en implementeert risicobeheerstrategieën, onderhoudt het IT Control...

Meer lezen Direct solliciteren

IT-auditor

Belastingdienst

4.024 - 7.747

Medior, Senior

Hoofddorp

Gebruik jouw auditervaring om de beheersing van de Belastingdienst te helpen verbeteren. Jouw rapporten en (strategische) adviezen geven de organisatie het nodige inzicht daarvoor. Als senior IT-auditor werk je wisselend...

Meer lezen Direct solliciteren

Chief Information Security Officer (CISO)

NHG

5.368 - 7.627

Medior, Senior

Utrecht

Als Chief Information Security Officer (CISO) bij NHG ontwikkel en implementeer je de (cyber)securityvisie en het Security Policy House, bewaak je securityarchitectuur en risico’s, stuur je DORA in control aan...

Meer lezen Direct solliciteren

Alle vacatures

Finance

Business

Business Support

Technology

Hubs per Sector

Is the Three Lines of Defense Paradigm Dead?

What’s Wrong with Three Lines of Defense?

Elke dag brengt nieuwe vraagstukken

“Digitale weerbaarheid essentieel voor de samenleving”

What the cybersecurity sector can learn from the digital battlefield in Ukraine

De vakspecialist als risicodrager in de organisatie

Gerelateerde vacatures

Hubs per Sector

What’s Wrong with Three Lines of Defense?

Elke dag brengt nieuwe vraagstukken

“Digitale weerbaarheid essentieel voor de samenleving”

What the cy­ber­se­cur­ity sector can learn from the digital battlefield in Ukraine

De vakspecialist als risicodrager in de organisatie

Gerelateerde vacatures

What the cybersecurity sector can learn from the digital battlefield in Ukraine