Journal of Operational Risk

Risk.net

Operational risk and the three lines of defence in UK financial institutions: is three really the magic number?

Kumbirai Mabwe, Patrick John Ring and Robert Webb

  • There is no single common understanding of the 3LOD in UK institutions but there are a range of practices with regard to implementation of the model.
  • There are multiple lines of defence within the first line of defence- 1a and 1b.
  • We recommend realigning the lines of defence into areas of roles and functions and formal revision of the 3LOD to improve clarity of responsibility for operational risk management.

Interest in financial services firms developing and implementing robust systems and structures to manage operational risk has been growing. While there now appears to be some consensus in terms of definitions, quantification and modeling, firms are struggling with the qualitative side of operational risk management (ORM). This is particularly the case for financial institutions’ operational risk governance, where the three lines of defence model has become standardized. At the same time, corporate scandals post-financial crisis continue to indicate deficiencies in operational risk governance. Our paper examines the three lines of defence in the context of ORM in UK financial institutions. It focuses on roles and responsibilities and then analyzes the effectiveness of the traditional three lines of defence model. We find a lack of common understanding of the lines of defence in financial institutions, which leads to the duplication of roles and gaps in coverage. This is concerning for the industry, the economy and regulators.

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to Risk.net? View our subscription options

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here