Skip to content


ORX Membership


Risk Management Community

Risk programme

Management, practice & framework

Practice Benchmark - January 2021

Enhancing the 3LOD model

The three lines of defence (3LOD) model should fundamentally contribute and support better risk management. However, it is generally recognised that it needs to be enhanced further to help offer an effective roadmap of key decision-making within complex firms. This will provide clarity around questions of responsibility and accountability to underpin better risk management and control activities.

In view of this, ORX undertook an extensive survey to look at practice versus theory. We focused on what is actually happening in practice within the industry compared to the theory, and to understand what can be improved and where the industry is moving to in enhancing its practice.

To gain a holistic view of the 3LOD model, we surveyed 53 financial organisations' second line operational risk teams as well as over 110 individuals in 30 financial firms from the first line, line 1.5 and the third line.

The resulting industry benchmark report is available to all ORX members to read. Each participant of the study also received a customised benchmark showing where their practice sits. They were also invited to roundtables to discuss outcomes and gain deeper insights.

Study overview

Since its introduction within the financial services industry over 20 years ago, the 3LOD model has been discussed, adapted and challenged. Despite some reservations over its effectiveness as a framework to support risk management behaviours, it is widely used amongst financial institutions.

Many organisations continue to struggle with fully embedding the 3LOD model which can cause uncertainty over roles and responsibilities, duplication of work, and a perceived lack of mutual appreciation between the different lines. Organisations are often encumbered with a model which does not sufficiently support positive risk management behaviours or encourage enough collaboration between the lines. The 3LOD model was set up to support better risk management but it needs to still deliver further on this.

How can firms better embed 3LOD?

The study found that in order to embed the 3LOD model further, organisations should:

  • Document risk management roles and responsibilities at an organisational and role level
  • Incentivise individual accountability for risk management responsibilities
  • Support individuals to deliver their risk management responsibilities through its organisational culture and clear communication

Listen to the podcast

For more insights and analysis from this study, listen to the podcast episode for a discussion with our research team.













Gated content start

This resource is only available to ORX members

Want to access this resource?

If your firm is a member of ORX, log in or register to read this resource.

Log into the ORX website

Not a member? Talk to us today to discuss how you could join the ORX community.

Speak to an expert

Gated content stop


Simon Johnson

Simon Johnson

ORX Scenarios Senior Manager, ORX

Maddy Beckett

Maddy Beckett

Research Assistant Manager, ORX


Find out more about the study

Get in touch if you'd like to more.

Contact us