Practice Benchmark - January 2021
Enhancing the 3LOD model
The three lines of defence (3LOD) model should fundamentally contribute and support better risk management. However, it is generally recognised that it needs to be enhanced further to help offer an effective roadmap of key decision-making within complex firms. This will provide clarity around questions of responsibility and accountability to underpin better risk management and control activities.
In view of this, ORX undertook an extensive survey to look at practice versus theory. We focused on what is actually happening in practice within the industry compared to the theory, and to understand what can be improved and where the industry is moving to in enhancing its practice.
To gain a holistic view of the 3LOD model, we surveyed 53 financial organisations' second line operational risk teams as well as over 110 individuals in 30 financial firms from the first line, line 1.5 and the third line.
The resulting industry benchmark report is available to all ORX members to read. Each participant of the study also received a customised benchmark showing where their practice sits. They were also invited to roundtables to discuss outcomes and gain deeper insights.
Since its introduction within the financial services industry over 20 years ago, the 3LOD model has been discussed, adapted and challenged. Despite some reservations over its effectiveness as a framework to support risk management behaviours, it is widely used amongst financial institutions.
Many organisations continue to struggle with fully embedding the 3LOD model which can cause uncertainty over roles and responsibilities, duplication of work, and a perceived lack of mutual appreciation between the different lines. Organisations are often encumbered with a model which does not sufficiently support positive risk management behaviours or encourage enough collaboration between the lines. The 3LOD model was set up to support better risk management but it needs to still deliver further on this.
How can firms better embed 3LOD?
The study found that in order to embed the 3LOD model further, organisations should:
- Document risk management roles and responsibilities at an organisational and role level
- Incentivise individual accountability for risk management responsibilities
- Support individuals to deliver their risk management responsibilities through its organisational culture and clear communication
Listen to the podcast
For more insights and analysis from this study, listen to the podcast episode for a discussion with our research team.
Gated content stop
ORX Scenarios Senior Manager, ORX
Research Assistant Manager, ORX