Three Lines of Defense in Financial Services

Five Signs That Your Firm Is Living a Lie and What to Do About Them

Ask any bank or insurance company today about how they organize themselves to manage the risks they face and you will undoubtedly hear about their “three lines of defense”: risk taking, risk oversight, and risk assurance.

There are five common signs that a financial institution might be purportedly “adopting” the three lines of defense, yet might not be living the three lines of defense in practice. If a financial services firm is exhibiting one or more of these signs, it may be time for an intervention at the C-suite or board level. 

With sufficient clarity of thinking, management drive, and determined execution, the three lines of defense can be transformed from “words to live by” to a functional bulwark that can protect the business in good times and in bad. But to be truly effective, the model needs to evolve as the business evolves.

Mark Abrahamson, a London-based principal, and George Netherton, a London-based principal in Oliver Wyman’s Financial Services practice, on why the three lines of defense have a bad name.

Three Lines of Defense in Financial Services