"I just got my hard copy of the Journal and the article in there on Industrial Control Systems cyber risk is excellent! Well done throughout, you are to be commended for setting the bar at such a high professional level in the inaugural issue."
Three lines of defence — is it the right model?
Click the button below to download the full text of the article.
Abstract: Despite the plethora of legislation, regulatory requirements and industry guidance that financial institutions need to follow, there is an ever-increasing number of scandals involving risk management, governance and compliance failings. Each time a scandal hits the headlines, supervisory bodies, and organisations themselves, consider how to respond and further strengthen the control environment and enhance policies and the related procedures to prevent the same or similar instances occurring. This paper describes the Three Lines of Defence model within financial organisations, considers the Wells Fargo customer account fraud scandal and the departure of Citigroup’s Chief Risk Officer and debates whether the revisions to the Three Lines of Defence model proposed by the Institute of Internal Auditors will strengthen the risk and compliance frameworks within organisations and provide a more robust system of corporate checks and balances, endorsed by both the industry and the regulators.
Keywords: Three lines of defence; wells fargo; citigroup; institute of internal auditors
Donna Turner is a highly capable Risk, Compliance and Financial Crime professional with 22 years of experience in the financial services industry. Donna is now a senior consultant incorporating her wide-ranging experience into strategy, business development and problem solving to help firms with their governance, risk and compliance challenges. Donna holds two International Compliance Association (ICA) Diplomas, the first in Anti Money Laundering and secondly in Governance, Risk and Compliance. She has been an invited speaker at a number of events including the annual industry forum on Retail Conduct Risk, the Compliance Monitoring & Assurance Strategy industry forum and the International Compliance Association, Big Compliance Festival.