What are the three Lines of Defence?

The three lines of defence refer to a risk governance framework that regulators expect every organisation to follow.<br/><br/>

The first Line Of Defence (1LOD) is provided by risk owners, by BAU staff and operations management. The systems, internal controls, control environment and culture developed and implemented by these business units should anticipate and manage operational and non-financial risks.<br/><br/>

The second Line of Defence (2LOD) is provided by risk management and compliance and sets the policies, framework and systems tooling for use within 1LOD. Importantly, 2LOD is an INDEPENDENT control function. It is there to independently monitor and improve the performance of 1LOD. In turn, 3LOD performs a similar independent role for both 2LOD and 1LOD.<br/><br/>

The third Line of Defence (3LOD) is Internal Audit, which provides independent assurance of risk management through both the 1LOD and the 2LOD.