How do you organise a financial services firm to manage risk effectively?
This is a question that is seldom answered without the conversation turning to the “Three Lines of Defence” framework. Institutions are adopting this framework in a half-hearted way and are accordingly reaping half-baked risk-management outcomes.
The challenge for C-suite executives and board members is to diagnose whether their organisations are truly “walking the walk” or merely “talking the talk”. In this paper, we highlight five tell-tale signs showing the organisation only purportedly adopting the Three Lines of Defence and what good really looks like with an effective, rigorous framework in place.