The first Line of Defence (1LoD) refers to the majority of the Bank. Individuals in the 1st Line are responsible for managing the day-to-day operations of the Bank. These individuals and departments generate risk and are responsible for implementing effective mechanisms to control it
The second Line of Defence (2LoD) contains the Risk Function. The Risk Function will perform check and challenge on the First Line, co-ordinate Bank-Wide assessments and independently generate MI for stakeholders. It is usual for the 2LoD to also contain functions such as Compliance Advisory about regulatory change, Surveillance & Investigations, etc.
The third Line of Defence (3LoD) contains the internal audit function. Internal audit can be expected to provide independent assessment on the robustness of the risk management frameworks, test internal controls and conduct bespoke investigations on behalf of the Board / Non-Executive Directors.
