4 Lines of Defence Model for Financial Services Risk Control

The Three Lines of Defence model, first enumerated by the Institute of Internal Auditors a decade ago, has become a well-recognised industry framework for promoting effective and efficient corporate governance, risk management and control. But increasingly wealth managers need to add a fourth line of defence too.

How the Three Lines of Defence works

In the financial services sector, risk committees and separate risk functions are required by regulation. The Three Lines of Defence approach embeds that functional separation and accountability oversight. Under the model: Source: CIIA The three-line defence model is vital to firm’s long-term success. The strengthened risk control helps guard against potential suitability blow-ups. It strengthens compliance, protecting firms from the reputational damage and regulatory penalties that can result from poor practices. And a proven risk management culture can aid client attraction and retention.

The missing data piece

The three-line model is missing an essential component though: high-quality data. Effective oversight, control and action depend on timely, accurate information. As the CIIA observes, the “governing body relies on reports from management (comprising those with first and second line roles), internal audit, and others in order to exercise oversight and achievement of its objectives, for which it is accountable to stakeholders.” Without a true, up-to-date picture of what is happening in your organisation it is impossible to respond appropriately. Taking decisions based on incorrect, incomplete or outdated information can be as bad as taking no action at all – and may even make a situation worse. But while quality data is vital to effective governance and risk management, ensuring your firm has it is becoming ever more of a challenge. For one, data volumes are growing exponentially. Approximately 97 zettabytes (97 trillion gigabytes) of data were expected to be created, captured, copied and consumed globally in 2022. That is forecast to almost double to 181 zettabytes by 2025. As it is, poor data is everywhere. Common problems include gaps in the data, inconsistencies, bad sequences (such as a data point missing in a dividend processing sequence), logical failures (e.g. a British national with a UK address who is not classed as resident for UK tax) and data duplication across systems. In many cases, finance firms know they have data issues, but not where or what they are. Worse, data deficiencies often go completely undiagnosed. No wonder a 2022 InterSystems/Vitreous World survey found 86% of business leaders at financial services firms aren’t confident their data can be used for decision-making.

The Fourth Line of Defence

If financial services firms can’t trust their data, how can they trust that their risk management and compliance activities are providing the protection they should? Which is why automated data quality management should be firms’ Fourth Line of Defence. Automated data quality tools remove human variability, ensuring data checks are always accurate and consistent. Problems are identified much quicker, enabling faster resolution. And an automated system is always on, offering wealth managers 24/7 data analysis. The result is a true golden source of data that accurately reflects firms’ risk positions, allowing management and boards to take more informed action in response.