Case Study: Implementing the Three Lines of Defense in a BFSI Organization

Background:

ABC Bank is a leading financial institution operating in the BFSI sector, offering banking,

insurance, and asset management services. With increasing regulatory requirements and

evolving risks, ABC Bank decided to strengthen its risk management framework by adopting

the Three Lines of Defense (LoD) model.

Implementation:

 First Line of Defense:

Operational managers and front-line staff at ABC Bank were trained to identify,

assess, and manage risks in their daily activities. For example, tellers and

relationship managers were made responsible for detecting suspicious transactions

and adhering to anti-money laundering (AML) procedures.

 Second Line of Defense:

The Risk and Compliance department developed new policies and conducted regular

risk assessments. They monitored compliance with regulations such as KYC (Know

Your Customer) and GDPR, providing guidance and support to operational teams.

They also organized training sessions to raise awareness about emerging risks like

cyber threats.

 Third Line of Defense:

The Internal Audit team performed independent reviews of both operational and risk

management activities. They evaluated the effectiveness of internal controls,

checked adherence to policies, and reported findings to senior management and the

board. Their audits uncovered gaps in the AML process, leading to improvements in

monitoring and reporting.

Outcome:

By clearly defining roles and responsibilities across the three lines, ABC Bank improved its risk management, enhanced accountability, and ensured compliance with regulatory standards. The model fostered a culture of transparency and proactive risk management.

Which line of defense is primarily responsible for owning and managing risks in daily

operations within a BFSI organization?