Man with glasses looking into the distance

Modernising your 3LOD and risk culture

4 min read 5 February 2024 By Viresh Tailor and Richard Stevens, experts in Financial Risk

The last few years have been anything but smooth sailing for financial services (FS) companies. They’ve weathered a global pandemic, strained supply chains, geopolitical crises, stubborn inflation, and countless other disruptions. And while a new year is usually a time for fresh starts, all signs seem to show that volatility will continue to be a dominant theme in 2024.  

Right now, risks are all around – and they’re only getting more complex and commonplace. To stay ahead of them, a risk function can’t continue to rely on the same old strategies and solutions. The moment we’re in demands a different approach. Here are three key questions FS firms should ask to make sure their organisational culture is prepared to meet it.

1. How clear are peoples’ roles and responsibilities?

The Three Lines of Defence (3LOD) framework has long been the holy grail of risk management, ensuring there is clear independence across all three lines. But as the risk landscape becomes more complex and fast-moving, it has exposed weaknesses in the traditional framework.  

In certain cases, the 3LOD model can give rise to a silo mentality, leading to poor collaboration and communication between the front-office and the risk management unit – the first and second lines of defence. This can go on to create duplication of effort, disputed accountabilities and misaligned goals around risk management.  

To improve coordination across the 3LOD, everyone needs to have clearly defined roles within the framework. All team members should know how their individual roles fit into the overall framework and where their responsibilities lie and avoid grey areas. Otherwise, it can lead to situations where, for example, the first line stops performing certain activities, because they believe they are covered by the second line, when in fact this is not the case.  

This becomes crystallised during times of crisis. When individuals know the role that they must play and the actions they must take, it helps the entire organisation co-ordinate its response in a more proactive and effective way. 

2. Is your culture helping or holding you back?

Reflecting on recent banking crises, we notice a clear degree of interconnectedness, where risk in one area quickly spills over to others. At the same time, however, this connectivity does not extend across the business itself. Functions remain siloed, goals are not clearly defined or understood and there’s a lack of transparency between different teams.  

To deal with increasingly interconnected risks, everyone needs to work together – and that’s where risk culture becomes key. 

We know that over the next year, more organisations are going to embark on culture programmes. Why? Because they recognise that breaking down barriers is going to be really important to deal with the current and emerging risk landscape.  

To drive this transformation, FS firms need to ask deeper questions about their risk function and the business as a whole. Does the organisational culture empower people to speak up and challenge the status quo? Or are there strong forces which prevent this and lead to group think? Are people encouraged to raise concerns or are they advised to keep their head down and to stick to what they know? 

If everyone works together in a spirit of trust and transparency, this lends itself to greater accountability and more effective decision-making. For this, it’s absolutely vital to set the right tone from the top. Here, senior management must lead by example, showing the right behaviour and right actions themselves. 

3. Do you have the right tools and technology to support you?

Technology can be a great enabler to improve the efficiency of and insight from risk management activities. But many financial institutions find themselves weighed down by legacy systems and processes, which can stand in the way of digital transformation.  

We see many organisations using technology that was first introduced many years ago, in a very different landscape. They spend considerable time and money maintaining a web of complex, often disjointed systems that have been built up over decades, often as a result of legacy mergers and acquisitions. It’s also difficult for them to make updates to these systems and integrate next generation tech including opportunities to harness artificial intelligence (AI). 

There’s no easy way to overcome the barrier posed by monolithic legacy tech. For many firms, it’s like tearing up the foundations to a house and rebuilding them while you’re still living in it. But, at some point, modernisation becomes inevitable, and organisations will have to decide on what path they take to get there. With advances in technology and approaches to implementation, we are seeing exciting options for effective and cost sensitive transformation to take place with both the use of existing applications whilst improving overall architecture and moving to cloud. 

Ultimately, an organisation’s risk framework, culture and technology are closely intertwined. It takes all three working in harmony to drive effective mitigation of and response to risks. Plus, with the nature of that risk continually changing, FS companies can’t see these elements as a monolith either. Their approach to oversight and management needs to be flexible and adaptable in order to take on today’s threats and tomorrow’s opportunities.  

If you’d like to learn more about how Baringa can help shape your risk culture to build a more resilient risk function, please get in touch.

Our Experts

Related Insights

Related Client Stories

Contact us

Find out what we can do for you...

Get in touch

Are digital and AI delivering what your business needs?

Digital and AI can solve your toughest challenges and elevate your business performance. But success isn’t always straightforward. Where can you unlock opportunity? And what does it take to set the foundation for lasting success?

Find out more