Modernising your 3LOD and risk culture
4 min read 5 February 2024
The last few years have been anything but smooth sailing for financial services (FS) companies. They’ve weathered a global pandemic, strained supply chains, geopolitical crises, stubborn inflation, and countless other disruptions. And while a new year is usually a time for fresh starts, all signs seem to show that volatility will continue to be a dominant theme in 2024.
Right now, risks are all around – and they’re only getting more complex and commonplace. To stay ahead of them, a risk function can’t continue to rely on the same old strategies and solutions. The moment we’re in demands a different approach. Here are three key questions FS firms should ask to make sure their organisational culture is prepared to meet it.
1. How clear are peoples’ roles and responsibilities?
The Three Lines of Defence (3LOD) framework has long been the holy grail of risk management, ensuring there is clear independence across all three lines. But as the risk landscape becomes more complex and fast-moving, it has exposed weaknesses in the traditional framework.
In certain cases, the 3LOD model can give rise to a silo mentality, leading to poor collaboration and communication between the front-office and the risk management unit – the first and second lines of defence. This can go on to create duplication of effort, disputed accountabilities and misaligned goals around risk management.
To improve coordination across the 3LOD, everyone needs to have clearly defined roles within the framework. All team members should know how their individual roles fit into the overall framework and where their responsibilities lie and avoid grey areas. Otherwise, it can lead to situations where, for example, the first line stops performing certain activities, because they believe they are covered by the second line, when in fact this is not the case.
This becomes crystallised during times of crisis. When individuals know the role that they must play and the actions they must take, it helps the entire organisation co-ordinate its response in a more proactive and effective way.
2. Is your culture helping or holding you back?
Reflecting on recent banking crises, we notice a clear degree of interconnectedness, where risk in one area quickly spills over to others. At the same time, however, this connectivity does not extend across the business itself. Functions remain siloed, goals are not clearly defined or understood and there’s a lack of transparency between different teams.
To deal with increasingly interconnected risks, everyone needs to work together – and that’s where risk culture becomes key.
We know that over the next year, more organisations are going to embark on culture programmes. Why? Because they recognise that breaking down barriers is going to be really important to deal with the current and emerging risk landscape.
To drive this transformation, FS firms need to ask deeper questions about their risk function and the business as a whole. Does the organisational culture empower people to speak up and challenge the status quo? Or are there strong forces which prevent this and lead to group think? Are people encouraged to raise concerns or are they advised to keep their head down and to stick to what they know?
If everyone works together in a spirit of trust and transparency, this lends itself to greater accountability and more effective decision-making. For this, it’s absolutely vital to set the right tone from the top. Here, senior management must lead by example, showing the right behaviour and right actions themselves.
3. Do you have the right tools and technology to support you?
Technology can be a great enabler to improve the efficiency of and insight from risk management activities. But many financial institutions find themselves weighed down by legacy systems and processes, which can stand in the way of digital transformation.
We see many organisations using technology that was first introduced many years ago, in a very different landscape. They spend considerable time and money maintaining a web of complex, often disjointed systems that have been built up over decades, often as a result of legacy mergers and acquisitions. It’s also difficult for them to make updates to these systems and integrate next generation tech including opportunities to harness artificial intelligence (AI).
There’s no easy way to overcome the barrier posed by monolithic legacy tech. For many firms, it’s like tearing up the foundations to a house and rebuilding them while you’re still living in it. But, at some point, modernisation becomes inevitable, and organisations will have to decide on what path they take to get there. With advances in technology and approaches to implementation, we are seeing exciting options for effective and cost sensitive transformation to take place with both the use of existing applications whilst improving overall architecture and moving to cloud.
Ultimately, an organisation’s risk framework, culture and technology are closely intertwined. It takes all three working in harmony to drive effective mitigation of and response to risks. Plus, with the nature of that risk continually changing, FS companies can’t see these elements as a monolith either. Their approach to oversight and management needs to be flexible and adaptable in order to take on today’s threats and tomorrow’s opportunities.
Our Experts
Related Insights
Why banks fail
After a decade of relative calm, a series of sharp and sudden failures hit the banking industry hard. They’ve prompted many post-mortem analyses, discussions, and regulatory recommendations. But are other institutions really taking the lessons learned to heart?
Read moreHow do super CROs navigate the double-edged sword of AI?
Explore how AI is transforming risk management for superannuation funds and the strategies Chief Risk Officers are using to navigate the complexities of the modern financial landscape.
Read moreFour steps to comply with the updated BCBS239 regulations
Banks have spent millions on BCBS239 compliance, but they aren’t yet in the clear. In case you missed it, the ECB recently published new guidance that updates the decade-old regulation. Here are the four actions that we recommend firms take to meet the latest BCBS239 rules.
Read moreAI risk management: are financial services ready for AI regulation?
Find out how AI is transforming financial services and the crucial need for proactive risk management and compliance in the evolving regulatory environment.
Read moreRelated Client Stories
Delivering regulatory change for UK building society
How can a UK building society deliver regulatory change while ensuring a great customer experience?
Read moreKeeping large-scale capital investment on track
How do you independently assess the governance and maturity of a multi-billion program?
Read moreEquipping a UK building society to fight financial crime
How do you create a technology platform that can stay one step ahead of financial criminals?
Read moreUsing regulatory change as an opportunity to strengthen and rationalise internal controls
As UK regulators plan an Internal Controls and Governance directive, this major insurer seized the opportunity to achieve its long-term ambition.
Read moreAre digital and AI delivering what your business needs?
Digital and AI can solve your toughest challenges and elevate your business performance. But success isn’t always straightforward. Where can you unlock opportunity? And what does it take to set the foundation for lasting success?