As a result of requirements for financial institution risk management programs to be designed by an independent risk management function, approved by a Board of Directors, and reviewed annually to reflect regulatory changes, for many banks, compliance is intricately woven into their overall risk management framework. One of the most popular approaches to risk management, this weaving of compliance into the framework is known as the ‘lines of defense’ approach. Combined, a First Line of Defense (FLOD), Second Line of Defense (SLOD), and Third Line of Defense (Third Line) can spread focus on broader categories of risk. This multi-line approach to compliance has become increasingly common, with the International Finance Corporation (IFC) offering many examples on how banks may structure their organization.
In her first article of the series, FRA’s Jenny McVey discusses at length the similarities and differences between banking and life science compliance programs. In Part II of the series, she examines at length how large banks have structured themselves to meet strict regulatory mandates across their organizations. Included in her discussion are examples of organizational structures, a comparison of legal-led and risk management-led programs, the committee approach, and examples from JP Morgan Chase & Co.