It is unbelievable that we are already approaching the end of January 2020—barely a month into a new decade. In 2019, the Regulatory Compliance landscape in New Zealand evolved significantly. New Acts were promulgated and existing legislation modernised to suit today’s business environment. A standout development was the extensive regulatory work currently underway within the Financial Services sector.
Looking ahead, 2020 shows no signs of slowing down. In fact, the need for specialist Risk and Compliance talent in New Zealand continues to grow at pace.
In a previous article, Ensuring Regulatory Compliance: Talent Outlook 2020, I highlighted the key areas where Financial Services organisations in New Zealand are actively embracing regulatory compliance. I also covered the specialist skill sets needed to enhance an organisation’s risk maturity.
To expand on this, I will now explore—in a two-part series—how embedding compliance across critical business activities depends on strong collaboration. This collaboration spans Legal, Compliance, Risk Management, and Internal Audit, which collectively form what is known as the “three lines of defence”. In Part 1, I’ll define these three lines. The success of any compliance and monitoring programme truly depends on the existence, effectiveness, and integration of these functions.
As regulatory expectations evolve globally and compliance becomes embedded across industries, professionals need to align their capabilities to the risk maturity of their organisation. Therefore, if you’re considering a transition into a Risk & Compliance career in New Zealand or seeking to grow your current role, here’s a clear overview of the three lines of defence and their responsibilities:
1st Line of Defence – Management Assurance
This line includes frontline business units and managers who set and execute strategy, provide direction, and oversee daily operations. They manage risk exposure, support a culture of compliance, and design and implement controls to manage operational risks effectively.
2nd Line of Defence – Risk Management, Legal, and Compliance
The second line strengthens oversight by setting policies, enforcing minimum standards, and ensuring regulatory interpretation and application. These teams play a crucial role in advising the 1st line, providing objective monitoring, and driving ongoing risk mitigation across the business. They also contribute to regular reporting on risk and compliance issues.
3rd Line of Defence – Internal Audit
The third line delivers independent assurance. Internal Audit assesses the overall effectiveness of governance, risk management, and internal controls established by the first and second lines. Their work provides an essential link between business risks and established processes, evaluating the success of risk mitigation efforts and strengthening organisational integrity.
In Part 2, I’ll take a deeper dive into how Legal and Compliance, Risk Management, Operational Compliance, and Internal Audit functions contribute to the structure of Regulatory Compliance roles in an organisation.
As mentioned earlier, if you’re seeking career guidance in Risk & Compliance, are an international candidate looking to relocate to New Zealand, or simply want insight into your next professional move, the team at Tyler Wren can help. We provide specialised recruitment support for Risk & Compliance roles across the Financial Services and wider corporate sectors.
Please reach out to me directly at gbloxham@tylerwren.co.nz or call 09 974 9072 for a confidential conversation.