It is unbelievable that we are almost at the end of January 2020 and barely a month into a new decade. In 2019, the Regulatory Universe in New Zealand saw acts promulgated and existing legislation modernised for today’s business environment, a notable mention of the extensive regulatory work currently underway in the Financial Services sector. 2020 shows no sign of slowing down and the need for specialist Risk & Compliance talent is ever growing.

In a previous article “Ensuring Regulatory Compliance Talent Outlook 2020” I touched on the key areas where Financial Service organisations are adopting Regulatory Compliance and the specialist skill sets needed to uplift an organisations risk maturity. I shall in a 2 part series of articles explore how embedding compliance with all key legislation in the organisation as a function of certain critical activities stems from collaboration across key governance functions such as Legal, Compliance, Risk Management, and Internal Audit which all form part of the “three lines of defence”. In part 1 I will identify the three lines of defence. The success of any compliance and monitoring programme depends on the existence, functioning and integration of these lines of defence in the performance of their duties. 

As regulation matures globally and is embedded in Key industries, skillsets are aligning to the risk maturity of the business. In order to assist those looking to transition into a Risk & Compliance career in 2020 or progress their current role within the wider risk team I thought it prudent to give an overview of the three lines of defence as well as an overview of their key responsibilities as a guide: 

1st line of defence – (Management Assurance)

In the 1st line the setting and executing of strategies provides direction, guidance and oversight which in turn promotes a strong risk and compliance culture by managing any risk exposure. Controls are designed and implemented with the ongoing management of risks.

2nd line of defence – (Risk Management, Legal and Compliance)

The 2nd line is more robust with the setting of policies and minimum standards. The interpretation of regulatory compliance and the objective oversight with the ongoing challenge of risk mitigation, management and performance is achieved across the business units through reporting and regular monitoring of Risk, Legal and Compliance. The 2nd line advises the 1st line defence. 

3rd line of defence – (Internal Audit) 

In the 3rd line the overall adequacy of the independent and objective assurance oversees the effectiveness of governance, risk management and internal controls of the 1st and 2nd lines of defence. The 3rd line links business risks with established processes whilst providing assurance on the effectiveness of mitigation plans and managing organisational risks.

In part 2, the final article in this series, I will take a closer look at Legal/Compliance; Risk Management; Business Operational Compliance and Internal Audit as it applies to Regulatory Compliance Roles and Responsibilities in the organisation.

As mentioned earlier on in this article, should you be looking for career guidance; an international talent looking to embark on a new life in New Zealand or just wanting some insights as to your next step in your New Zealand career, we at Tyler Wren can offer insight into developing your Risk & Compliance career. Please do get in touch gbloxham@tylerwren.co.nz or 09 974 9072.