Building a Culture of
Differentiating the First Line of Defense
Risk and compliance must be enforced by every member of the organization, but different
people have different levels of responsibilities. If we look at the total defenses an
organization puts up against compliance violations, we can divide the defense into three
lines. So, what are the ‘three lines of defense’ when referring to compliance and risk
management? The first line is typically management, the second line is an independent
compliance or risk management team, and the third line is of course the internal audit.
Dividing the defense into lines is important because it illuminates the different
responsibilities that they have. Think of a garrison that is guarding a fort. The goal of
everyone in the fort is to defend from external attacks, but the way they carry out this
responsibility is different within each line. The soldiers here are the first line of defense and
if an attack comes, they are the ones who deal with it. The second line of defense will be
the troop leaders, who must ensure that the soldiers are positioned in a way that allows
maximum visibility. The third line will be the government or state to which the soldiers
belong, and they must ensure that the garrison has the resources and support they need to
put up a good defense.
When we look at banks and financial institutions, first line management staff are the primary
owners for compliance risk, but they are not fully engaged in the process as it does not
demonstrate a net improvement in their P&L. This arrangement clouds the priorities of the
management team and increases the workload on the second line of defense, which
comprises of dedicated risk and compliance professionals. Every organization wants their
first line of defense to address as many compliance issues as possible, but without the way
to demonstrate the importance in terms that may be reflected in an P&L, that may be difficult.
Organizations need to understand that while the second line of defense is focused on
compliance, the first line’s focus is elsewhere. Compliance is just one facet of their job role.
Compliance is also complicated and requires a lot of focus and due diligence. When an
employee has many job responsibilities, it is easy to see why one of the toughest ones to
fulfill may not always be completed.
How using technology can help you
encourage the first line to "want" to
be compliant
Technology changes the game for the first line of defense. Technology solves the core
problem which results in compliance not being enforced by the front line – inconvenience.
But it also can solve the perceived notion that a technology compliance solution can in fact
have a positive impact on the P&L. If compliance remains complicated to enforce, the first
line will have to choose between due diligence and doing their job. Compliance management
systems make compliance functions so convenient that this roadblock is completely
removed. A Thompson Reuters report says that in 2018, 61% of firms are expecting an
increase in their total compliance budget for the year. A significant portion of this budget
increase is focused on implementing new technological solutions to support the first line of
defense to safeguard their compliance and risk programs.
The first line of defense is the most important in the compliance process as the goal is to
ensure the compliance issues remain small. Giving managers technological options can
assist them to make decisions that align with their valued goals. When managers see how
solutions can be presented through technology, those decisions can have a positive impact
on the outcomes being made. An organizational culture can provide options in a manner that
can deliver better results.
Bridging the gap between compliance
and the first line of defense
The disconnect between compliance and the first line team results in many compliance
related issues. This disconnect happens when the goals of the first line and the compliance
department are often not aligned. While they are both aligned with their organizational goals,
their focus is on different things. The compliance department is trying to comb through as
much information as possible to meticulously weed out any compliance violations or
conflicts. Their performance is measured by how well they enforce compliance. The first
lines performance is measured by how quickly they can gain clients and how quickly they can
deliver services to customers.
This different prioritization of job responsibilities leads to compliance violations. The first
line is trying to perform at the highest efficiency possible. If they focus more on compliance,
then their efficiency and thus the main metric which is used to measure their performance
suffers. Thus, compliance violations become an emergent phenomenon in such
Technology is a great way to bridge this gap between
compliance and the first line team. Once a compliance
management system is implemented the first line
managers have a direct way of interacting with
compliance requirements. Compliance is no longer
something they must think about – it is a system that is
performing right in front of them, and one they can
interact. The speed of compliance improves so
efficiently thanks to technology that the first line can
enforce compliance without negatively affecting their
own performance.
The implementation of the system also allows organizations to create new KPIs.
Performance can be tracked more comprehensively thanks to the system which keeps track
of every action taken, and compliance related KPIs can be introduced. This allows
organizations to align both the first lines needs and the organization’s compliance needs.
Being considered a consultant in the
first lines' eyes
Compliance technology changes the relationship between the compliance professionals
within the organization and first line managers. It allows compliance professionals to act as
consultants who can help the front-line quickly eliminate compliance violations and
understand compliance problems. If a front-line employee is confused about a topic, they can
simply flag it in the compliance management system, and the relevant compliance
professional will be automatically notified.
First line employees can also freely interact with compliance professionals through the
system. These systems also have the option of leaving notes and having discussions right
within the system. Thus, whenever the first line managers need help, all they need is to
access the system and start a discussion.
Compliance systems also empower the second line and
allows them the opportunity to act as consultants.
Compliance and risk professionals are some of the
busiest people in the organization. They don’t just have to
ensure compliance is enforced, they also must manually
maintain the compliance and risk framework. They must
keep manual records, distribute records as needed, verify
information, ensure everyone has the same version of a
file, and have to seek information from hundreds of
different spreadsheets and documents.
Compliance technology automates these tasks by creating a digital compliance framework
that maintains its own integrity. The menial administrative tasks are all automated.
Compliance professionals thus have the time to do meaningful work that helps the
organization. They are available to act as consultants because the administrative time has
been removed from their routine.
Looking Ahead
Organizations need to ensure that their first line of defense has access to resources that help
it eliminate compliance issues. This approach is the most efficient approach because it
eliminates compliance conflicts before they even make it into the organization. If
organizations want to improve their defenses against compliance conflicts they need to
ensure that they provide the right systems and technologies to their employees.
When you integrate a technology solution that encourages engagement from the front line,
adds support to the second line, and ensures your meeting or exceeding compliance
expectations from third line auditors, you are in fact building a culture of compliance within
your workplace.
Office Address:
1101 S. Capital of Texas Hwy
Building J, Suite 202
Austin, TX 78746