Module: | MODULE B: RISK MANAGEMENT
Q408: Consider the following statements regarding the 'Three Lines of Defense' model in Operational Risk Management:
1. The first line of defense consists of the business units, which are responsible for identifying and managing the risks inherent in their products and activities.
2. The Operational Risk Management Department (ORMD) acts as the third line of defense by providing independent assurance to the Board.
3. The second line of defense is responsible for designing the risk management framework, policies, and monitoring methodologies.
Which of the statements given above is/are correct?
2. The Operational Risk Management Department (ORMD) acts as the third line of defense by providing independent assurance to the Board.
3. The second line of defense is responsible for designing the risk management framework, policies, and monitoring methodologies.
Which of the statements given above is/are correct?
✅ Correct Answer: B
The correct answer is B. Statement 1 is correct: In the Three Lines of Defense model, the first line constitutes the business units or lines of business.
They are the primary risk owners and are directly responsible for identifying, assessing, and managing the risks associated with their day-to-day operations and products.
Statement 2 is incorrect: The Operational Risk Management Department (ORMD) does not act as the third line of defense.
The ORMD, along with the Compliance function, constitutes the second line of defense.
The third line of defense is strictly reserved for Internal Audit.
Statement 3 is correct: The second line of defense (ORMD) functions independently of the first line.
Its primary role is to design the overall operational risk management framework, draft policies, define risk measurement methodologies, and monitor the risk profile consistently across the bank.
Therefore:
Option A is incorrect because Statement 2 is false.
Option B is correct as both Statement 1 and 3 are true.
Option C is incorrect because Statement 2 is false.
Option D is incorrect because Statement 2 is false.
They are the primary risk owners and are directly responsible for identifying, assessing, and managing the risks associated with their day-to-day operations and products.
Statement 2 is incorrect: The Operational Risk Management Department (ORMD) does not act as the third line of defense.
The ORMD, along with the Compliance function, constitutes the second line of defense.
The third line of defense is strictly reserved for Internal Audit.
Statement 3 is correct: The second line of defense (ORMD) functions independently of the first line.
Its primary role is to design the overall operational risk management framework, draft policies, define risk measurement methodologies, and monitor the risk profile consistently across the bank.
Therefore:
Option A is incorrect because Statement 2 is false.
Option B is correct as both Statement 1 and 3 are true.
Option C is incorrect because Statement 2 is false.
Option D is incorrect because Statement 2 is false.