The Bank for International Settlements, sometimes known as Basel Committee, have just released an Occasional Paper (source: https://www.bis.org/fsi/fsipapers11.htm) on “The 4 lines of defence model for financial institutions”.
If you don’t know BIS or Basel, then picture them as the Jedi Council of central banks globally. The Reserve Bank of Australia (RBA) sit on this council; and APRA as the prudential regulator leverage the content that comes from BIS for its prudential regulation.
So, what does this Occassional paper outline?
Essentially the focus is on the 4th line of defence, being Regulatory Supervisors and External Auditors, and how they interact with the 3 lines of defence (being the front-line operating functions, risk management and internal audit).
A key comment in the paper is “a need for establishing standards on how to foster the relationship by balancing the obligation of the supervisor to assess the internal function with his collaborative role in maintaining an open and constructive work relationship for information-sharing purposes”.
The paper then outlines a 4th line that splits function between “assessor role” and “collaborator role”. Essentially, this is where one office provides the resources for prudential reviews whilst another office engages in constant dialogue. However, at the moment this is not formally established in a regulatory standard.
Most telling in the paper is that Internal Audit would see “a shift to a fourth line of defence articulation would be accompanied by a closer interaction between internal auditors, external auditors and supervisors”.
Definitely worth a read if you are in Internal Audit and Risk Management.