What are the 3 Lines?

Jul 24, 2023

In today’s world, the effective management of risks should be a priority for all AFSLs. The three lines of defence model is a risk framework that Responsible Managers and their AFSLs can engage to mitigate potential threats. The model divides the responsibilities of different roles or stakeholders in an organisation. This concept is also where our name derives from. 3Lines helps AFSLs manage risks as a second or third line of defence.

This article takes a deeper dive into the value of the three lines of defence model and how it may strengthen the resilience of businesses by ensuring that risks are proactively identified, managed and hopefully avoided or at the very least, prevent them from escalating into bigger issues.

Line one: Operations

The first line of defence encompasses the process and procedures that form the daily operations of the business. This line of defence ensures day to day business operations are compliant with internal policies and regulatory guidelines. Individuals in these first line roles have the closest proximity to risks and should be accountable for identifying, assessing and mitigating them.


Line two: Risk management and Compliance

The second line of defence encompasses the risk management and compliance business units that provide oversight over the first line of defence. It is necessary for these risk management and compliance to operate independently from the business which they are overseeing. The second line of defence should establish internal controls and ensure that the business is adhering to them by undertaking risk assessments and reviews.


Line three: Internal audit

The third line of defence encompasses the internal audit function of the business. This business unit must also act independently and are responsible for assessing the organisation’s risk management, internal control and governance processes. The purpose of this function is to provide an unbiased opinion of the overall risk management system. Reporting directly to the Board, internal audit will ensure compliance with policies, procedures, regulatory obligations, ethical standards and offer insight to enhance risk management practices.


The three lines of defence model provides a holistic approach to risk management and compliance and it is important for Responsible Managers to have a thorough understanding of how this model can apply to their AFSL.

AFSLs using 3Lines within their business as either a second or third line of defence can take comfort in knowing that as long as each module is addressed, then they can be confident that they are not only meeting their regulatory obligations but that they are also providing a robust monitoring and supervision program for representatives. They can also be confident in knowing that they will be able to provide evidence that they are proactively taking steps to meet regulatory obligations, should this be required by ASIC or any other regulator.

Tell me more!

3Lines' RM Bootcamp is a virtual set of 9 lessons, allowing you to self-pace without the worry of missing a beat or interfering with BAU. Our bite-size modules are practical and engaging, meaning you can use the lessons as a tangible guide as and when required.

Whether you're an RM, a licensee, or an adviser, this course is for you. We've designed it to be relevant to a wide audience and to guide your practice in working more efficiently and effectively.


Stay connected with news and updates!

Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.

We hate SPAM. We will never sell your information, for any reason.