Ellen McCarthy, Head of Compliance at Computershare, opines on the IIA’s recent updates to its three lines of defense model, positing that they fail to recognize the importance of the independence of the compliance function.
The Institute of Internal Auditors (IIA) last month issued a new three lines model, updating its “Three Lines of Defense” model to set forth the IIA’s “latest understanding of governance and risk management.” Below, I have set out my personal view along that, while the new model applies flexibility and a principles-based approach (a very positive development), the chief shortcoming of the model is that it overlooks the criticality of the independence of the compliance function.
Independence of Compliance: What does it mean?
The Basel Committee on Banking Supervision (BCBS), a 45-member global group of banking regulators and central banks, has published what many consider the most cogent description of compliance function independence. Members of this group include:
- Board of Governors of the Federal Reserve System
- Office of the Comptroller of the Currency
- Federal Deposit Insurance Corporation
- Federal Reserve Bank of New York in the United States
- Prudential Regulation Authority
- Bank of England in the United Kingdom
- European Central Bank
- Swiss Financial Market Supervisory…