Heightened regulatory requirements and standards for risk management and governance have forced major financial institutions to re-evaluate the operating effectiveness of their risk frameworks, leading a large majority of banks to enhance their controls and bring accountability back to the first line.
This trend toward greater ownership and responsibility for both financial and non-financial risk in the first line of defense is putting the onus on the business to manage the risks of their products and services — a transitionary move away from the compliance and risk-driven approach in the years following the financial crisis of 2008, where issues were largely identified retroactively by second-line compliance and third-line audit groups.
“The impetus has really been to ensure accountability is felt and managed in the right place, which is within the front office for key risks, especially conduct related risk,” said a Head of Front Office Controls at a large global bank.
Trading scandals such as the London Interbank Offered rate (LIBOR) Manipulation scandal and the FX-fixing scandal, which resulted in bank fines and penalties of more than $9 Billion from regulatory authorities in the United States, the UK, and the European Union, necessitated the creation of this independent control function within the front-office capital markets businesses.
The emergence of the front-office control function has forced the banks to re-allocate resources and reshuffle headcount away from first-line business, second-line compliance and risk, and third-line audit teams in order to meet the increasing demands of first-line of defense control function.
“We are seeing more internal hires from business roles backed up with experts from the second or third lines to help guide approaches within the team,” said senior control professional at another large global bank. “But it’s very much business-led.”
he first-line control function has led to the creation of the Chief Control Officer (CCO), an executive responsible for the oversight of all risk and control activities across all business units. Dependent on the size of the bank and the maturity of the program, each individual business unit tends to have senior control officers and first-line executives who manage surveillance, business risk and controls and testing and assurance teams, thus allowing a more defined end-to-end view of their business.
Second-line of defense compliance groups have begun to serve more in an advisory capacity to the business, relinquishing some of their risk oversight responsibility to the Chief Control Officer. Still, there are areas of overlap between the first and second line testing and assurance teams as this new first-line risk approach continues to take shape. The role and responsibility of third-line audit teams remains much the same.
The front-office control function is becoming a generally accepted practice for global banks looking to enhance the ability of the first line to manage non-financial risks, rather than compliance staff conducting front-office reviews on their behalf. We are seeing many financial institutions not only adopt this first-line approach to risk management within Capital Markets businesses but also within other lines of business such as Wholesale, as it ensures the clear identification of the risks directly from the source.