The first line of defence – ‘the business’ in the 3LoD model – is witnessing a digital transformation of risk management and governance that has accelerated since the onset of the pandemic. While the second and third lines of defence – risk management and compliance management – have dedicated resources to undertake 3LoD responsibilities, the first line must divide its attention between growing the business and the management of risk, which can be paradigmatically opposed. As growing the business must be the primary function of the first line, teams can find it challenging to give their risk management responsibility the attention it requires.
The ‘LoD 1.5’ concept (alternatively known as ‘1B’) materialised to ensure that appropriately skilled resources were available to the first line. Located in the front office, with the objective of removing some of the obligation for risk management from the first line, these LoD 1.5 risk managers, however, retain a sense of independence from their colleagues in the second line. Seen by many to be a pragmatic step by banks, the LoD 1.5 is beginning to blur the 3LoD model boundaries. There is, however, another – complementary or alternative – approach that can be taken to lessen the challenges posed by the rigidity of the 3LoD model; the deployment of digital governance, which can instil robust risk management in the first line, while reducing the time it spends on risk management activities.
The real-world benefits of deploying a digital governance platform are measurable, so the value of controls work can be decisively evaluated. The amount of time saved by the first line on risk management is redirected to revenue-generating activities; be that creating new automated trading algos or developing new trading strategies. However, digital transformation strategies for the governance of risk management are often too ambitious. Although ambition itself can be a source of positive change, GreySpark has observed that digital governance transformation projects that start small and scale up tend to better define and communicate the added value that the business functions hope to realise. Digital transformations that fail early tend to do so because either the return on investment is not easily visualized or because there is no confidence in the solution chosen and the form it should take, how it is being delivered or how existing applications will be consolidated. In this article, GreySpark introduces the Digital Governance Transformation Maturity (DGTM) Model – a digital transformation framework in lockstep with business value creation – which treats the first line as the ‘clients’ in digital transformation projects.