Introducing the 1.5 Line of Defence in Fraud Risk Management

Building robust organisational resilience is crucial for businesses to thrive in the ever-changing landscape of the banking industry. Establishing effective lines of defence against various risks and challenges is an integral part of this resilience.

Fraud poses significant challenges for banks, involving the use of deception to obtain money or other property from financial institutions. As banks engage in large volumes of customer transactions and applications across various channels, they face the risk of fraud in many forms across banking products and channels, including credit cards, digital payments, and loan applications. To safeguard against these threats, implementing a robust fraud risk management framework becomes crucial.

For a detailed article on fraud risk and its various forms in APAC, refer to our publication here.

Despite its comprehensiveness, the traditional 3LoD model in fraud risk management may not always be sufficient to fully address the constantly evolving and complex nature of fraud risks in an organisation’s operating environment. There are several challenges that organisations may encounter when using this operating model, including:

• Lack of coordination. Stricter mandates and a silo mentality may cause a disconnect between the operations-focused first line of defence and the policy-driven second line of defence. Although it is important to clearly define the roles and responsibilities of each line, this may be counterproductive in crisis management or escalation situations that require prompt actions to prevent further fraud loss and manage reputational risk.
• Limitations of the second line of defence policies. The application and management of controls defined by the second line of defence often rely on manual processes that are not easily customisable. This may lead to rigidity within a system that attempts to address dynamic risks, resulting in operational challenges.
• Resource capability restrictions. Problems may also arise if the first line of defence lacks sufficient experience to handle the risk and implement the controls defined by the second line of defence. Conversely, the second line of defence resources may not be able to cover the first line of defence during capacity challenges in times of crisis due to specialised skillset requirements.

To address these limitations, banks may need to implement a solution that improves the operational and control effectiveness of the LoD framework while enabling an immediate response during crisis situations. This solution may take the form of a fourth line, known as the 1.5 line of defence.

As the financial crime landscape continues to evolve, banks are increasingly recognising the need to introduce an additional function to strengthen their overall fraud risk management framework. This function, commonly referred to as the ‘1.5 line of defence’ or the fraud risk control function, consists of a team of control specialists who conduct checks based on the bank’s risk framework and bridge the gap between the first line of defence and the second line of defence. This includes a degree of separation between relationship managers and 1.5 line of defence control functions.

This team is crucial in mitigating fraud risks and ensuring that banks are well-equipped to handle the evolving nature of financial crime. By introducing a robust 1.5 line of defence, banks can strengthen their overall 3LoD framework.

The 1.5 line of defence tests existing controls to ensure that they are operating as intended and provides solutions to any deficiencies or gaps or escalates significant issues to the second line of defence. Control monitoring assessments are also performed to assess the need for new controls in operational processes and to manage emerging and existing risks. The teams work closely with the first and second lines of defence to ensure that the organisation adheres to the overarching fraud risk management framework and policies.

Additionally, the fraud risk control function is responsible for monitoring and overseeing the resolution of any critical exceptions detected through the analysis of subsequent reports generated by the team. A variety of skill sets, such as control expertise, project management, risk management, regulatory reporting, data analytics, technology, and audit, will be required for this team, as they are partly responsible for the bank’s independent checks.

The team may report to the first or second line of defence, to operations, or directly to the Chief Risk Officer within the risk management function, depending on the model adopted by the bank. They may also highlight the risks based on the key 1.5 line of defence indicators to the risk committee or data management committee on a weekly or monthly basis.

To understand whether implementing a 1.5 line of defence is the right step for your organisation, the following important factors may be considered:

• Size and complexity of the organisation: Larger organisations handling a diverse range of products and services tend to require multiple complex layers of controls to effectively manage risks and hence are more likely to benefit from a dedicated fraud unit. However, the decision regarding the ownership of line 1.5 between the first and second lines depends on the individual banks' policies and existing accountability matrix.
• Risk profile: The significance of the 1.5 line demarcation lies in the fact that conducting additional assurance on the first line of defence can highlight gaps and deficiencies in the existing control environment, which are important for institutions providing services in high-risk economies. This can help provide forward-looking risk assessments and identify new and emerging fraud risks before they materialise.
• Existing fraud management model: Since the mandate of this team is to independently validate the controls and functions of the first line of defence and support the second line of defence, there will be minimal disruption to existing business-as-usual (BAU) functions. The checks will also be performed on a periodic basis by leveraging anomaly detection technology and case managers to automate the monitoring and controls on the first line of defence.
• Benefits realised from implementation: As one team will be overseeing the end-to-end controls testing evaluation, this will ensure:
  • Greater consistency in the output of each validation cycle.
  • Familiarity and continuity on who will be carrying out the validation work each time.
  • Cohesive end-to-end overview of the state of adherence to the bank’s fraud risk framework and regulatory guidelines, considering the various validation work executed throughout the year.

Having a 1.5 line of defence has its advantages but assembling the 1.5 line requires the bank to incur additional costs in establishing a specialised team. This entails providing sufficient lead time and incentives to attract the right candidates to form a team that – at the minimum – has experience in risk, technology, and data. Ideally, the candidates should have internal or external audit experience in financial institutions to adequately understand controls and their implementation.

Furthermore, stakeholders may perceive the detachment of the 1.5 line of defence team from BAU functions as an obstacle to practical implementation, given that their observations, findings, and approaches may seem more theoretical. To rectify this, the bank can provide additional training and rotation programme for the team members in relevant BAU teams. However, the steep learning curve associated with these programmes may be a deterrent.

It is essential to communicate to the team that their review exercise should focus on identifying relevant fraud risk issues and resolving potential control gaps, rather than just checking whether a procedural requirement is being followed. This distinction needs to be clearly delivered to all parties involved to ensure that the result is a strengthened line of defence structure.

The banking industry has evolved, necessitating a review of the traditional lines of defence model and possibly adding an additional layer of defence to strengthen banks' fraud risk management framework.

The 1.5 line of defence, which combines technology and human expertise, may prove to be crucial in detecting and responding to fraud incidents, protecting both the bank and its customers from financial loss. However, the costs of recruiting and training a specialised team for the 1.5 line of defence can be significant and may be an unfeasible option for smaller banks with budget constraints.

Therefore, before implementing the 1.5 line of defence, banks need to determine the right approach, considering their unique risk profile and operational scale. A suitable approach also involves well-defined responsibilities for all three lines of defence and the implementation of measures to strengthen their current lines of defence model.

Through strategic planning, collaboration, and resource allocation, financial institutions can strengthen their defences and build trust with customers in an environment fraught with potential threats. Embracing this change is not only an opportunity but a necessity for financial institutions looking to stay ahead in a rapidly changing landscape, and Synpulse is best positioned to assist in this journey.

With our in-depth understanding of financial fraud risk management, including its nuances and the corresponding technology vendor landscape, we are at the forefront of defining the right approach for our clients. Leveraging over 25 years of experience in strategy and technology implementation, as well as expertise in defining a robust operating model and using AI/ML for regulatory compliance, Synpulse stands ready to guide you in addressing fraud at all levels within your organisation.