As a user of company compliance and business address services like those provided by us here at London Registrars, you may have previously encountered references to the ‘three lines of defence’ model. This is a well-established governance framework for risk management and will help your organisation to set out clear roles and responsibilities in this vital area.

The ‘three lines of defence’ model was developed as a result of concerns about the potentially greater risk of accidents in organisations where additional layers of redundancy and safeguards are added.

It was feared that such extra layers could make systems unduly complex, thereby increasing the inevitability of failure. Firms implementing the ‘three lines of defence’ model therefore do so with the aim of defining clear roles and responsibilities, and maintaining separation between those roles, to help prevent accidents.

Defining the three lines of defence

The model sets out three distinct groups within an organisation that are necessary if risk is to be effectively managed. The aim is to provide a simple and effective way to enhance risk management communication through the clarification of essential roles and duties.

The roles and responsibilities are spread across first, second and third lines of defence. The first line of defence concerns functions that own and manage risk.  The second line of defence relates to functions that monitor risk and compliance. Finally, the functions that  make up the third line of defence are those that provide independent assurance on risk management.

The board and senior managers are the primary stakeholders served by these lines. Crucially, the three lines are closely aligned in their work, partnering with each other to ensure the strongest possible risk management.

How can your company ensure the success of this model?

The ‘three lines of defence’ model is as much about the wider system as it is about the individual lines. To implement this risk management model successfully within your own firm, it is vital to freely share information, coordinate activities and keep stakeholders informed.

Information must flow dynamically across the three lines if your organisation is to achieve the best possible results from this model. However, the exact way each line of defence works will depend on what suits your organisation.

For more comprehensive corporate governance, risk and compliance support, and business address services, do not hesitate to contact the London Registrars team.

16 August 2019

Consultation draft principles and guidance set out by the Risk Coalition

In early July, the Risk Coalition published consultation draft principles and guidance for board risk committees and risk functions in the UK’s financial services sector, a development that may be of interest to many of those using our UK company formation services here at London Registrars.

The Risk Coalition is a network of not-for-profit professional bodies and membership organisations seeking to raise the standards of UK risk governance and risk management.

What purposes is the draft guidance meant to serve? 

It is intended that the draft guidance will provide coherent and authoritative principles-based guidance on good practice for board risk committees and risk functions.

Other aims of the draft guidance include the development of a common understanding of the purpose and remit of board risk committees and risk functions, as well as the provision of a benchmark against which board risk committees and risk functions can be objectively assessed.

What is contained within the guidance?

The guidance consists of two parts, and assumes that organisations operate a risk management model based on three lines of defence.

The first part of the guidance concentrates on setting out reasonable expectations for a mature board risk committee, by defining eight key principles, alongside supporting guidance on how they may be met. These principles cover such areas as the role of the board risk committee and board accountability, board risk committee composition and membership, risk culture and remuneration, risk management and internal control systems and risk information and reporting.

The second part of the guidance, meanwhile, addresses the role and responsibilities of the chief risk officer and second line risk function.

A consultation of relevance well beyond financial services firms

While the draft guidance’s scope is limited to financial services, the Risk Coalition hopes the principles it establishes will be regarded as pertinent to other sectors, with consultation responses welcomed from those outside financial services.

The consultation will close on 20 September 2019, and the Risk Coalition expects to publish a final version of the guidance in December 2019.

If are you presently seeking out the most appropriate UK company formation services for your own business, simply email, call or fax us today and our company incorporation experts would be pleased to discuss your requirements.

15 August 2019

Is your large private firm’s energy and carbon reporting both streamlined and compliant? 

As trusted providers of company secretarial and registered office services here at London Registrars, we would like to take a moment to draw your business’s attention to the latest energy and carbon reporting requirements for large private companies.

Continue reading

You might not have imagined when you first set up a company and started marketing its products and services through a website, that your online ‘meet the team’ page – of all possible things – could possibly land you in legal bother.

Continue reading

In the first case of its kind, prosecution by the Information Commissioner’s Office (ICO) has led to an employee being handed a jail term due to their misuse of customers’ personal information. It is the latest story that should highlight to organisations the importance of paying heed to the new data protection regime under the much-publicised General Data Protection Regulation (GDPR).

Continue reading

While every conscientious business will naturally wish to be secretive about much of the information it shares with the outside world, there are certain details that it must divulge. Continue reading

The UK will shortly implement a part of the Digital Economy Act 2017 that requires some websites to verify the ages of its users. This age-verification requirement has been widely referred to as the “porn block”, and is finally set to come into force on 15^th July this year.

Continue reading

At the time of typing, the UK is scheduled to formally complete its long-awaited departure from the European Union (EU) by 31^st October 2019, a six-month extension to the Brexit process having been granted by the EU after five hours of talks in Brussels on the evening of 10^th April.

Continue reading

A question that we have frequently heard from those to have used our ltd company incorporation services has been that of whether all joint shareholders are entitled to attend and speak at a given general meeting.

Continue reading

One task that will certainly not cease to be important during 2019 – along with that of setting up a business in a legally compliant fashion to begin with – is that of optimising your organisation’s cyber security practices. A strong cyber security culture, continually focused on plugging weaknesses, will help to shield your firm against the ever-present risk of attack.

Continue reading