Answer-first summary for fast verification
Answer: The safeguards of three lines of defense do not always work, because risk management systems always have loopholes and become obsolete quickly.
## Explanation The three lines of defense model is a risk governance framework used in financial institutions: - **First line (A)**: Business units that own and manage risks in their daily operations - **CORRECT** - **Second line (B)**: Risk management and compliance functions that provide oversight and expertise - **CORRECT** - **Third line (C)**: Internal audit that provides independent assurance - **CORRECT** **Option D is INCORRECT** because: - While risk management systems can have limitations, the statement that they "always have loopholes and become obsolete quickly" is an overgeneralization - Well-designed three lines of defense frameworks are intended to be robust and adaptable - The effectiveness depends on proper implementation, not inherent flaws in the concept itself - Risk management systems can be updated and improved over time rather than becoming quickly obsolete The three lines of defense model is widely accepted as a sound risk governance framework when properly implemented and maintained.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Which of the following statements incorrectly describes the concept of three lines of defense?
A
The first line is the business line, which generates, owns, and manages risks.
B
The second line is the risk managers, who specialize in the risk management and day-to-day oversight.
C
The third line is the periodic independent oversight and assurance, such as an external audit.
D
The safeguards of three lines of defense do not always work, because risk management systems always have loopholes and become obsolete quickly.