Book traversal links for 2.3. Role of the Third Line of Defense
2.3. Role of the Third Line of Defense
Effective from 7/6/2021The independent testing function is responsible for evaluating the design and operational effectiveness of an LFI’s compliance program controls, including technical compliance with AML/CFT policies and procedures. This function serves as a “third line of defense” to identify gaps, deficiencies, and weaknesses in operational controls owned or overseen by an LFI’s business, operations, and compliance functions. Independent testing should be conducted by an internal audit department, outside auditors, consultants, and/or other qualified, independent third parties. At a minimum, employees responsible for conducting independent testing should not be involved in the function being tested or in other AML/CFT functions that could compromise their independence. Risk-based auditing assists an LFI’s Board of Directors and senior management in identifying areas of weakness, prioritizing those areas for remediation, and ensuring the provision of adequate resources, oversight, and training for affected employees.