Three Lines of Defense Model
Thecompliance department functions as the second line of defense, ensuringoversight over the first line’s compliance controls.
It doesnot directly implement controlsbutmonitors and adviseson compliance risk management.
Responsibilities of the Compliance Department
Ensures regulatory compliancewith laws, policies, and industry standards.
Monitors and enforces risk management controlswithin business operations.
Provides advisory and trainingon compliance risks.
Why Answer D is Correct
Thefirst line of defense (business operations)is responsible for executing compliance controls.
Thecompliance department (second line)providesoversight and governanceto ensure compliance adherence.
Why Other Answers Are Incorrect
Option
Explanation
A. The compliance department is responsible for implementing the first line's compliance risk management controls.
Incorrect– Thefirst line (business units)implement compliance controls, while compliance oversees.
B. The compliance department is responsible for providing oversight over the auditor's implementation of compliance risk management controls.
Incorrect– Internal audit is part of thethird line of defense, not directly overseen by compliance.
C. The compliance department is responsible for providing oversight over the board's implementation of compliance risk management controls.
Incorrect– The board provideshigh-level governance; compliance ensures business adherence to regulations.
PRMIA Governance & Compliance Oversight Framework
Basel Committee’s Guidelines on Compliance Risk Management
PRMIA References for Verification
