First line of defence
The first line of defence is focused on management of risks in the bank’s operational activity and is based on business units which, as part of their dayto-day activities, generate risks that affect achievement of the bank’s objectives.
The first line includes activities performed by each employee to ensure the quality and correctness of the completed tasks.
The first line of defence checks the compliance with procedures and responds to any identified irregularities.
The rules of independent monitoring as part of this line of defence are established by the Management Board member in charge of a Division or a bank/Area Director or the President of the Management Board of a subsidiary in the form of relevant internal regulations, taking into account the segregation of duties.
Second line of defence
The second line of defence involves risk management by employees in dedicated roles or organisational units and the operations of the compliance unit.
Risk management as part of the second line of defence is independent from risk management in the first line of defence.
The second line of defence comprises functions which support the bank’s managers in identification and management of risks. To that end, the second line of defence provides relevant tools, develops internal regulations and techniques for managing, monitoring, verifying, testing and reporting risks.
The units of the second line of defence conduct independent vertical monitoring in order to verify whether the first line of defence takes effective measures and applies the required controls.
Third line of defence
The third line of defence is formed by the Internal Audit function which provides independent and objective examination and assurance of the first and second tier controls as well as assesses the management system of the bank and its subsidiaries, including the effectiveness of managing the risk related to the operations of the bank and its subsidiaries.