Why this risk management best practice is not fit for digital innovation

Research output: Online publication or Non-textual formWeb publication/siteProfessional


Innovation requires a culture of openness and transparency, where mistakes can be made, dilemmas raised and discussed, and joint decisions about the design of new services and the risks that need to be taken.
Supervisory authorities around the globe typically consider the so-called “three-lines-of-defense model” as best practice for risk management and internal control. This risk management model is based on a strict segregation of duties. The commercial departments are expected to innovate and ensure compliance for new products and services (first line). The compliance function checks for irregularities (second line). The audit department then reviews, post rollout (third line).
Original languageEnglish
Place of Publicationhttps://iapp.org
Media of outputOnline
Publication statusPublished - 22 Jan 2020


Dive into the research topics of 'Why this risk management best practice is not fit for digital innovation'. Together they form a unique fingerprint.

Cite this