THREE LINES OF DEFENSE

Investor Relations / Three Lines of Defence
Arqaam Group seeks to address its regulatory and other requirements through a typical “Three Lines of Defence” systems and control structure as presented below:

Staffing

Recruitment

Training

Retention

Governance

Tone at the Top: Board and Management set the ethics

Reporting: Board should have regular MIS and other reports

Escalation: Any issues to be escalated to the Board

First Line of Defence

Business Lines: Conduct business in-line with business plan and risk appetite

Relationship Managers: Take first line of responsibility for compliance

Second Line of Defence

Risk Identification / Risk Assessment: Risk management reviews of business

Policies and Procedures: Sets out the business, risk appetite and process

Applicable Law/Rules: Ensure compliance with laws and regulations

Transaction Monitoring: Identify suspicious transactions

Third Line of Defence

Internal Audit: Periodical reviews to ensure compliance, identify risk and gaps

Communication

Awareness

The first line of defence is business units. They take risks and are responsible and accountable for the ongoing management of such risks. This includes identifying, assessing and reporting such exposures, taking into account the firm’s risk appetite and its policies, procedures and controls. The manner in which the business line executes its responsibilities should reflect the firm’s existing risk culture. The board should promote a strong culture of adhering to limits and managing risk exposures.

The second line of defence includes the risk management, finance and compliance functions. The risk management function complements the business line’s risk activities through its monitoring and reporting responsibilities. The finance function plays a critical role in ensuring that business performance and profit and loss results are accurately captured and reported to the board, management and business lines that will use such information as a key input to risk and business decisions.  The compliance function should, among other things, routinely monitor compliance with laws, corporate governance rules, regulations, codes and policies.

The third line of defence consists of an independent and effective internal audit function. Among other things, it provides independent review and objective assurance on the quality and effectiveness of the firm’s internal control system.