What are the three lines of defense in AML compliance?

The concept of the three lines of defense is essential in understanding how organizations manage risk, particularly within the realm of anti-money laundering (AML) compliance. The correct choice highlights that the three lines of defense consist of the line of business, compliance functions, and internal audit.

The line of business represents the first line of defense, as it is responsible for identifying and managing risks associated with their operations, ensuring that AML rules and regulations are followed in everyday transactions and customer interactions. Employees in these business units are often the frontline staff who implement day-to-day compliance measures.

The compliance functions form the second line of defense, which include teams and individuals tasked with developing, overseeing, and enforcing compliance protocols. This group provides support and guidance to the first line, offering expertise in AML regulations and best practices to ensure that the business activities align with legal requirements.

Internal audit serves as the third line of defense, conducting independent assessments of the effectiveness of the first and second lines of defense. Internal audit evaluates whether the processes and controls in place are appropriately designed and functioning effectively, and they provide assurance to senior management and the board regarding compliance risks.

The cohesion among these three lines ensures a robust risk management framework, allowing organizations to adequately address and mitigate AML risks. Each line plays