The Four Lines of Defense (4LOD) Model

MCB believes in the risk philosophy that risk and compliance is not only the function of the Integrated Risk and Management Department/Committee or Risk and Compliance Managers but also all the employees across the bank and thus we always strive to inculcate this belief across the organization that all the staff are equally important and responsible for overall bank level integrated risk and compliance management. Typically, there are 4 Lines of Defense, including 3 Lines of Defense internally and 1 Line of Defense externally, in the Risk and Compliance Management Framework. These lines of defense are thoroughly educated and practiced across MCB to prevent possible risk events, and incidents and manage, control, and mitigate the risk impacts.

First Line of Defense

The First Line of Defense is always the front-line employees and other executives/management staff, both in operations and business front, who directly interact and engage in deals with the external customers and/or counterparties, involved in transactions/deals, negotiation, approvals, implementation/execution of SOPs, Policy, Manuals, Guidelines, etc., for ensuring the accuracy, efficiency and overall quality of service delivery whereby risk is minimized in every transactions or actions conducted by the bank.

Second Line of Defense

The Second Line of Defense is the Integrated Risk and Compliance Management Units/Departments, Risk and Compliance Managers, Integrated Risk and Compliance Committees, and Board of Directors who continuously monitor, review, assess/analyze, define the risk appetite, make the risk statements, advise or impose the control or risk mitigating mechanisms to prevent or reduce the risk events and impacts.

Third Line of Defense

The Third Line of Defense is the Internal Audit Department, and Compliance and Governance Department which also continuously monitors, assesses, controls, and reports the possible risk events and impacts through risk-based audit and compliance/governance checking. To note, MCB operates with a “Zero Tolerance Policy” in terms of compliance and governance.

Fourth Line of Defense

The Fourth Line of Defense consists of External Audits and timely investigations by the CBM, along with its issued guidelines, which help assess and address risk events to reduce the bank’s overall exposure to risks. With a well-defined integrated risk and compliance management structure, functional role clarity within the risk apparatus, and effective implementation of integrated risk and compliance framework, MCB has been recognized as one of the best-managed Banks in Myanmar in terms of prudent risk and compliance management practices, earning the trust of our valued customers, regulators, and all other stakeholders.