2023 Year End Special Edition Magazine

Badget Text

A fireside Chat with ChatGPT

We took the opportunity to meet ChatGPT, seeking his/her/its views and perspectives on 3 of the key questions facing the COO and Chief Control Officer global community

The time spent with ChatGPT was limited, providing expansive and detailed answers to each question in less than five seconds.

Allowing for the limited demand on ChatGPT’s time, we were delighted ChatGPT agreed to reconvene quarterly over the next 12 months. Why? We are interested to see if the answers given by ChatGPT in the autumn of 2024 evolve or change with the seasons between now and the summer of 2025.

In tandem, we are equally interested in the views of our membership on ChatGPT’s answers or specifically on ChatGPT. Please email

Q. What do you consider to be the 2 principal strengths and weaknesses of the 3 lines of defence model in financial services?

“The Three Lines of Defence (3LoD) model is a widely used framework in the financial services industry for managing risk and ensuring effective governance and control. It helps organizations allocate responsibilities and accountability for risk management across different levels of the organization. Here are two principal strengths and weaknesses of the 3LoD model:


1. Clarity of Roles and Responsibilities: One of the primary strengths of the 3LoD model is that it provides clear delineation of roles and responsibilities for risk management. Each “line” has a distinct set of duties, with the first line responsible for managing risks directly in their day-to-day operations, the second line overseeing and providing guidance on risk management, and the third line providing independent assurance and auditing. This clarity helps prevent duplication of efforts and ensures that risk management is not solely concentrated in one area.

2. Effective Risk Oversight: The 3LoD model facilitates effective risk oversight by promoting independence and objectivity. The third line (internal audit) provides an independent assessment of risk management activities and controls, enhancing the organization’s ability to identify weaknesses and gaps in risk management processes. This can lead to more effective risk mitigation and better decision-making at the strategic level.


1. Rigidity and Silos: One of the main weaknesses of the 3LoD model is that it can lead to rigid silos within an organization. Each line often operates independently, which can hinder communication and collaboration between them. This can result in a lack of agility and a failure to respond effectively to rapidly changing risks or situations that require a cross-functional approach.

2. Overemphasis on Compliance: In some cases, the 3LoD model may lead to an overemphasis on compliance rather than a holistic approach to risk management. The third line, in particular, may focus on checking boxes and ensuring that policies and procedures are followed, but may not always provide insights into the broader strategic risks facing the organization. This can limit the effectiveness of risk management in addressing emerging and non-traditional risks.

It’s worth noting that the 3LoD model is just one approach to risk management, and its strengths and weaknesses can vary depending on how it is implemented in a specific organization. Successful implementation often requires a balance between the clear delineation of responsibilities and the flexibility to adapt to changing circumstances and risks.”

Q. In order of priority, the most influential being first, list the factors that mitigate conduct risk:

“Mitigating conduct risk is crucial for maintaining the integrity and reputation of financial institutions and ensuring fair treatment of customers. Here are factors that can help mitigate conduct risk, listed in order of priority with the most influential factors first:

1. Strong Ethical Culture and Tone from the Top: The most influential factor in mitigating conduct risk is fostering a strong ethical culture throughout the organization, starting with leadership. When senior executives set the tone for ethical behavior, it permeates throughout the organization and influences employees to act in an ethical and responsible manner.

2. Robust Compliance and Risk Management Frameworks: Implementing comprehensive compliance and risk management frameworks is essential. This includes clear policies and procedures, effective monitoring and reporting mechanisms, and a robust risk assessment process that identifies potential conduct risks.

3. Employee Training and Awareness: Conduct risk can be mitigated by providing regular and comprehensive training to employees. This training should not only cover legal and regulatory requirements but also emphasize ethical behavior, customer-centricity, and the importance of avoiding harmful conduct.

4. Effective Oversight and Governance: Strong governance structures, including effective boards of directors and risk committees, play a vital role in mitigating conduct risk. These bodies should provide oversight and hold management accountable for conduct risk management.

5. Customer-Centric Approach: Putting customers at the center of business operations helps mitigate conduct risk. Organizations that prioritize customer satisfaction and fair treatment are less likely to engage in behaviors that could harm customers or breach trust.

6. Whistleblower and Reporting Mechanisms: Establishing confidential whistleblower and reporting mechanisms empowers employees to report potential misconduct without fear of retaliation. This helps in early detection and mitigation of conduct risks.

7. Continuous Monitoring and Surveillance: Implementing advanced monitoring and surveillance tools and techniques can help identify potential misconduct in real-time or through retrospective analysis, allowing for timely intervention.

8. Regular Audits and Reviews: Conducting regular internal and external audits and reviews of compliance and risk management processes can identify weaknesses and areas for improvement in managing conduct risk.

9. Incentive Structures: Aligning incentive structures with ethical behavior and customer-centric outcomes can discourage risky conduct. Rewarding employees for positive behavior and not solely for short-term financial performance can help mitigate conduct risk.

10. Transparency and Accountability: Ensuring transparency in business operations and holding individuals accountable for their actions are critical in mitigating conduct risk. This includes disclosing conflicts of interest and being transparent about product and service terms.

11. Regulatory Compliance: Meeting regulatory requirements is important, but it should not be the sole focus. Organizations should strive to go beyond compliance by adopting best practices and higher ethical standards.

12. Scenario Analysis and Stress Testing: Conducting scenario analysis and stress testing can help organizations assess how they might respond to adverse conduct events or market conditions, allowing for better preparation and mitigation strategies.

13. Reputation Management: Being proactive in managing reputation risk is crucial. Swift and appropriate responses to conduct-related issues can help mitigate reputational damage.

It’s important to note that these factors are interconnected, and their effectiveness in mitigating conduct risk often depends on their integration into a comprehensive conduct risk management framework tailored to the specific needs and culture of the organization. Additionally, conduct risk mitigation is an ongoing process that requires continuous monitoring, adaptation, and improvement.”

Q. What are the 3 principal non-financial risks facing the worldwide financial services sector in 2024 and do they change with 5-year horizon scanning to the same question for 2029?

“I don’t have access to specific information or predictions beyond my knowledge cutoff date in September 2021. However, I can provide you with some common non-financial risks that were significant in the financial services sector at that time. Keep in mind that the landscape of risks can change over time, and it’s essential to consult up-to-date sources and experts for a more accurate assessment of risks in 2024 and 2029. Here are three principal non-financial risks that were relevant as of my last update:

Non-Financial Risks in the Worldwide Financial Services Sector (as of 2021):

1. Cybersecurity and Technology Risks: The financial services sector is highly reliant on technology, making it vulnerable to cyberattacks, data breaches, and technology failures. In 2021, cybersecurity was a top concern, and it’s likely to remain a significant risk in the coming years. Threats may evolve, including advanced persistent threats (APTs) and ransomware attacks, requiring continuous investment in cybersecurity measures.

2. Regulatory and Compliance Risks: The financial industry is heavily regulated to ensure stability and protect consumers. Non-compliance with regulations, changes in regulatory requirements, and regulatory scrutiny can lead to legal and reputational risks. Keeping pace with evolving regulations, such as those related to data privacy (e.g., GDPR), anti-money laundering (AML), and environmental, social, and governance (ESG) factors, is crucial.

3. Reputational and Conduct Risks: Maintaining trust and reputation is paramount in financial services. Conduct risks, such as unethical behavior, misconduct scandals, or unfair customer treatment, can lead to significant reputational damage. Ensuring strong ethical cultures, effective whistleblower programs, and transparency in operations are essential in mitigating these risks.

Now, if you want to consider a 5-year horizon for 2024 and 2029, the specific risks facing the financial services sector may evolve. Here’s a speculative projection of how these risks could change:

Projected Non-Financial Risks in the Worldwide Financial Services Sector (as of 2024 and 2029, projected):


1. Advanced Cyber Threats: As technology continues to advance, cyber threats may become even more sophisticated, with AI-driven attacks and quantum computing threats emerging. Financial institutions will need to stay ahead in cybersecurity measures to protect sensitive data and systems.

2. Climate and ESG Risks: By 2024, environmental, social, and governance (ESG) risks could be more prominent. Financial institutions may face pressure to assess and disclose their exposure to climate-related risks and to align their investments with sustainability goals. Climate change impacts and regulatory changes may amplify these concerns.

3. Geopolitical and Regulatory Uncertainty: Geopolitical tensions, trade disputes, and regulatory changes could introduce greater uncertainty into the global financial landscape in 2024. Navigating these uncertainties and adapting to evolving regulatory environments will be essential.


1. Advanced Technology Integration and Ethical AI Risks: As technology continues to advance, financial services may rely more on AI and machine learning. Ensuring ethical AI use, preventing algorithmic bias, and addressing the potential for AI-related misconduct will be critical.

2. Sustainability and Climate Transition Risks: By 2029, climate change and sustainability risks may have evolved further. Financial institutions will need to adapt to a rapidly changing landscape, with increased focus on sustainable finance, green investments, and managing the risks associated with climate transition.

3. Demographic and Social Risks: Societal changes, such as shifting demographics, income inequality, and social unrest, could pose risks to financial stability in 2029. Understanding and addressing these social dynamics will be important for risk management.

Please note that these projections are speculative, and the actual risks that the financial services sector will face in 2024 and 2029 may differ based on a wide range of factors, including economic conditions, technological developments, and geopolitical events. Regular risk assessments and horizon scanning are essential for financial institutions to adapt to changing circumstances and effectively manage non-financial risks.”