The Three Lines of Defence – where do actuaries fit in?

In the first instalment of this article, Brett Riley considered the background to the Three Lines of Defence (3LOD) model. Here, he considers how actuaries fit into this construction.

Where do actuaries fit in? The short answer is that it depends on the actuary’s role. Each of the actuary’s responsibilities needs to be assessed against the criteria in Tables 1 and 2 in the previous instalment on this topic.

Here are some common actuarial roles. The statutory Appointed Actuary functions have been considered across all relevant practice areas i.e. life insurance, general insurance and private health insurance.

Table 3 – Actuarial Roles in the 3LOD Model


Practice Area(s)


Appointed Actuary (AA)

Insurance or Policy Liability Valuation

All areas


First line. APRA have stated this view because the AA’s liability estimate is usually adopted by the insurer’s management and Board for APRA reporting without amendment.  The AA thus plays an important role in shaping the company’s balance sheet risk profile, including capital.


Financial Condition Report

All areas


Mostly second or third line[1], as the AA is independently reviewing and commenting on other functions. However, where independence is not established (e.g. where the FCR discusses the insurance liability valuation), it is a first line exercise


Advice on calculating Capital Base & Prescribed Capital Amount

Life Insurance

First line, for similar reasons to those given above for insurance/policy liability valuations.

Actuarial advice regarding policies, pricing and reinsurance

Life Insurance


Second or third line, if the AA provides advice but the ultimate decision on policy modification or reinsurance is taken by others in senior management and is ratified by the Board. If the AA’s input drives decisions, then this might be considered first line.


Assess uncertainty in capital stress testing



Second or third line, as the AA is independently reviewing and commenting on work prepared by the insurer. The review does not directly affect the insurer’s risk profile.


Advice on notifiable circumstances



First line, for example where the AA advises on pricing and product design. The advice can be second or third line in other areas, were the AA is independently reviewing and commenting on work prepared by the insurer.


Other actuarial roles (could include the AA acting in a non-statutory role)

Reviewing Actuary or audit support



Third line in most situations. While APRA does not require External Peer Review for all insurers now, many auditors will still be assisted by actuarial colleagues to peer review liability valuations by the AA. These are infrequent and arms-length in nature, so are more third line than second line.





First line, especially if the role involves providing advice to management and the Board.


Reinsurance manager or adviser



First line, if the actuary plays an important role in deciding on the quantity and types of reinsurance to buy, and the selection of counterparties.


Capital management



First line, if the actuary plays a strategic role (e.g. influencing capital allocation decisions, which then influence operational behaviour). If the role is restricted to analysis and measurement, this may be viewed as an extension of oversight of the risk management framework and a second line role.


Claims manager


First line, as this is operational.




First line, as many financial processes and business decisions directly shape the company’s risk profile.




First line, as this is operational.


Table 3 shows that the role of the AA is a mixture of responsibilities across the three lines.  This reflects the fact that the AA is a specialist position, probably not considered when the 3LOD model was first constructed. APRA have stated that they like the fact that actuaries are flexible and can take roles that span the three lines of defence, either individually or from one person to another.

Nevertheless, APRA have stated that actuaries need to be aware of any conflicts of interest arising from their current roles. They also expect actuaries to be open about any potential conflicts with various stakeholders.

Most other non-statutory roles within the business sit in the first line.


3LOD is a model of sound risk management.  Like all models, it is an abstraction of reality. It has limitations in certain real world situations. A model does not provide definitive answers for all circumstances.

APRA’s prudential framework reflects this. During the consultation on the introduction of CPS 220, APRA stated that “alternate models or variations to the three lines-of defence model may be appropriate to particular institutions where similar outcomes can be achieved within the requirements of the prudential standards.”

Nevertheless, a well-constructed model provides a strong foundation for risk management. 3LOD has the following benefits:

  • it reinforces risk ownership and the idea that risk management is a first line responsibility, thus supporting a sound risk culture. The second line of defence (the risk management function) supports the first line, and becomes involved on specific issues as needed;
  • 3LOD reinforces the notion that internal audit should not be the main control against risk. It should be a check on what is done by the first and second lines;
  • Properly implemented, the model should eliminate inefficiencies, gaps and overlaps in risk and compliance management by multiple functions; and
  • Companies with a strong 3LOD model should perform better. They are set up to identify and react to risk quickly, allocating resources as required based on priorities. Strong communication between the lines will reinforce this.

Ultimately, the onus is on each company and its stakeholders (including regulators) to ensure that its risk management framework is strong, effective and is suited to the company’s circumstances.

The practical application of the 3LOD model to PHI will likely vary slightly to the other APRA regulated industries, reflecting differences in risk profiles, organisational structures and statutory obligations.

Structures are only one part of the picture. The capability of the people performing key roles is a key driver of the success of a risk management framework. This is relevant for the actuarial profession and the unique skills that actuaries provide to many financial services companies.

Notwithstanding the prescribed role for the CRO under CPS 220, APRA have confirmed the important role played by AA’s in life, general and health insurance, even if they do not fit neatly into a 3LOD model.  Actuaries bring a strong understanding of these industries (in particular, insurance risk) that non-actuarial CROs often do not have. This point must not be overlooked by external stakeholders, and the profession must continue to reinforce this.

It does not matter if the AA falls into one line of defence or another. The key issue is that the AA has a responsibility to protect policyholder obligations, which is separate from other management roles. This adds another layer of risk management to decision making.

3LOD is a useful structure. Referring to the earlier analogy, 3LOD is in many ways like a well organised football team. Both will maximise the likelihood that any threat is diffused before it can do any damage – either to the company or the scoreboard. 

[1] It is debatable whether several of the AA’s reviewing functions are second line or third line.  Many of the infrequent (annual) reviews could be considered as third line, supporting any independent monitoring undertaken by the risk management function.

CPD: Actuaries Institute Members can claim two CPD points for every hour of reading articles on Actuaries Digital.