Three Lines of Defence
Barclays operates the industry-standard Three Lines of Defence model, as detailed in the Barclays Bank UK Annual Report 2024:
First Line Business Units & Support Functions
Revenue-generating and client-facing areas, plus support functions (operations, IT, HR).
- Accountable for: identifying, assessing, and managing risks in day-to-day activities. Implementing policies, standards, and controls.
- In AML terms: front-line staff conduct CDD, monitor transactions, and escalate suspicions.
Second Line Risk & Compliance
The Risk function and the Compliance function (which houses the Financial Crime team).
- Accountable for: setting frameworks, policies, standards, and risk limits. Providing independent oversight, challenge, and guidance to the first line.
- In AML terms: the Financial Crime function designs AML policies, provides advisory support, reviews SARs, and ensures regulatory expectations are met.
Third Line Internal Audit
An independent function reporting to the Board Audit Committee.
- Accountable for: providing independent assurance to the Board and Executive Committee on the effectiveness of governance, risk management, and internal controls.
- In AML terms: Internal Audit tests whether AML controls actually work as designed, identifies gaps, and recommends improvements.
Enterprise Risk Management Framework (ERMF)
The ERMF is Barclays' overarching risk governance structure. It supports embedding effective risk management and a strong risk culture across the organisation.
Credit, market, treasury and capital, climate, operational, model, compliance, financial crime, reputation, and legal. The elevation of financial crime to principal risk status means it receives dedicated Board-level oversight, its own risk appetite statement, and separate reporting.
Compliance Risk Management Framework (CRMF)
The CRMF sits within the broader ERMF and specifically governs compliance risk. It includes:
- Annual and out-of-cycle refreshes to keep pace with regulatory change
- A Compliance Risk Dashboard providing real-time visibility of compliance risk indicators
- Mapping of regulatory requirements to internal policies, standards, and controls
- 3 policies and 17 standards governing compliance across the bank
JMLSG Guidance
The Joint Money Laundering Steering Group (JMLSG) provides industry guidance on how to interpret and implement UK AML regulations:
- Approved by HM Treasury and used as the benchmark by the FCA
- Structured in two parts: Part I (core guidance for all regulated firms) and Part II (sector-specific, including banking)
- Barclays' internal AML policies are built to align with JMLSG guidance
Following JMLSG guidance provides a "safe harbour" — a firm that can demonstrate compliance with the guidance will generally satisfy the FCA that it has met its regulatory obligations.
Barclays' Internal Compliance Structure
Based on the Barclays Financial Crime Policy Position Statement:
The framework aligns with FATF recommendations, Wolfsberg Principles, and UK Finance standards. The overall compliance framework comprises 3 policies and 17 standards.
Match the Three Lines of Defence
Click a description on the left, then click the correct defence line on the right. Match all 6 pairs to complete the module.