As technology reshapes processes and controls, there’s a major opportunity to maximise artificial intelligence (AI), including generative AI (GenAI), to unlock enterprise-wide digital transformation with a new, tech-enabled blueprint.
These themes – particularly regulatory complexity, siloed organisational structures and the GenAI opportunity – shaped many of the discussions at the RiskMinds International conference in November 2025.
In this article, building on our RiskMinds International session, we set out a fresh perspective and roadmap for reimagining functional collaboration.
So, what should leaders do next to move this agenda forward with ambition and decisiveness? And has the three lines of defence model become a blocker?
Beyond the three lines of defence: a common framework
The three lines of defence model has long underpinned strong governance and regulatory confidence. But for many organisations, the way it’s implemented no longer keeps pace with business priorities.
As risks, regulations and technologies evolve, the boundaries between the lines have blurred. Today, the first, second and third line often draw on the same skills - from regulatory interpretation and data analysis to modelling, control design, testing and reporting. In practice, this can result in several teams with almost identical capabilities working on the same processes and data, each with its own tools and governance. This creates overlap at the very moment when firms need further clarity, simplicity and a sharper focus on cost.
Activities don’t always sit where the model suggests. Model development and ownership are fundamentally first-line responsibilities because they shape pricing, capital and business decisions. Yet in many organisations, parts of model design and maintenance – typically first-line activities – sit within the second-line Risk function, reflecting legacy operating models and long-standing supervisory expectations for independent challenge.
We see the reverse too. Quality assurance, historically a second line ‘review and recommend’ function, is now sometimes embedded within Finance as a ‘1.5 line of defence’ activity. When that happens, considering the examples above, it is harder to build an efficient target operating model and to demonstrate true independence – and, in turn, to unlock the profitability measures that matter.
Turning towards the business
Reimagining functional collaboration means reorienting control functions to serve the business directly. In practice, for example, that means aligning Finance, Treasury, Risk, and Compliance insights to inform strategy in real time, connecting enterprise stress testing with capital planning, and embedding risk management in front-line decision-making.
This change is as much about operating model as it is about mindset. Functional collaboration thrives when teams share ownership of data, incentives and accountability. A business-centric approach enables faster, agile, insight-led decisions - and ensures that risk management becomes an active enabler of growth and resilience, not a brake on it.
By resetting where activities sit - and why - firms can place capabilities where they have the greatest impact, enhancing oversight and unlocking the transformation required to deliver efficiency, innovation and better business outcomes.
Harnessing the power of AI
GenAI is accelerating this transformation. Used responsibly, it can simplify interpretation, automate assurance and enhance control. AI-driven assistants are already supporting finance and risk teams with document generation, process monitoring and scenario analysis.
While market attention has centred on a few high-visibility use cases - such as applying GenAI to automate rulebook interpretation, integration and reporting - there remains a set of underexplored areas where the potential impact is significantly greater.
Opportunities across change management, business-as-usual processes and clearer ownership structures could deliver materially greater benefits - but only with a heightened level of focus, improved enterprise-wide visibility, and more coordinated cross-functional collaboration.
Looking ahead, the next generation of ‘agentic’ systems could coordinate reconciliation between Finance, Treasury, Risk, and Compliance in real time, or continuously scan for emerging regulatory priorities, market incidents and update policies subject to appropriate governance and human-in-the-loop control. These capabilities won’t just reduce manual effort; they'll fundamentally redefine how assurance and governance operate - turning technology into a connective tissue across the enterprise.
Even within this space, the initial use cases remain largely siloed and function-specific.
These include:
Reimagined risk assessments, with agents engaging staff regularly to produce real-time insight into control effectiveness.
Digital risk assistants that support employees with risk and compliance tasks.
Single reconciliation orchestration, allowing agents to maintain alignment across Finance, Risk and Treasury.
A risk and regulatory factory, integrating scanning of emerging risks and regulations with governed impact assessment and policy updates.
While each delivers clear value, they are still being developed within individual functions rather than as enterprise-wide capabilities.
A tech-enabled blueprint for the future
The future model of collaboration is one built on shared data, governance and accountability. That means:
Build once, reuse everywhere – with common data sources, prompts, controls and evidence frameworks.
Joint change governance – with a single regulatory change backlog and cross-functional prioritisation.
Mindset and culture – with leaders incentivised to collaborate, and teams trained for agility and business impact.
One enterprise truth – with trusted data sources and clear lineage across all functions.
Together, these principles form the foundations for an emerging blueprint for how financial institutions can build resilience and trust while unlocking innovation.
Looking ahead
GenAI isn’t a technology race; it’s an organisational design challenge. It can't transform an organisation that’s built on fragmented rules and siloed oversight. Only when governance, workflows and taxonomies are unified - built once and reused everywhere - can organisations scale AI safely and realise its full economic value.
As the industry navigates regulatory change, economic volatility, a new geopolitical order, and technological disruption, firms that move first will gain a substantial strategic edge. The opportunity is to turn today’s control functions into tomorrow’s engines of insight and value. Working together, Finance, Treasury, Risk and Compliance can lead the way.
Key takeaways for firms
Adopt a tech-enabled blueprint for convergence. Anchor Finance, Treasury, Risk and Compliance around a shared, end-to-end model - common taxonomies, data standards and governance - to reduce duplication and enable transparency.
Connect functions around enterprise workflows. Reorient control functions to the enterprise mission by aligning rulebooks, ownership, interpretation, change, BAU, reporting and oversight into cross-functional workflows.
- GenAI as a catalyst for convergence and for the untapped core - BAU, change and ownership. Use GenAI where it can shift the enterprise. Focus on BAU, change management and ownership - the untapped domains where GenAI can break down silos, enable shared workflows and drive real convergence.
- Promote collaboration from the top. Align leadership incentives, behaviours and culture so cross-functional collaboration becomes the default way of working.
1 A report, developed in collaboration with TheCityUK, based on interviews with Chief Compliance Officers and senior compliance professional across UK financial services firms, published on 5 November 2025.
Follow us
