Which of the following principles best applies to a compliance function?

TheThree Lines of Defense (3LoD) modelensures thatrisk management responsibilities are properly segregated:

First Line: Business units (own and manage risk).

Second Line: Compliance and risk management (independent oversight).

Third Line: Internal audit (provides assurance).

PRMIA andBasel Compliance Principlesstate that compliance shouldnot report to business units, as this creates aconflict of interest.

Compliance must beindependent to ensure objective oversightof regulatory adherence.

Option A ("Report to the business")→ Incorrect becausecompliance must provide independent oversight, not report to business units.

Option C ("Outsource compliance if risk function exists")→ Incorrect becausecompliance and risk functions have distinct roles.

Option D ("Outsource risk if compliance exists")→ Incorrect becauserisk management is a core function, not an outsourcing candidate.

Step 1: Compliance Function and the Three Lines of Defense ModelStep 2: Why Compliance Must Be IndependentStep 3: Why the Other Options Are Incorrect

PRMIA Compliance Risk Governance– States compliance must beindependentunder the Three Lines of Defense model.

Basel Compliance Principles– Recommends separate reporting structures for compliance and business units.

PRMIA Risk References Used:

Final Conclusion:Compliance must be independent from the business to avoid conflicts of interest, makingOption B the correct answer.