Building, Training and the Three Lines of Defence
Development is iterative - train, test, fine-tune, then prove the model generalises on new data beyond the training set. Human oversight uses the 3LOD model (Do → Watch → Check) paired with the effective challenge principle.
Development is iterative → train, test, fine-tune against the metrics set earlier, then prove the model generalises on data it has never seen.
Choosing the architecture. Pick the algorithm per the desired accuracy and interpretability → what do you want to learn from the data? How does it solve the business problem? What constraints apply (time limits affect available training time)? Is extra effort needed for data accuracy?
Training fundamentals. Training data shapes behaviour → it must be representative, fair and compliant · know what the model optimises for (accuracy, fairness, efficiency) · initial training establishes the model, fine-tuning tailors it to specific tasks or domains · always test on new data beyond the training set to confirm generalisation.
Do → Watch → Check → the three lines of defence → who implements, who spots, who audits.
| Line | Who | What they do |
|---|---|---|
| Line 1 | Management & process owners | Implement risk management policies and procedures |
| Line 2 | Risk teams | Identify and address emerging risks in daily operations |
| Line 3 | Internal audit | Independent audits of risk management effectiveness → report results |
Oversight is a best practice and sometimes a legal requirement → degree depends on data type, sensitivity, application and jurisdiction. Pair Three lines of defence (3LOD) with the effective challenge principle → people with the right expertise get the chance to challenge the risk model to expose limitations and improve it.