Final answer:
The second line of defence in the Three Lines of Defence model refers to the risk management and compliance functions within an organization, which oversee and manage risk, and ensure adherence to laws, regulations, and internal policies.
Step-by-step explanation:
The Three Lines of Defence model is used as a framework for organizations to structure their internal risk management and control processes. In this model, the second line of defence refers specifically to the risk management and compliance functions within an organization. These functions are responsible for overseeing and managing risk, ensuring that the company adheres to applicable laws and regulations, and that internal policies and procedures are followed.
Typically, the risk management team will identify, assess, and propose actions to mitigate risks, while the compliance department ensures that the company complies with external regulatory requirements and internal policies. These functions provide a checks-and-balances system that complements the first line of defence, which is made up of the operational managers or front-line staff who directly manage risks as part of their day-to-day activities.
Therefore, the correct answer to the question is Option 2: Risk management and compliance functions.