The thesis was that a properly constructed compliance program, in any area, such as the FCPA, Export or Customs Control, Immigration Control or any similarly regulated area has three lines of defense to prevent a compliance incident. They identified the three lines of defense as (1) the Risk Content Owners line of defense; (2) the Risk Process Owners line of defense; and (3) the Risk Content and Content Monitoring Owners line of defense.
Please see full publication below for more information.