Risk Ownership establishes who is responsible for making decisions about and taking action on particular risks within an organization. Effective ownership requires the designated owner to have sufficient authority, resources, and expertise to manage the risk. In a manufacturing firm, the plant manager might own workplace safety risks while the CFO owns foreign exchange exposure. Without clear ownership, risks fall through the gaps between departments or escalate without timely response. The Three Lines model explicitly defines risk owners in the first line of defense as business operators closest to the risk.