• 1000

In times of profound crises, it becomes apparent how important it is to react accordingly as a company. In the course of current events, the entrepreneurial consequences include drastic changes in international cooperation, in the presence of employees at their workplaces and the instability of traditional processes. As things stand today, the original core business is significantly restricted for the unforeseeable future and is already showing disruptive consequences.

Many industries are increasingly confronted with the dilemma of having to manage daily tasks in a new and changed work environment with completely new communication structures. Routine tasks and the maintenance of regulatory knowledge are becoming a competitive challenge with reduced staff capacities.

New requirements and tasks are thus coming vehemently to the forefront of entrepreneurial activity, but effective corporate governance must not be left out of the picture.  

In order to maintain security along the Three Lines of Defence (TLoD) model, the continuation of corporate core processes as well as the stability of processes related to risk & controls, compliance and internal audit are crucial.

These include, among others:


  • the stabilisation of the operative core processes of an internal control system while maintaining the classic dual control principles and/or a secure automation,
  • the strengthening of business-critical and liquidity-relevant processes as a result of staff shortages; e.g. invoicing and receivables management as well as controlling,

2nd -Line-of-Defense

  • Ensuring IT security within the remote desktop environment or VPN connection as well as ongoing compliance with data protection requirements for data transfers,
  • the continuity of the whistleblower system (WBS) processes as well as the ongoing processing and follow-up of the tips and also the identified actual cases,
  • the forensic investigation and legally secure processing of identified actual facts,
  • maintaining the risk management function in the company, for example to query, evaluate and report on the changed risk situation to the risk owners, or to establish new risk owners in the system,
  • ensuring that the compliance management function complies with legal requirements and internal company guidelines, in particular the continuity of the compliance risk assessment to derive appropriate compliance measures,
  • exercising compliance due diligence in M&A activities and in particular due diligence of business partners,

3rd -Line-of-Defense

  • ensuring timely compliance with internal audit plans and maintaining third party risk management processes in order not to be exposed to additional risks in the crisis, both of a legal nature (regarding corruption, sanctions and embargoes or the violation of human rights) but also of a contractual nature (e.g. contractual penalties due to short delivery periods).

For all those companies that see challenges in the above examples, fast, targeted and proven "managed service solutions" along the TLoD could help to provide the necessary relief. 

What do we at KPMG Risk & Compliance Services mean by support along the Managed Services?

"Managed Services at Risk & Compliance Services are remote solutions that cover the various needs of our customers in the area of recurring, standardisable activities. The primary goal for our customers is to generate stability in connection with attractive cost advantages through economies of scale, to create relief for their own employees in companies and/or to provide expertise as well as adequate tool solutions".  

What are the features of our Managed Services?

  • standardised procedures and processes that are already largely automated and digitalised
  • modular structure, so that comprehensive functional solutions can be offered
  • short- to medium-term transitional solutions via incubation models to long-term outsourcing 
  • Co- and outsourcing models for resource-intensive or recurring activities
  • ongoing security, control and quality routines

With our adaptive collaboration models based on this, we ensure that we can work effectively, in partnership and individually with the client, without compromising the standardisation effects in service delivery. Commercially, we adapt to your requirements in terms of plannability and flexibility of costs. We also offer individual modules as pay-per-use solutions. At the same time, we will already relieve you of a significant part of your digitisation investments through this. 

"KPMG Risk & Compliance Services is your trusted partner who has stability, team stability, know-how and suitable tools to support you in these difficult times." 

What we support you with, among other things:

  • Support of governance continuity management through managed services; e.g. processing of data subject enquiries, real-time verification of payment transactions for sanctions and embargo lists (money laundering/know-your-customer), processing of suspicious activity reports, support of rapidly growing workload in governance processes.  
  • Support in the exercise of internal controls to maintain the classic dual control principles and strengthen business-critical and liquidity-relevant processes as a result of staff shortages through automated processes.
  • Interim crisis management, providing remote staff capacity to digitise and orchestrate your processes and ensure regulatory and/or organisational governance functions and avoid bottlenecks in business-relevant specialist areas and/or PMO support to your organisation. 
  • Takeover of the risk manager function - Full or extensive takeover of the RM function, e.g. development of the risk strategy & risk-bearing capacity concept, identification of material risks, continuous/regular communication/training measures.
  • Takeover of complex (sub-)functions in risk management - e.g. risk assessment and aggregation (e.g. application of Monte Carlo simulation), data analysis, backtesting procedures, annual analysis of strategic risks.
  • Takeover of the compliance management function - systematic and complete compliance risk assessment, top-down and bottom-up risk identification, business partner due diligence, exercise of the compliance awareness function.
  • Co- and outsourcing of internal audit to meet audit plans and reporting requirements.

Managed services provide efficient, investment-cost-neutral and flexible support in ensuring your governance requirements. 

Secure in the crisis, strengthened in the future. KPMG Risk & Compliance Services Managed Services.