• 1000

Your end-to-end partner in executing complex regulatory driven transformations

In today´s world, new regulative requirements have become more as transformative initiatives affecting all functions across the company. Implementing these regulatory driven transformations successfully into practice requires not only deep regulatory expertise, but also deep insight from data, technology, IT, information security and industry know-how.

We at KPMG have a track record of offering a one-stop shop around all regulatory driven transformations and in that way make a complex world as easy as possible for our clients. Our services can be tailored to match your specific needs. 

Our approach on regulatory driven transformations:


Topical regulatory areas and our services:

We help you manage regulatory change and use it to accelerate business transformation. Our experts help you turn regulatory-driven change into insight that unlocks better outcomes and lasting competitive advantage.

More information about our services below, by clicking the arrow you can read more.

Our ESG experts support you with e.g. the following topics from regulatory details to practical implementation and reporting, towards your transformatory goals:

  • Corporate Sustainability Reporting Directive (CSRD)
  • EU Taxonomy
  • Sustainable Finance Dislosure Regulation (SFDR)
  • Markets in Financial Instruments Directive II (MiFID II)
  • Alternative Investment Fund Managers Directive (AIFMD) and UCITS
  • EU Green Bond Standard 
  • Insurance Distribution Directive (IDD)
  • Solvency II
  • CRR / Pillar III ESG-disclosures
  • Corporate Sustainability Due Diligence Directive (CSDDD)
  • ECB and EBA guidance and expectations
  • Requirements and recommendations by other authoritative bodies (e.g., local supervisors)
Office colleagues having a meeting banner

Our data and technology law experts are experienced in data management and data protection challenges and can assist you in the following topics:

  • Supporting in enhancing your level of compliance with applicable data laws.
  • Managing data protection legal requirements in cloud services and other technology transitions.
  • Managing risks related to international data transfers after Schrems II judgement.
  • Assisting in controlled transformation towards automation and use of AI solutions taking into account the impacts and obligations stemming from EU Commission’s proposal for Artificial intelligence Act.
  • Provision of clarification on the requirements, possible impacts and opportunities originating from the proposed Data Act.
  • KPMG can provide clarifications and support in understanding the legal requirements of the cyber security regulation/regulatory proposals such as NIS2 and Cyber Resilience Act through an extended team of legal and cyber security experts.
Woman using phone on street overlay

Our cross-functional financial services team is specialized in legal, cyber & IT transformation support and can help you with e.g. the following topics towards your transformatory goals:

Gap analysis and assurance to determine your DORA maturity level

  • Manage regulatory change & create overview of level of complianc
  • Provide independent 3rd party assurance in the form of e.g. ISAE3000 assurance report


  • Implement accountability frameworks & draft documentation (e.g. digital resilience strategy, ICT multi-vendor strategy, ICT change management policy and backup policy)

Third party risk

  • Develop frameworks and processes for managing arrangements with ICT service providers
  • Assess service agreements´ legal risk; review and update contract clauses

ICT risk management

  • Identify and assess technology and cybersecurity risks and business impacts
  • Design and implement GRC tools
  • Create contingency and disaster recovery plans

Incident reporting

  • Offer Incident Response readiness services to encounter cyber-security incidents
  • Offer technical strategies, mitigate & analyse cyber attacks & recommend improvements
    Implement security transformation programmes

Operational resilience testing

  • Assess current capabilities
  • Run table top exercises or in-depth technical war games and help build capability gaps 

Our financial crime prevention experts can offer help e.g. in the following topics:

  • Compiling the FCP related regulatory framework concerning your institution, including requirements for e.g. KYC and AML
  • Assessing the regulatory requirements for your institution related to FCP, including gap analysis and improvement suggestions for management
  • Interpretation and assessment of EBA Guidelines and local legislation, including e.g. Act on Preventing Money Laundering and Terrorist Financing (444/2017) that are relevant to your institution
  • Interpretation and assessment of the Financial Supervisory Authority’s (FIN-FSA) guidelines related to FCP that are relevant to your institution
  • Assessment of the implications of suggested changes to local regulatory framework
  • Technology transformation regarding FCP regulatory requirements 
Man in formal clothing with phone looking up

Our Banking Regulation expertise covers different risk classes, i.e.: credit, market, operational, liquidity, ESG, information security cyber and third-party and outsourcing risks. Our experts can offer help in the following ways: 

  • Assessing your compliance with the European Banking Authority’s (EBA) guidelines and other relevant regulatory requirements with impact and gap analyses that are based on KPMG’s view of the requirements and leading practice. Providing pragmatic suggestions for solutions based on the analyses. 
  • Designing target operating models (e.g. operating policies, functional processes, governance model, roles and responsibilities, technology requirements, data management, reporting) that take into account regulatory requirements  and changes in them. Implementation of the target operating models.
Women with spectacles working on laptop blue tint

Our Compliance and Whistleblower (“WB”) expertise covers advice on EU and National regulations, process consulting, investigations (forensic and other), policies and GDPR issues. We deliver fully outsourced implementation as well as WB system choise and process services to dozens of clients in both private and Public sectors.

  • We have an automated WB-Gap tool, which has received high praise from several customers’ CLO’s CCO’s and – remarkably CFOs -  in efficiently documenting their WB compliance status and efficiently pointing out improvement opportunities as well as quick wins. “Not just the WB, GDPR Employment Law, Company Law or Compliance and Policy Management issues but how to efficiently address them”.
  • Implementation of a compliant WB system and process in paramount to achieving appropriate compliance management – For us this is an industrial process with process management and identification of all relevant client stakeholders as a starting point. Having implemented dozens of client systems and processes – and operating those with GDPR based statutory liability – implementation can be performed in less than 5 weeks and with less than 3 hours of client management time investment.
  • The other thing all appropriate Compliance Management Systems have in common is a Compliance Risk Assessment (CRA) to define what the ever expanding regulation actually means in terms of management obligations. We support clients in efficient CRA scoping and execution as well as by delivering partly automated regulatory radar services.
  • Our process is based on solid understanding of the statutory and business requirements. Legal Compliance Head Antti Aalto teaches Compliance and Whistleblowing in the Helsinki University LL.M program and Co-Heads the KPMG Global Legal Compliance Group.

Contact us