Regulatory Driven Transformation

Our ESG experts support you with e.g. the following topics from regulatory details to practical implementation and reporting, towards your transformatory goals:

• Corporate Sustainability Reporting Directive (CSRD)
• EU Taxonomy
• Sustainable Finance Dislosure Regulation (SFDR)
• Markets in Financial Instruments Directive II (MiFID II)
• Alternative Investment Fund Managers Directive (AIFMD) and UCITS
• EU Green Bond Standard 
• Insurance Distribution Directive (IDD)
• Solvency II
• CRR / Pillar III ESG-disclosures
• Corporate Sustainability Due Diligence Directive (CSDDD)
• ECB and EBA guidance and expectations
• Requirements and recommendations by other authoritative bodies (e.g., local supervisors)

Our data and technology law experts are experienced in data management and data protection challenges and can assist you in the following topics:

• Supporting in enhancing your level of compliance with applicable data laws.
• Managing data protection legal requirements in cloud services and other technology transitions.
• Managing risks related to international data transfers after Schrems II judgement.
• Assisting in controlled transformation towards automation and use of AI solutions taking into account the impacts and obligations stemming from EU Commission’s proposal for Artificial intelligence Act.
• Provision of clarification on the requirements, possible impacts and opportunities originating from the proposed Data Act.
• KPMG can provide clarifications and support in understanding the legal requirements of the cyber security regulation/regulatory proposals such as NIS2 and Cyber Resilience Act through an extended team of legal and cyber security experts.

Our cross-functional financial services team is specialized in legal, cyber & IT transformation support and can help you with e.g. the following topics towards your transformatory goals:

Gap analysis and assurance to determine your DORA maturity level

• Manage regulatory change & create overview of level of complianc
• Provide independent 3rd party assurance in the form of e.g. ISAE3000 assurance report

Governance

• Implement accountability frameworks & draft documentation (e.g. digital resilience strategy, ICT multi-vendor strategy, ICT change management policy and backup policy)

Third party risk

• Develop frameworks and processes for managing arrangements with ICT service providers
• Assess service agreements´ legal risk; review and update contract clauses

ICT risk management

• Identify and assess technology and cybersecurity risks and business impacts
• Design and implement GRC tools
• Create contingency and disaster recovery plans

Incident reporting

• Offer Incident Response readiness services to encounter cyber-security incidents
• Offer technical strategies, mitigate & analyse cyber attacks & recommend improvements
  Implement security transformation programmes

Operational resilience testing

• Assess current capabilities
• Run table top exercises or in-depth technical war games and help build capability gaps 

Our financial crime prevention experts can offer help e.g. in the following topics:

• Compiling the FCP related regulatory framework concerning your institution, including requirements for e.g. KYC and AML
• Assessing the regulatory requirements for your institution related to FCP, including gap analysis and improvement suggestions for management
• Interpretation and assessment of EBA Guidelines and local legislation, including e.g. Act on Preventing Money Laundering and Terrorist Financing (444/2017) that are relevant to your institution
• Interpretation and assessment of the Financial Supervisory Authority’s (FIN-FSA) guidelines related to FCP that are relevant to your institution
• Assessment of the implications of suggested changes to local regulatory framework
• Technology transformation regarding FCP regulatory requirements 

Our Banking Regulation expertise covers different risk classes, i.e.: credit, market, operational, liquidity, ESG, information security cyber and third-party and outsourcing risks. Our experts can offer help in the following ways: 

• Assessing your compliance with the European Banking Authority’s (EBA) guidelines and other relevant regulatory requirements with impact and gap analyses that are based on KPMG’s view of the requirements and leading practice. Providing pragmatic suggestions for solutions based on the analyses. 
• Designing target operating models (e.g. operating policies, functional processes, governance model, roles and responsibilities, technology requirements, data management, reporting) that take into account regulatory requirements  and changes in them. Implementation of the target operating models.

Our Compliance and Whistleblower (“WB”) expertise covers advice on EU and National regulations, process consulting, investigations (forensic and other), policies and GDPR issues. We deliver fully outsourced implementation as well as WB system choise and process services to dozens of clients in both private and Public sectors.

• We have an automated WB-Gap tool, which has received high praise from several customers’ CLO’s CCO’s and – remarkably CFOs -  in efficiently documenting their WB compliance status and efficiently pointing out improvement opportunities as well as quick wins. “Not just the WB, GDPR Employment Law, Company Law or Compliance and Policy Management issues but how to efficiently address them”.
• Implementation of a compliant WB system and process in paramount to achieving appropriate compliance management – For us this is an industrial process with process management and identification of all relevant client stakeholders as a starting point. Having implemented dozens of client systems and processes – and operating those with GDPR based statutory liability – implementation can be performed in less than 5 weeks and with less than 3 hours of client management time investment.
• The other thing all appropriate Compliance Management Systems have in common is a Compliance Risk Assessment (CRA) to define what the ever expanding regulation actually means in terms of management obligations. We support clients in efficient CRA scoping and execution as well as by delivering partly automated regulatory radar services.
• Our process is based on solid understanding of the statutory and business requirements. Legal Compliance Head Antti Aalto teaches Compliance and Whistleblowing in the Helsinki University LL.M program and Co-Heads the KPMG Global Legal Compliance Group.