As featured on BusinessMirror: The evolution of non-financial risk 

In the ever-evolving landscape of financial services, the significance of non-financial risk (NFR) management has become increasingly vital. Over the past fifteen years, marked by revolutions in service delivery, operational practices and the paramount importance of trust, organizations find themselves navigating a changing terrain. As the next few years promise accelerated change amid digitization, geopolitical shifts, AI adoption and complex workforce dynamics, proficiency in NFR management emerges as a critical factor for responsible operation and prosperity.

Defined broadly as all risk types excluding credit, market, interest rate, and liquidity risk, NFR encompasses operational, regulatory, environmental, social and governance risks. Ineffective management of these risks has led to substantial losses across industries, emphasizing the need for enhanced risk practices. Looking forward, NFR is poised to remain a focal point for regulators and businesses, with stakeholders demanding transparency and accountability.

KPMG International’s latest paper entitled ‘The evolution of non-financial risk’ addresses the imperative for organizations to equip themselves with the tools and resources necessary for resilience against emerging risks and innovation in risk practices, focusing on five key elements for futureproofing:

Achieving efficiency through an integrated NFR function

The future of NFR is one of convergence and integration across risk types, the business and business support functions. As organizations become more complex and interconnected, so do the risks they face. This means that traditional siloed approaches to risk management are no longer sufficient. Instead, organizations need to adopt an integrated approach across all three lines of defense that considers the full range of risks they are exposed to.

Ensuring RMFs are dynamic, relevant and efficient

Risk Management Frameworks (RMFs) provide the guardrails for managing risk and outline the ‘rules of engagement’ for dealing with emerging threats. Current frameworks are often rigid when responding to shifts in the external or internal environment, resulting in challenges when embedding and enforcing frameworks into the broader business.

RMFs can be perceived as servicing regulatory requirements, adding little practical value and often becoming outdated. By ensuring that frameworks are dynamic and efficient, organizations provide their risk community with optimal conditions to practice effective risk management.

Producing automated risk management information (MI) to quantify and report NFR

NFRs are inherently difficult to quantify. However, organizations that aim to identify and prioritize risks effectively should have an element of automated risk MI to support efficient assessment of the likelihood and impact of risks — enabling the effective development and implementation of risk mitigation strategies.

Many organizations have dedicated teams solely responsible for the aggregation, analysis and formatting of MI for regular governance meetings creating significant overhead costs. The resulting MI is often outdated (sometimes over a month old) and does not provide sufficient or accurate information for management to make informed decisions. For example, in the financial services industry, it takes, on average, nine days from identifying a control violation until it is reported and communicated to the control or process owner.

Using systems and data management to accelerate effective decision-making

To ensure improved risk mitigation and operational efficiency objectives are met, businesses need an Integrated Risk Management (IRM) ecosystem that harmonizes solutions across one or more platforms. This ecosystem should cover all three lines of defense using a common set of integrated policies, technology and data.

Most systems architecture today lacks the necessary tools for effective data aggregation and reporting. While policies and procedures are firmly in place, the organization of these systems remains somewhat disorganized, with each operating in isolated silos. There is a clear need for improved collaboration and insights across different business areas, but there is no ‘one size fits all’ approach to achieving IRM with technical solutions. The right approach depends on several factors, including an organization’s key reporting needs, existing assets, licensing agreements, centralized versus decentralized governance approaches, investment ability and willingness to challenge its current ways of working.

Elevating risk and control processes with targeted intelligent automation

Intelligent automation (IA) is the combination of automation and artificial intelligence (AI), which has emerged as a game-changer in the business world. Its transformative potential is highly useful in addressing NFRs, not by replacing human resources, but rather by collaborating between people and technology, to achieve the best possible risk management outcomes.

According to KPMG 2023 CEO Outlook, business leaders across sectors are focused on investing heavily in disruptive technology and financial services CEOs are no exception, with 72 percent agreeing that generative AI is the most important investment opportunity for their company.

The age of IA is here, and there is no turning back. Organizations implementing IA have reported significant returns on investment (ROI) and efficiency gains. Forrester Research predicts that IA will significantly impact the global financial services industry, increasing revenue by up to 15 percent and reducing costs by up to 20 percent. The research indicates that AI and IA can automate up to 40 percent of tasks currently performed by humans in the financial services industry. This will free employees to focus on more strategic work.

A sharp focus on non-financial risk is now imperative

Successfully navigating the journey ahead will likely demand innovative non-financial risk management that positions businesses to operate responsibly and prosper in the future. Organizations that fail to address these risks may face significant financial consequences and loss of consumer trust. Change is inevitable. And the time to act is now.

The excerpt was taken from the KPMG Thought Leadership publication:

© 2024 R.G. Manabat & Co., a Philippine partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more information, you may reach out through, social media or visit

This article is for general information purposes only and should not be considered as professional advice to a specific issue or entity. The views and opinions expressed herein are those of the author and do not necessarily represent KPMG International or KPMG in the Philippines.