This is the 5th edition of the KPMG Nordic Ethics and Compliance Survey, and we would like to thank those who have taken the time to participate. The purpose of this report is to provide insights into ethics and compliance risks, maturity, and trends in the Nordics. Over 70 companies from Sweden, Norway, Denmark, Finland and Iceland, representing various industries and sizes, participated this year.
The participating companies vary in size—from small organizations with fewer than 100 employees to large enterprises with over 5,000 employees. A majority of respondents (57%) represent large companies with more than 1,000 employees. Most of the organizations (77%)
are privately held, while a smaller portion consists of state-owned enterprises and public sector entities.
Building and maintaining credibility and trust is a key success factor for companies. We hope that this report gives you additional insights useful for your own compliance journey.
Key findings:
- Compliance maturity still lags behind: Nearly half of companies don’t regularly test their compliance programs—many are still “operating in the dark.”
- Third-party risks are under-monitored: ESG supplier audits rarely uncover breaches, yet third-party risk management tops the list for improvement plans.
- Digitalization is slow—but essential: 47% of compliance functions haven’t started implementing digital tools, and only 4% use AI for decision-making.
- ESG risk tolerance is unclear for many: Just 66% say leadership has defined ESG risk limits, and new risks like cybercrime and lack of diversity are gaining attention.
- Legislation is reshaping compliance priorities: 74% report increased efforts due to laws like EU CSRD and the Norwegian Transparency Act—but impact on affected communities remains uncertain.
