Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Payments and Crypto: 2023 Regulatory Challenges

Insights on regulatory authority and guardrails; instant payments and controls; and disputes, complaints and claims

Expanded use of digital payments and crypto and digital assets in combination with broader acceptance of faster payments networks increase the need for defined regulatory authority around key risk areas—all companies in the digital ecosystem must ensure effective controls to mitigate these risks.

Explore here insights on Payments and Crypto from the KPMG report Ten key regulatory challenges of 2023.


Regulatory authority and guardrails

Agencies will continue to warn on the risks and look to establish more codified authority and guardrails within the payments and digital asset space. Topics will range from payment stablecoins and central bank digital currencies (CBDCs) to regulatory authorities and frameworks and financial stability risks.

Congress will likely be asked to consider legislation in several areas around digital assets based on agency recommendations, including legislation that would:

  • Grant clear regulatory authorities, including rulemaking, examination, and enforcement for crypto assets to financial regulators (including CFTC and SEC), and in particular around spot markets for “non-security” crypto assets.
  • Authorize the issuance of a U.S. CBDC.
  • Establish a federal prudential framework for payment stablecoin issuers, addressing market integrity, investor and consumer protection, and payment system risks.
  • Establish federal oversight over custodial wallet providers and other affiliates or subsidiaries of crypto-asset entities.

Congressional and agency inquiries and investigations will also increase in the payment space, as innovation continues and more non-traditional and retail players enter the market.

Regulators will use existing regulatory and supervisory authorities to address current and emerging risks related to digital assets, and regardless of whether additional authority is granted by Congressional action:

  • Banking regulators (FRB, FDIC, and OCC) will permit banks to engage in certain crypto asset, stablecoin, and distributed ledger activities upon review of their safety and soundness, financial stability risks, and consumer protections, and receipt of a non-objection from their primary regulator.
  • SEC will work to register and regulate crypto assets that are securities, related issuers, platforms and exchanges, and offers and sales, as well as ensuring compliance with disclosure requirements.
  • CFTC will work towards similar registration and regulation for crypto-asset derivatives and associated entities.
  • Registration and regulation will require a framework to address key risk areas, including consumer and investor protections (e.g., fraud, theft, privacy, access, disclosures, custody), financial crimes (e.g., AML/CFT, sanctions), and payments activities (including stability of stablecoin structure).


Instant payments and controls

Given the expanded regulatory attention to real-time payments and to the use of digital assets, regulators will be particularly focused on:

  • Data security
  • Network and service reliability
  • Liquidity sufficiency
  • User experience (ease of interface and payment processes)
  • Dispute and resolution attainability
  • Consumer protection, including account holds/freezes and access to payments/funds
  • Fraud and financial crime mitigation, including due diligence (KYC), BSA/AML/CFT, and reporting

Similarly, regulators have indicated a sharpening focus on payments-related areas, such as:

  • Peer-to-peer (P2P) payments
  • Non-bank platforms and services (e.g., fintechs and retailers)
  • New digital products
  • Distributed ledger (or “blockchain”) technology as a potential replacement to traditional payments clearing
  • Access to the Federal Reserve Bank accounts and payments services (e.g., novel charters)

FedNow Service. The FedNow Service, the FRB’s real-time payment system, is expected to launch in mid-2023, and will be accessible to financial institutions of any size that are members of Federal Reserve System. It will serve as an alternative to the existing private-sector real-time payments system (i.e., The Clearing House RTP (Real-Time Payments) network) and is intended to address concerns about economic security should the single service become unavailable.

The Department of the Treasury has recommended that the U.S. government consider the following actions with regard to instant payments:

  • Promote development and use of innovative access technologies to facilitate greater consumer access and use (including standards for interoperability, public-private partnerships, and expanded eligibility).
  • Support government use of instant payment systems, especially in areas such as distribution of disaster, emergency, or other government-to-consumer payments that could potentially provide more rapid support for underserved communities.
  • Establish a federal payment framework for nonbank payment providers that would complement existing federal requirements, including consumer protection and AML/CFT, providing a potential pathway for nonbank payment providers to participate directly in instant payment systems. 


Disputes, complaints and claims

Regulators, state AGs and Congressional members are paying close attention to how companies’ handle consumer and investor disputes, complaints, and claims related to payments.

Key areas of ongoing regulatory interest include:

  • Procedures and governance, including processes around account holds and freezes.
  • Customer communication protocols (outreach, follow-up, and resolution).
  • The application of account credits.
  • Analytics and reporting, including root cause and disparity analyses.
  • Timeliness to remediation and resolution.
  • Evidence of analyses informing changes to processes, procedures, or controls.

Regulators and enforcement agencies will utilize disputes, complaints and claims data to help guide examinations and investigations, as well as support enforcement allegations.  Financial institutions will be expected to have robust programs in these areas that both mitigate fraud risks and are demonstrably favorable to consumer protections. 

The ever-evolving risk and regulatory landscape means that companies must constantly remain well-informed, nimble and measured. They must look to address these new and emerging risks within appropriate risk appetites and via a robust control environment. They also must ensure clear and consistent reporting to a myriad of stakeholders and across a varying (and growing) set of risks.

Nancy Luquette

Chief Risk Officer, S&P Global

Call to action: Payments and Crypto

  • Develop capability assessments for digital asset product offerings and operations, as well as for risk and compliance frameworks adequate for the proper licensing, registration, issuance, and/or use of digital assets
  • Establish and enhance internal risk policies, procedures, and controls for digital assets and payments, including analyzing risk profiles, customer due diligence (KYC) operations, BSA audit programs, and AML/CFT programs
  •  Produce actionable and relevant digital asset information for board and senior management reporting
  • Understand how data is being used and monetized and whether any behavioral targeting may be inconsistent with customer expectations
  •  Evaluate existing regulatory change management framework and ensure integration of appropriate risk partners in strategy discussions, development, and regulatory approvals, as needed

Dive into our thinking:

Ten Key Regulatory Challenges of 2023

Read our report for client perspectives, regulatory recaps, and actionable steps to help mitigate risk.

Read more

Explore more

Get the latest from KPMG Regulatory Insights

KPMG Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments.

Thank you

Thank you for signing up to receive Regulatory Insights thought leadership content. You will receive our next issue when we publish.

Get the latest from KPMG Regulatory Insights

KPMG Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments. Get the latest perspectives on evolving supervisory, regulatory, and enforcement trends. 

To receive ongoing KPMG Regulatory Insights, please submit your information below:
(*required field)

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.