Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Scrutiny and Divergence: 2023 Regulatory Challenges

Insights on increased supervision and enforcement, regulatory democratization and divergence, and the three lines of defense

Regulatory scrutiny and enforcement activities will increase.  Examinations and investigations under existing regulations will increase in scope coverage as regulatory “perimeters” expand via established jurisdictional authorities. Divergences and debate on jurisdictional authorities will continue across federal, state, and global regulations and frameworks—exacerbated by social and political divides as well as a heightened value to “regulatory democratization.” 

Explore here insights on Scrutiny and Divergence from the KPMG report Ten key regulatory challenges of 2023.



Increased supervision and enforcement

Regulators will continue to apply existing regulations to new products and service areas. This will bring heightened scrutiny to areas of ethics and conduct and consumer and investor protections, and will lead to expanded examinations and increased volumes of regulatory matters tied to business, technology, operations, and risk functions.  

Supervision will also be directed to new and evolving areas. Common themes across all regulators include fairness, digitalization, crypto and digital assets, cyber security, climate-related risks, competition, and financial crime (BSA/AML/CFT). Regulations and guidance that supervisors will be reviewing closely include:

  • SEC: Investment Adviser Marketing Rule; private funds and hedge funds, including amendments to Form PF (with CFTC); amendments to Proxy rules; ESG-related rules, including proposals for the Names Rule and disclosures of Human Capital, corporate board diversity, and ESG investment practices; digital engagement practices; proposals to “modernize” equity market structure (including order routing, conflicts of interest, best execution); registration and regulation of crypto assets that are securities; records retention and disposal.
  • FINRA: Regulation Best Interest and Form CRS; order handling, best execution, and conflicts of interest; communication and disclosure of complex products; supervision of mobile applications and consumer interactions; third-party vendor risks; customer account information (e.g., designation of registered individuals as a customer’s beneficiary, executor/trustee, or power of attorney holder).
  • FRB: Real-time payments; access to the Federal Reserve Bank accounts and payments system (including novel charters); capital changes; large bank resolution planning; bank merger analysis; “fairness” policies based on financial capability, access, and consumer protection; stablecoins and other crypto assets.
  • OCC: Technological innovation (fintechs, payments, banking-as-a service (BaaS); information technology (IT security controls, change management, operational resilience); credit, allowance for credit losses, interest rate risk; third parties and related concentrations; bank mergers analysis; novel charters; community reinvestment act; climate-related risk.
  • CFPB: Application of UDAAP to discriminatory conduct across lifecycle of consumer financial services products and services; supervision of nonbank financial service providers (servicers, payment processers, fintechs, Big Tech);Consumer fees, including policies and practices related to transparency, clarity, and application; Consumer credit reporting; small business data collection; relationship, transactional, and algorithmic banking (e.g., complaints management, customer service, use of algorithms, automated decision making, valuation models); payments and international money transfer markets; “open banking;” repeat offenders. 


Regulatory democratization

Regulators will continue to actively seek consumers’ commentary, complaints, and input in an effort to help direct and defend new/expanded regulations, as well as supervisory and exam focus. Key areas will include:

  • Proactive, direct solicitation of consumers’ and investors’ experiences with specific financial products and services, their associated underlying regulations, and areas such as disclosures, fees, and customer service interactions (live interactions, bots, accessibility, resolution).
  • Complaints portal activity to guide and/or confirm areas of regulatory focus; may be factored into supervisory practices and investigations as a “should have known” standard.
  • Proxy rules that increase opportunity for shareholder proposals and votes to be considered, including in the election of directors, merger applications, and ESG-related concerns.
  • Fiduciary duties of investment advisers to carry out investor preferences inclusive of ESG matters alongside investment return. 


Regulatory divergence

Approaches to various ongoing and emerging risks diverge across federal, state, and global regulators and standards setters, due in part to social and political pressures and in part to debates on jurisdictional authorities. Such differences are unlikely to abate in the near term and, in some cases, may be aggravated by litigation and/or judicial action. Areas to watch include: 

  • U.S. alignment in principle with other global jurisdictions and standards but divergence in U.S. laws and regulations, such as:
    • ESG/Climate (SEC, TCFD, ISSB, EFRAG).
    • Crypto assets (SEC, CFTC, Banking Regulators, countries with CBDCs, FATF).
    • Basel capital implementation (slow uptake in the U.S.)
    • Data privacy (no overarching federal law).
  • Differences between state and federal regulations, especially in instances where federal regulations have not yet been finalized, such as:
    • New York’s law imposing a “bias audit” requirement on firms using AI tools in employment decisions (beginning 2023).
    • California’s Consumer Privacy Rights Act (augmenting the CCPA beginning 2023).
    • Texas’ ban on local and state government entities contracting with financial companies that “boycott” fossil fuel-based energy companies or the gun industry.
  • Industry-driven legal challenges, such as challenges to the funding structure of the CFPB; the CFPB’s expansion of UDAAP beyond fair lending laws and regulations; SEC’s climate disclosure requirements (as proposed); and FRB review of requests to access the Federal Reserve Bank accounts and payments services by institutions with novel charters.
  • Congressional testimony on “appropriate” jurisdictional authorities, particularly related to crypto assets. 


Across the three lines

Companies are expected to hold each of their three lines of defense accountable for managing risk. Regulators will:

  • Connect risk management failures in one line to weaknesses in the other two lines. 
  • Hold individuals and groups accountable for misconduct in addition to their companies (and DOJ says it will expedite investigations of individuals).  
  • Favorably view/credit companies that voluntarily and timely self-disclose identified weaknesses and violations of laws and regulations and cooperate in investigations; self-disclosure practices are factored by regulatory agencies into the severity of ratings and fines.
  • Set high expectations for companies to be aware of emerging risks and the conduct of their employees.
  • Encourage companies to establish effective compliance programs and foster a culture that deters misconduct and promotes ethics and compliance. Regulators will look for investment (people, process, and technology) to prevent, detect, and respond to ethics and compliance matters as well as demonstrable reporting of issues (identification, notification, escalation, and resolution (inclusive of monetary action.)

Supervisory activity will remain fast-paced and dynamic, amid global economic transition and geopolitical developments. It is more important than ever to remain current on regulatory and industry trends, maintain open and constructive regulatory interactions, embed accountability and responsiveness, and keep all stakeholders up to date. We must keep focused on execution of programs and commitments, emerging risks, and escalation of concerns early to demonstrate management awareness and ability to separate out what is significant from the 'noise'.

Jackie LiCalzi

Jackie LiCalzi

Managing Director and Global Head of Regulatory Relations Group, Morgan Stanley

Call to action: Scrutiny and Divergence

☑ Ensure effective current and emerging regulatory tracking and inventory

☑ Dynamic mapping of regulations and regulatory expectations to risk assessments and to risk controls

☑ Development and execution of “regulatory routines”, inclusive of process automation and data analysis for consistency and trends (including for regulatory requests and corporate responses)

☑ Demonstrable enhancements to ethics, compliance and culture/conduct incentives and deterrents 

Dive into our thinking:

Ten Key Regulatory Challenges of 2023

Read our report for client perspectives, regulatory recaps, and actionable steps to help mitigate risk.

Download PDF

Explore more

Meet our team

Image of Amy S. Matsuo
Amy S. Matsuo
Principal and National Leader, Regulatory Insights, KPMG US

Get the latest thinking from KPMG

KPMG Regulatory Insights comprise key industry practitioners and regulatory advisors from across the KPMG global network.

Thank you

Thank you for subscribing to Regulatory Insights thought leadership content. You will receive our next issue when we publish.

Get the latest thinking from KPMG

KPMG Regulatory Insights comprise key industry practitioners and regulatory advisors from across the KPMG global network.

Please enter your information to receive KPMG Regulatory Insights updates.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.