Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Risk Modernization | Cut costs, not quality

In this first article in our series, we explore practical approaches to reduce spend without sacrificing quality of risk management outcomes.

Risk management is at a tipping point.

The Trusted Imperative

The cost to maintain effective, regulatory-compliant programs is at an all-time high, with ever-evolving expectations that will only add to operating costs. In today’s uncertain economic environment, minimizing cost and improving an organization’s efficiency ratio are at the top of nearly every C-suite’s agenda. In fact, according to a recent KPMG survey, 85 percent of firms are accelerating their cost-cutting efforts.1

No department is exempt from this scrutiny, and risk leadership must be prepared to contribute to overall organizational cost-cutting targets.

Most efforts to date to reduce costs associated with risk management oversight and execution have failed to yield maximum and sustainable savings. In this paper, we explore practical approaches to reduce spend without sacrificing quality.

Balancing risk transformation priorities

It is important to recognize that cost takeout is not the only transformation driver for the risk organization (Exhibit 1). Most organizations also have initiatives underway to support: growth or strategic change (via products, service, or delivery channels), effectiveness and efficiency improvements (e.g., quality, consistency, extensibility, and confidence), regulatory compliance with new or emerging expectations from oversight bodies, and/or efforts to “de-risk” or reduce risk exposure. These transformation efforts are not mutually exclusive, often intersect, and must be effectively balanced to not significantly impact one another with unintended outcomes.

Exhibit 1: Risk transformation drivers

Going beyond incremental cost-cutting in risk management

Before launching cost-cutting efforts, it is imperative to analyze what is driving the incremental cost in risk management at any organization (Exhibit 2). This can be further divided between direct costs and cost avoidance categories, which can also be an unintended outcome of an ineffective risk infrastructure. While institutions vary, personnel and labor are typically the single largest contributor overall. This includes both the second-line risk function’s headcount to design, maintain, and oversee the risk framework, along with the first-line personnel who execute risk requirements. To begin, organizations must first understand their cost landscape across all lines of defense and then prioritize cost takeout efforts on the largest (controllable) contributors, balanced with the upfront investment and speed to realize the potential.

Ten levers for cost takeout in risk

A modern approach to risk management lowers costs while maintaining or improving quality. For risk executives, there are 10 primary cost-reduction levers to engage that can individually reduce costs but collectively yield significant costsaving opportunities:

1. Functional, organizational, and legal entity rationalization:

Rationalization of legal entity, functional, and organizational risk accountabilities to eliminate redundancies while aligning appropriate experience/skillsets in execution and oversight of risk taking

2. Product and channel simplification:

Rationalization of product offerings and channel delivery strategies to reduce the variability in associated risk and oversight burden, a decision that is typically led by the business

3. Location, geographic, or global sourcing:

Sourcing risk headcount from cost advantageous locations

4. Delivery model improvements:

Enhanced or streamlined operating models to execute risk requirements in a cost advantageous manner including use of centers of excellence, utility functions, or other consolidated delivery approaches; in many cases, these changes can be paired with low-cost  or global sourcing strategies

5. Outsourcing risk as a service:

Use of third-party vendors to execute select risk management oversight or execution activities on behalf of the first and second lines of defense

6. Integrating risk technology:

Common technology strategy to collect, maintain, and facilitate risk-related data (i.e., single platform or linked systems, data repositories)

7. Digitization of risk (e.g., cloud, automation, advanced analytics):

Digitized risk processes, documentation, and control environment including the use of automation and advanced analytics to gain efficiencies

8. Rationalizing foundational risk data and architecture:

Creating a single, rationalized, and clean source of truth of organization risk taxonomies, inventories, and data in an optimized architecture strategy

9. Risk simplification:

Alignment and rationalization of risk processes, assessments, and methodologies to streamline the annual burden of risk execution and oversight while still maintaining quality

10. Other expense optimization:

Rationalization of other risk oversight and execution-related costs not related to headcount, such as training programs and license fees

Pulling the levers

Not all levers are created equal and have unique impacts to the balance sheet. Some levers return immediate savings with little to no investment, while others require substantial up-front investment (Exhibit 3).

Exhibit 3: Measuring the impact on the balance sheet

 Levers for cost transformation 

Recognizing cost transformation


P&L impact

Macro cost lens     Cost reduction lever         Upfront investment Speed for ROIPotential cost savesPersonnelThird parties/ vendorsTools/ softwareTraining /licensesDiscretionary /other
Governance model 
& strategy

1. Functional, organizational, and legal entity rationalization



2. Product and channel simplification


Delivery model
3. Location, geographic, or global sourcing


4. Delivery model improvements


5. Outsourcing risk as a service

Tech modernization (platforms, digital)
6. Integrating risk technology

Data as an asset
7. Digitization of risk (e.g.,cloud, automation,advanced analytics)


8. Rationlizing foundational risk data and architecture

Risk execution
9. Risk simplification

10. Other expense optimization$Near-TermLow  

Correct sequencing is key

The sequencing of cost takeout efforts is critically important to get maximum benefit in the shortest timeframe. Traditional efforts to alleviate cost in risk management to date have yielded marginal results. These traditional efforts typically lead with technology or rush to automation without addressing the root causes that drive duplication and inefficiencies. These inefficiencies are then compounded as organizations move to establish centers of excellence to process high volumes of risk activities while still leveraging complex methodologies or include a push to offshore functions which still rely upon heavy onshore oversight.

Some of these efforts are being scrapped completely given the marginal yields and quality control issues to explore alternative delivery models, such as outsourcing to a third party, which often results in a loss of the upfront investment made. Unplanned and potentially short-sighted cost-cutting efforts are ultimately frustrating given the volume of rework, time to market, and multiyear investment required to yield marginal results or nonscalable solutions that do not keep pace with changes in the marketplace, evolving strategy, or modifications to regulatory expectations. The difference between strategic and thoughtful cost-takeout transformation versus near-term cost-cutting can be dramatic.

Sequencing cost takeout efforts through the lens of short-term savings and long-term savings can position an organization to methodically and purposefully build with the end result in mind. As illustrated, an organization should focus initial efforts on planning and ideation to clearly define intended outcomes and long-term target operating model. These are essential to maximizing cost savings with limited investment. Subsequently, organizations should then focus on enhancing root cause or foundational issues that result in higher costs before fully implementing the long-term vision.

Building the case for change

Many organizations have long-term strategic cost takeout and efficiency initiatives underway with demonstrable success and significant savings. These initiatives often require up-front investment and may take multiple years to achieve full cost takeout benefits given an initial effort to first remediate root issues.

In these examples, we explore two organizations’ multiyear efforts to reduce cost while increasing efficiency (Exhibit 5).

Exhibit 5: Cost reduction use cases

Supervisory simplification

With KPMG support, a large global investment bank was able to rationalize and automate key supervisory tasks resulting in a 50 percent reduction in volume and 80 percent reduction in administrative oversight.



80% reduction in administrative time/cost

Assessment convergence

KPMG helped a financial services firm coverage four regulatory assessments into one. These efforts resulted in the number of participants and hours spent per unit falling by more than 60 percent, the number of risks and controls by more than 90 percent, signoffs from 130 to just 11.

60% reduction in risk related headcount

While the long-term cost takeout opportunity is significant, it is equally important to demonstrate incremental savings and quick wins to both internal and external stakeholders alike. Some organizations are pursuing a dual track of cost takeout initiatives that includes utilizing short-term tactical solutions such as headcount or expense rationalization to reduce costs in quarterly increments while also executing against strategic initiatives to unlock maximum and sustainable savings. This approach has proven successful to demonstrate immediate savings to investors that builds to the strategic cost takeout vision and also garners organization support for further cost takeout investments.

Can your organization benefit from cost takeout ?

By analyzing and prioritizing responses to the following questions, risk leaders can ascertain the cost takeout levers deemed most impactful (Exhibit 6).

Exhibit 6: Important questions to ask

  • What is the ratio of time spent assessing risk vs managing it ?
  • Are there redundant risk oversight functions that can be consolidated?
  • What is our average cost per risk FTE?
  • Are our risk outputs consistent across businesses?
  • Have First/Second Line established duplicative capabilities (e.g., testing)?
  • How many manual risk processes do we operate today?
  • How many risk platforms do we utilize? Are they integrated?
  • Do we have the right skillsets, in the right marketplace, at the right cost supporting our risk programs?
  • Is our risk infrastructure ready to scale if needed?
  • Is there a single source of truth for risk data that is of quality, consistent granularity, and reliable?
  • How many first-line FTEs are involved in risk programs today?
  • Do we have the right people, focused on the right responsibilities?
  • Who is testing what for what purpose?
  • Are our risk programs and methodologies aligned?
  • What are our repeatable risk activities and can they be moved offshore?
  • What risk functions must stay in house?
  • Is our organizational and functional structure lean enough?
  • Is our data, processes, and control environment ready for a digital change?

Where do you start?

Cost takeout efforts should be thoughtful, strategic, and coordinated. Before launching any specific initiatives, organizations should:

  1. Identify and inventory existing direct and indirect costs associated with the delivery, oversight, maintenance, and execution of risk-related activities (across all lines of defense)
  2. Clearly define the organization’s intended outcomes or cost-saving targets (both short-term and long-term)
  3. Develop an organizational value proposition including expected return on investment
  4. Define the “must haves” for go-forward risk programs and execution
  5. Examine existing capabilities to identify redundancies, inefficiencies, and other pain points
  6. Define and prioritize cost takeout initiatives with critical path sequencing
  7. Understand other competing or complementary transformation initiatives that may consume organizational effort
  8. Establish a multigenerational/multiyear cost takeout roadmap, which is integrated with other organizational initiatives
  9. Establish quantifiable success measures to track and report progress
  10. Socialize roadmap internally (and externally) to gain organizational buy-in
  11. Start small and demonstrate savings fast (quick wins)
  12. Continuously evaluate, challenge, and modify your roadmap as the organization and marketplace evolves

How KPMG can Help: The Trusted Imperative

KPMG helps clients along every step of the risk transformation journey, including cost takeout, from identifying strategic enhancement opportunities to executing against them. This article is the first in a series that will examine crucial issues around the risk transformation journey. This will be followed by examinations of topics including accelerating digital migration, evolution of risk resources, and modernizing technology architecture.

To learn more about any of the topics in this article, please reach out to our authors.


1 Source: KPMG, “New Cost Imperatives in Banking”, 2021

Dive into our thinking:

Risk Modernization | Cut costs, not quality

Download PDF

Explore more

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.