Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Risk, reward, and regulation: Generative AI’s delicate balance

Anticipating AI’s regulatory risks is essential to unlocking its potential innovations—and future-proofing your business despite uncertainty.

At a time when generative artificial intelligence (AI) seems to be moving at the speed of light, the importance of managing the related risks is shooting up the C-suite’s priority list just as quickly.

Risk and compliance experts are being challenged to keep up, but then that begs the question: Keep up with what? Formal laws around AI and generative AI (GenAI) technologies, or even informal guidelines, have not yet been established, so company leaders must proactively set appropriate protocols of their own to ensure safety, fairness, and ethical usage.

They must also understand where the regulatory trends are going as legislative scrutiny intensifies and AI systems in general become more user-friendly, accessible, and ubiquitous. In many ways, companies need to be as adaptable as GenAI itself by continuously evaluating inherent biases, transparency, governance, and data privacy—and then updating their approach accordingly.

For context, our recent 2023 KPMG Generative AI Survey gathered insights from 200 senior US business leaders about the transformational impact this emerging technology is already having on their businesses, as well as how they’re navigating adoption amid a regulatory fog that’s been slow to lift.

For now, most are moving forward with a mix of intent and caution:

Nearly 8 in 10 business leaders say that unclear and evolving regulations are impacting the time, money, and people investments they’re making in AI.

On the other hand, a third of them say they aren’t slowing their adoption of AI at all, while another 41 percent are willing to watchfully wait—but not longer than six months for fear of losing ground to competitors.

How can organizations innovate and adopt technologies like generative AI while ensuring trust and compliance? The industry leaders we talked to identified three near-term areas of focus, as we outline in our new report, “Where will AI/GenAI regulations go?”

Focus area #1: The regulations

Debate about what guardrails, if any, should be placed around AI is almost as hot as the technology itself. Existing regulations that apply to all “automated systems” also regulate the use of AI as well. Still, many believe that this is not enough.

Over the past six months, bipartisan legislation has been introduced in both the US House and Senate around AI disclosure. The European Union just released landmark legislation that would regulate AI following a risk-based approach. Meanwhile, more than two dozen states have introduced bills aimed at protecting consumers from the misuse of AI.1

The business leaders we surveyed identified several key legislative areas they’re watching:

Risk management

Which includes protections against inappropriate or discriminatory uses of AI

Fairness

Which includes AI applications that encroach on consumer- and employee-protection laws

Privacy

Which includes access, consent, use, and safety of consumer data.

Of course, this is only the legislation business leaders can see coming. Regulations are evolving quickly, and leaders don’t believe that pace of change will slow anytime soon.

Focus area #2: The complexity

The promise of AI is as evident as the peril, and that’s precisely the challenge business leaders face when it comes to adoption. Legal compliance is likely to diverge across state, federal, and global jurisdictions. There are moral and ethical considerations as well—not to mention consumer sentiment that will heavily influence each leader and organization.

In this environment, it’s difficult to anticipate where the puck is going, given the dozens of possible caroms and redirections. (If only business leaders could ask ChatGPT what to do.) What is clear, according to the executives we interviewed, is what organizations can do to set themselves up for success, no matter how regulations change or where they land. That includes:

1

Evaluating enterprise risk, including discrimination and fairness, as well as data collection, protection, and ownership

2

Improving enterprise-wide understanding of AI, including the benefits, risks, limitations, and constraints

3

Determining how AI aligns with organizational values, with an eye toward implementing risk management strategies across the AI lifecycle.

Focus area #3: The risks

Speaking of risk management: Like the benefits of AI, the potential risks of emerging AI regulation span the entire enterprise as well, landing on the desks of those responsible for data, privacy, security, intellectual property, and more.

To mitigate these threats, companies must holistically assess the purpose and application of the technology across the organization. What’s more, leaders must prepare for—and feel comfortable operating in—an environment of continuous regulatory change.

This requires having a robust understanding of what regulators are looking for, from responsible design, to effective validation, to sound governance, and controls. But it also means standing up the internal capability to monitor developments in real time and adjust business models accordingly.

Where to go from here?

Effective AI adoption means reinventing traditional approaches to risk management. To that end, KPMG has created a four-part framework that organizations can use as a guide:

1. Establish governance

  • Establish AI governance framework
  • Develop organization-wide policies with clearly defined roles and responsibilities
  • Educate stakeholders on risks and usage policies
  • Establish transparency principles and policies
  • Incorporate AI into model risk management framework
  • Establish protocols for AI modeling usage

2. Identify risks

  • Monitor AI regulatory developments
  • Ensure control implementation by appropriate stakeholder groups
  • Align AI standards with appropriate regulatory requirements
  • Validate oversight of enterprise AI use and deployment standards
  • Establish consistent contracting and AI deployment requirements for third parties
  • Establish mechanism for identifying, reporting, and managing AI vulnerabilities
  • Assess ethical or societal impacts of planned AI usage
  • Monitor legal considerations of external-facing deployments

3. Understand strategy

  • Inventory enterprise AI landscape, including planned use cases, models, and tools
  • Align vision, strategy, and operating model for AI solutions
  • Establish board-level oversight
  • Assess use cases and vendor landscape for each AI solution
  • Monitor third-party risks associated with data protection, storage, and access
  • Evaluate/acquire software tools to monitor ongoing data and AI pipeline security and privacy
  • Incorporate AI assessment into annual risk assessment process

4. Monitor deployments

  • Assess AI risks in compliance, governance, security, fairness, bias, accuracy, and explainability
  • Evaluate access, API/interface, data security, privacy, and change management controls
  • Assess AI testing, training, and deployment standards
  • Assess financial reporting impact
  • Identify KPIs to monitor AI outcomes, as well as detect anomalies, fraud, data poisoning
  • Assess AI solution resiliency and reliability


These pillars contain more than two dozen suggested recommendations and next steps to establishing a comprehensive thorough oversight framework that will help companies move forward not only proactively, but also purposefully. Consider them your checklist for intelligent, mindful, and successful AI adoption.

For over a decade, KPMG has been innovating with AI to help clients prepare, accelerate, and achieve value. We are a proud member of the Responsible AI Institute (RAI Institute), which is a global and member-driven non-profit dedicated to enabling successful responsible AI efforts in organizations.

Footnotes

National Conference of State Legislatures, September 27, 2023:

KPMG recognized as a leader in risk consulting

KPMG is proud to again rank No. 1 across multiple risk advisory categories in the Source study: Perceptions of Risk Firms 2023. These categories include First Choice in Financial Risk; First Choice in Third Party Assurance; and 1st for Client Advocacy in Risk.

Learn more

Securing AI solutions

We have pioneered many advanced AI technologies and accelerators, such as our development and spin-out of Cranium, a cutting-edge software company that enables organizations to secure their AI technologies.

Explore more insights and opportunities:

Subscribe to receive the KPMG Opportunity (In)sight Newsletter

Turn insight into opportunity with unique perspectives and actionable insights addressing the burning issues atop the C-suite agenda. Delivered monthly.

Thank you

Thank you for subscribing to the KPMG Opportunity (In)sight newsletter. Be on the lookout for Opportunity (In)sight, a monthly newsletter from KPMG providing unique and data-driven perspectives into the most pressing C-suite issues.

Subscribe to the KPMG Opportunity (In)sight Newsletter

Turn insight into opportunity with unique perspectives and actionable insights addressing the burning issues atop the C-suite agenda. Delivered monthly.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Headline