Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Risk Sustainability

Demonstrate “sustainability” of risk functions by embedding it across risk pillars, financial analysis, and business as usual

Proving sustainable processes

Regulators will expect evidence of the sustainability of risk management and governance  processes, including the ability to address current and emerging risks, adequacy of  resources (e.g., technology investment, skilled staffing), and a commitment to ethics and  compliance. 

Firms will need to demonstrate:

  • Risk Culture: Credible firm culture and values (e.g., rewards for compliant behaviors  and accountability, deterrents for misconduct), as well as a sound approach to assessing  and monitoring risk culture.
  • Risk Quantification and Integration: Abilities to ‘quantify risks previously qualitative’,  as well as link (in a dynamic/integrated way) to risk monitoring, “outside-in” analyses  (e.g., industry enforcement, negative news), and issues management.
  • Business Changes: Evidence of sustainable processes and effective risk coverage,  including metric-driven capacity models to determine resource needs during times of  cost containment, growth, or changes in business and parallel run exercises for new  model/tech adoption.

Issues and remediation:

Regulators will continue to evaluate firms’ management and remediation of issues,  including their issues identification processes, adequacy and robustness of risk  assessments, and associated actions, as well as effective challenge to issues  management. In 2024, firms should expect regulators to focus on the following aspects of these areas:

  • Issues Management: Scrutiny will focus on:
    • The degree of issues self-identified by the business line as well as by the 2nd and 3rd  lines, including the associated timing to size, mitigate, and resolve the issues.
    • Deficiencies in data or reporting (e.g., data quality, timeliness, accuracy, board and  management reporting) are quickly identified and appropriately remediated.
  • Risk Assessment: Regulators will expect adequate and robust analysis of complaints,  disputes, and claims information for systemic issues, as well as demonstration of  actions taken based on the risk assessments (e.g., modification of products/services,  enhancement of process controls, and clarifications to product terms or disclosures).
  • Effective Challenge: Regulators will likewise look for:
    • A continuous “loop” from issues management to risk assessment (inherent and  residual)
    • Quality assurance and review processes that demonstrate effective challenge of  issues outcomes and remediation.

Climate sustainability risk

At the federal, state, and global levels, regulators (banking, capital markets, and insurance) continue to  push forward with supervision of climate-related financial risk management and to put forth new rules  and guidance, increasing the risk of divergence (e.g., federal vs state, federal vs global, state vs state)  and challenging firms as they look to set sustainability priorities and/or execute on their commitments  and transition plans. As the regulatory landscape evolves, regulators will be assessing:

Risk Management and Governance: Physical and transition risks will drive regulators to scrutinize:

  • Processes for assessing, identifying, and managing emerging and material climate-related risks.
  • Policies, procedures, and limits that reflect changing risk characteristics or firm activities.
  • Strategic planning, board oversight, and management’s effectiveness, including roles,  responsibilities, and applicable acumen or experience/expertise.
  • Data, risk metrics, and modeling methodologies, including quantitative climate scenario  analysis (such as outlined in the FRB Pilot Scenario Analysis) with clear objectives reflective  of overall climate risk management strategy and adequate oversight, validation, and quality  control standards.

Reporting: Climate risk information should be integrated with internal reporting, monitoring, and  escalation processes, as well as effective risk data aggregation and external and regulatory reporting  capabilities. The scope of reporting and disclosures may include:

  • Strategy.
  • Risk management.
  • Governance.
  • Scenario analysis.
  • GHG emissions (Scopes 1, 2, 3).

Regulators will assess the accuracy and alignment of a firm’s reporting with its public statements,  commitments, strategy, and products/services marketing (e.g., attention to risk of “greenwashing,”  following through on commitments (including net zero), and tracking through transition plans).

What to Watch

Regulators are increasingly assessing the “sustainability” of firms’ internal culture and processes, issues management and remediation, and most visibly, climate-related sustainability risks. Key regulatory actions to watch will include:

  • Supervision of “Persistent Weaknesses” at BanksNew OCC policies and procedures outlining supervisory or enforcement actions the agency may take against firms with  “continuing, recurring, or increasing deficiencies over a prolonged period” and particularly  when the firm has not made “sufficient progress” toward correcting deficiencies. Includes money penalties, remediation plans, and/or growth restrictions, or in certain cases, divestiture, and simplification.
  • Climate Risk Disclosures: SEC climate risk disclosure rules for public companies, covering climate risk management, strategy, governance, and certain metrics related to financial  statements and greenhouse gas (GHG) emissions. The rules are subject to wide-ranging debate  and legal challenges are anticipated.
  • Climate Scenario Analysis and Risk Management: A climate scenario analysis exercise, looking at multiple scenarios within physical and transition risk modules, conducted by the FRB  throughout 2023 to help FRB “learn about large banking organizations’ climate risk management  practices and challenges, and to enhance the ability of large banking organizations and  supervisors to identify, measure, monitor, and manage these risks.”
  • Final Principles for Climate-Related Financial Risk Management: Interagency guidance for large banks to identify, measure, monitor, and control climate-related financial risks. Identifies  six principles and six specific risk areas.

Call to Action…

  • Establish accountability across lines of defense: Hold each of the three lines of defense  accountable for managing risk; investigate weaknesses in one line to possible weaknesses in the  other two; voluntarily and timely self-disclose identified weaknesses and violations of laws and  regulations; cooperate with investigations.
  • Ensure consistency in reporting and disclosures: Adopt a uniform approach to both mandatory  and voluntary reporting and disclosures; maintain transparency, accuracy, and consistency with  actual strategies and activities across all reporting (financial and nonfinancial) and public-facing  statements and/or disclosures.
  • Operationalize sustainability and climate: Embed climate-related risks within the organization’s  broader risk governance and risk management frameworks. Develop and implement robust  processes for identifying, assessing, managing, and monitoring climate-related risks across all  business areas and risk pillars.
  • Reassess your risk culture: Establish an effective compliance program and foster a culture that  deters misconduct and promotes ethics and compliance. Incentivize responsible behavior and  involve employees by holding them accountable for the proper use of risk policies and to take  ownership of the organization’s strategy. Enable employees to do what is required in terms of  managing risks by clearly making the risk responses and the effects thereof visible within the  organization.
  • Show critical challenge of sustained change: Integrate critical challenge (e.g., escalation  procedures, actions initiated, decisions made, and proof of altered/terminated paths based on  risk determinations) into risk and governance frameworks; document root cause analysis and  remediation; automate controls where possible; conduct ongoing monitoring and testing of  sustained change.

Dive into our thinking:

Ten Key Regulatory Challenges of 2024

Download PDF

Explore more

Regulatory Insights

A source for updates and perspectives on regulatory activity and issues

Read more

Explore other services tailored to your business

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.