Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

'Threat Actors'

Expanding regulatory expectations around the detection, mitigation, tracking and remediation of ‘threat actors’

Financial crime

Technological developments, geopolitical events, and evolving interconnections and  interdependencies in financial networks can increase financial crime risks, exposures, and  complexities. Regulators will continue to be vigilant in supervising and examining firms’  defenses against financial crimes, such as terrorist financing, money laundering, beneficial  ownership, sanctions or tax evasion, trafficking (e.g., drug, human), cybercrime, and potential  compliance violations.

As part of these efforts in 2024, regulators will scrutinize:

  • Data Traceability: Abilities to demonstrate, and report on, the traceability of data at both the  customer and transaction level, as well as across business processes, systems of record, and  systems of origin.
  • Transaction Monitoring: The quality of transaction monitoring and surveillance systems,  processes, and controls, with expectations for increased accuracy and consistency, as well as  better and more efficient outcomes via automation. Regulatory focus in areas such as BSA/  AML/CFT, trading activity, and KYC/CDD and beneficial ownership monitoring will continue  along with attention to preparations for implementing risk-based compliance programs in  these priority areas.
  • Expanded Threats: The adequacy and continual improvement of threat detection, monitoring,  and response capabilities, including the reliability of processes (e.g., due diligence, access, safeguards) and coverage of novel and emerging threats and vulnerabilities (e.g.,  virtual currencies, sanctions evasion, malware/ransomware, human rights/forced labor,  organized crime).


Regulators report that the costs to consumers and firms from fraud, identity theft, and  other “scams” are increasing. Similar to financial crime, technological advancements  (e.g., automated systems, crypto and digital assets, digitalization) and developing  interconnections and interdependencies will drive regulators to continue to evaluate  safeguards against fraud and other scams and consumer protections.

Expect regulators to focus on:

  • Safeguards: Risk and fraud model management and controls related to existing and  new products, services, customers, and geographic operations, including consumer  protections from fraud, identity theft, and other scams.
  • Consumer Treatment: Fair processing and treatment of consumer complaints, claims,  and disputes within the fraud and investigation processes, as well as the clarity of  consumer communications. Areas of focus will include data sharing (e.g., large data  models, data sharing with third parties and affiliates, customer permissioned sharing),  payments authentication procedures (e.g., P2P), model development and validation,  account holds and freezes, and ongoing oversight and monitoring of synthetic identity fraud.
  • Crypto & Digital Assets: Continued investigations and enforcement of non-compliance  with existing regulations (e.g., unregistered offerings or sales of crypto asset securities  or derivatives products, false statements, market manipulation, red flag indicators).


Regulators are similarly giving heightened attention to conduct risk and ethical business practices;  regulators view conduct risk as connected to risk culture and to the integrity and reliability of  reporting, marketing/advertising, and customer interactions, which are essential to building trust.

As part of their role to safeguard public trust and confidence in the financial services industry,  expect regulators to focus on:

  • Threat Detection and Monitoring: The presence of:
    • Continual process improvement to identify, adapt, monitor, and respond to changing tactics  from threat actors, as well as to timely remediate issues, as necessary.
    • Mature insider risk programs, inclusive of behavioral models and scenario analysis, to reduce  the likelihood of insider corruption and financial crime risk (e.g., authentication/access  management, synthetic identity fraud).
    • Surveillance programs to monitor use of digital devices, third-party messaging platforms, and  e-communication social tools.
  • Compliance Culture: A culture of compliance and “individual accountability,” including  incentives for ethical behavior and culture commitment (e.g., cooperation with supervisors,  proactive identification of misconduct, self-disclosure, timely remediation), disincentives for  misconduct (e.g., compensation “clawbacks”), and business practices that place the interest of  customers first (e.g., avoidance/disclosure of conflicts of interest).

What to Watch

Key regulatory actions to watch related to fraud, financial crime, and misconduct, include:

  • AML Supervision and Enforcement: Regulators identify BSA/AML/CFT compliance, CDD, and beneficial ownership as key areas of examination focus; the importance of AML program examinations is elevated due to the geopolitical environment and sanctions activity. Intensifying supervision and enforcement may include data traceability, transaction monitoring, suspicious activity reporting, independent reviews, and employee training.
  • FinCEN Supervision and Examination Priorities: Forthcoming FinCEN rules requiring  financial institutions to carry out risk-based programs for government-wide AML and  CFT priorities. Pending Corporate Transparency Act regulations (including the beneficial ownership information reporting rule, related safeguards and access rule, and anticipated  revisions to CDD Rule requirements).
  • “Covered Technologies” and Conflicts of Interest: SEC proposal “to eliminate conflicts  of interest associated with interactions with investors [e.g., correspondence, online,  advertising] through the use of technologies [e.g., predictive analytics, AI, ML] that  optimize for, predict, guide, forecast, or direct, investment-related behaviors or outcomes.” 
  • Regulatory “Trust”: Growing expectation for ongoing collaboration, adaptability, and  communication among financial industry participants and regulators to strengthen public  “trust” in the financial services industry.


Call to Action…

  • Enhance technology and analytics: Assess/pilot/adopt innovative approaches (e.g., AI/  GenAI, enhanced data analytics) to enhance fraud and financial crime risk management  and augment or potentially replace legacy systems. Establish associated parallel testing  processes and robust governance structures.
  • Strengthen client onboarding: Implement analytics and automation in client onboarding  processes and strengthen processes to gather, store, report, and monitor KYC  information, including beneficial ownership, as appropriate.
  • Develop a mature insider risk program: Promote a culture of compliance through  ongoing communication, consistent enforcement of consequences for violations, and  clear behavioral expectations. Implement tailored training and awareness programs for  all personnel. Leverage technical tools and advanced analytics to monitor behavior and  human input to identify anomalous insider behavior.
  • Mitigate synthetic identity fraud (SIF): Deploy a multilayered approach, including  manual and technological data analysis, for SIF risk assessment. Utilize additional data  sources beyond basic personally identifiable information (PII). Implement robust link  analysis processes to monitor transactions, entities.
  • Strengthen security: Establish robust authentication and access protocols for real-time  and faster payments to minimize account takeover and social engineering risks. Enhance  controls around regulatory focus areas, such as malware, phishing, credential stuffing,  and identify theft.

Dive into our thinking:

Ten Key Regulatory Challenges of 2024

Download PDF

Explore more

Regulatory Insights

A source for updates and perspectives on regulatory activity and issues

Read more

Explore other services tailored to your business

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.