Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results

'Threat Actors'

Expanding regulatory expectations around the detection, mitigation, tracking and remediation of ‘threat actors’

Financial crime

Technological developments, geopolitical events, and evolving interconnections and  interdependencies in financial networks can increase financial crime risks, exposures, and  complexities. Regulators will continue to be vigilant in supervising and examining firms’  defenses against financial crimes, such as terrorist financing, money laundering, beneficial  ownership, sanctions or tax evasion, trafficking (e.g., drug, human), cybercrime, and potential  compliance violations.

As part of these efforts in 2024, regulators will scrutinize:

  • Data Traceability: Abilities to demonstrate, and report on, the traceability of data at both the  customer and transaction level, as well as across business processes, systems of record, and  systems of origin.
  • Transaction Monitoring: The quality of transaction monitoring and surveillance systems,  processes, and controls, with expectations for increased accuracy and consistency, as well as  better and more efficient outcomes via automation. Regulatory focus in areas such as BSA/  AML/CFT, trading activity, and KYC/CDD and beneficial ownership monitoring will continue  along with attention to preparations for implementing risk-based compliance programs in  these priority areas.
  • Expanded Threats: The adequacy and continual improvement of threat detection, monitoring,  and response capabilities, including the reliability of processes (e.g., due diligence, access, safeguards) and coverage of novel and emerging threats and vulnerabilities (e.g.,  virtual currencies, sanctions evasion, malware/ransomware, human rights/forced labor,  organized crime).

Fraud

Regulators report that the costs to consumers and firms from fraud, identity theft, and  other “scams” are increasing. Similar to financial crime, technological advancements  (e.g., automated systems, crypto and digital assets, digitalization) and developing  interconnections and interdependencies will drive regulators to continue to evaluate  safeguards against fraud and other scams and consumer protections.

Expect regulators to focus on:

  • Safeguards: Risk and fraud model management and controls related to existing and  new products, services, customers, and geographic operations, including consumer  protections from fraud, identity theft, and other scams.
  • Consumer Treatment: Fair processing and treatment of consumer complaints, claims,  and disputes within the fraud and investigation processes, as well as the clarity of  consumer communications. Areas of focus will include data sharing (e.g., large data  models, data sharing with third parties and affiliates, customer permissioned sharing),  payments authentication procedures (e.g., P2P), model development and validation,  account holds and freezes, and ongoing oversight and monitoring of synthetic identity fraud.
  • Crypto & Digital Assets: Continued investigations and enforcement of non-compliance  with existing regulations (e.g., unregistered offerings or sales of crypto asset securities  or derivatives products, false statements, market manipulation, red flag indicators).

Misconduct

Regulators are similarly giving heightened attention to conduct risk and ethical business practices;  regulators view conduct risk as connected to risk culture and to the integrity and reliability of  reporting, marketing/advertising, and customer interactions, which are essential to building trust.

As part of their role to safeguard public trust and confidence in the financial services industry,  expect regulators to focus on:

  • Threat Detection and Monitoring: The presence of:
    • Continual process improvement to identify, adapt, monitor, and respond to changing tactics  from threat actors, as well as to timely remediate issues, as necessary.
    • Mature insider risk programs, inclusive of behavioral models and scenario analysis, to reduce  the likelihood of insider corruption and financial crime risk (e.g., authentication/access  management, synthetic identity fraud).
    • Surveillance programs to monitor use of digital devices, third-party messaging platforms, and  e-communication social tools.
  • Compliance Culture: A culture of compliance and “individual accountability,” including  incentives for ethical behavior and culture commitment (e.g., cooperation with supervisors,  proactive identification of misconduct, self-disclosure, timely remediation), disincentives for  misconduct (e.g., compensation “clawbacks”), and business practices that place the interest of  customers first (e.g., avoidance/disclosure of conflicts of interest).

What to Watch

Key regulatory actions to watch related to fraud, financial crime, and misconduct, include:

  • AML Supervision and Enforcement: Regulators identify BSA/AML/CFT compliance, CDD, and beneficial ownership as key areas of examination focus; the importance of AML program examinations is elevated due to the geopolitical environment and sanctions activity. Intensifying supervision and enforcement may include data traceability, transaction monitoring, suspicious activity reporting, independent reviews, and employee training.
  • FinCEN Supervision and Examination Priorities: Forthcoming FinCEN rules requiring  financial institutions to carry out risk-based programs for government-wide AML and  CFT priorities. Pending Corporate Transparency Act regulations (including the beneficial ownership information reporting rule, related safeguards and access rule, and anticipated  revisions to CDD Rule requirements).
  • “Covered Technologies” and Conflicts of Interest: SEC proposal “to eliminate conflicts  of interest associated with interactions with investors [e.g., correspondence, online,  advertising] through the use of technologies [e.g., predictive analytics, AI, ML] that  optimize for, predict, guide, forecast, or direct, investment-related behaviors or outcomes.” 
  • Regulatory “Trust”: Growing expectation for ongoing collaboration, adaptability, and  communication among financial industry participants and regulators to strengthen public  “trust” in the financial services industry.

 

Call to Action…

  • Enhance technology and analytics: Assess/pilot/adopt innovative approaches (e.g., AI/  GenAI, enhanced data analytics) to enhance fraud and financial crime risk management  and augment or potentially replace legacy systems. Establish associated parallel testing  processes and robust governance structures.
  • Strengthen client onboarding: Implement analytics and automation in client onboarding  processes and strengthen processes to gather, store, report, and monitor KYC  information, including beneficial ownership, as appropriate.
  • Develop a mature insider risk program: Promote a culture of compliance through  ongoing communication, consistent enforcement of consequences for violations, and  clear behavioral expectations. Implement tailored training and awareness programs for  all personnel. Leverage technical tools and advanced analytics to monitor behavior and  human input to identify anomalous insider behavior.
  • Mitigate synthetic identity fraud (SIF): Deploy a multilayered approach, including  manual and technological data analysis, for SIF risk assessment. Utilize additional data  sources beyond basic personally identifiable information (PII). Implement robust link  analysis processes to monitor transactions, entities.
  • Strengthen security: Establish robust authentication and access protocols for real-time  and faster payments to minimize account takeover and social engineering risks. Enhance  controls around regulatory focus areas, such as malware, phishing, credential stuffing,  and identify theft.

Explore more

Regulatory Insights

A source for updates and perspectives on regulatory activity and issues

Read more

Meet our team

Image of Amy S. Matsuo
Amy S. Matsuo
Principal, Growth & Strategy, Regulatory Insights, KPMG LLP
Read bio
Image of John Caruso
John Caruso
Principal, Forensic, KPMG US
Read bio
Image of Chad Polen
Chad Polen
Partner, Advisory, Financial Services Risk, Regulatory & Compliance, KPMG US
Read bio
Image of Amy S. Matsuo
Amy S. Matsuo
Principal, Growth & Strategy, Regulatory Insights, KPMG LLP
Read bio
Image of John Caruso
John Caruso
Principal, Forensic, KPMG US
Read bio
Image of Chad Polen
Chad Polen
Partner, Advisory, Financial Services Risk, Regulatory & Compliance, KPMG US
Read bio

Explore other services tailored to your business

Service
Financial crimes
Read more
Service
KPMG Forensic
Read more
Service
Financial Services Risk, Regulatory and Compliance
Read more

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2025 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline