3 steps to enhance your compliance monitoring and testing program
Tech-enabled analytics, monitoring, and testing advances are moving compliance from enforcer to innovator—but not without risks.
For compliance teams today, technology is a classic double-edged sword of risk and reward.
Rapidly evolving technologies like automated intelligence (AI), generative AI, machine learning, and automated systems are creating complex new risks for the organization, while drawing increasing scrutiny from regulators. Indeed, technology-related regulations and gaps in compliance monitoring were the top challenges cited by chief ethics and compliance officers (CCOs) in a recent KPMG Chief Compliance Officer report.
On the other hand, there’s no question that leveraging advanced technology is the way of the present and future. These innovations offer compliance teams significant rewards, including:
- AI-powered predictive models that create powerful new forward-looking approaches to risk identification and mitigation
- Advanced data and analytics (D&A) that deliver real-time updates and alerts
- Automation that streamlines time-consuming processes like data collection and ongoing monitoring, which frees up staff to spend more time on execution
- Generative AI applications that rapidly scan data from multiple sources, then generate reports and recommendations matching the best human outputs
That’s why 53 percent of CCOs in the survey said they want to enhance their technology and D&A capabilities, despite growing risks. And 63 percent expect increases in their technology budgets to focus on D&A, process automation, and artificial intelligence.
Set out below are strategies and techniques that compliance teams are employing to navigate the risk-reward matrix.
A three-step process can help CCOs launch enhanced monitoring and testing programs to allocate resources more effectively:
This involves automating and consolidating testing, monitoring, data analysis, and surveillance activities through consistent standards, policies, and reporting.
Information accuracy and availability are critical to measuring the effectiveness of compliance programs. Compliance teams need to collaborate with IT and other stakeholders to ensure they have a full view of the entire organization’s data infrastructure and governance processes.
Advanced D&A and automation can more effectively allocate resources, target higher-risk areas for mitigation, and streamline costs and time.
The road to tech-powered compliance
The starting point is a thorough review of all existing operations to determine if data and technology are creating compliance challenges—and where digital assets can help. Many CCOs are broadening the overall risk monitoring and testing framework, using a more holistic, organization-wide lens rather than focusing on the business-unit level.
The related monitoring systems more efficiently track risks from interconnected technologies that touch many parts of the organization. And these systems are regularly tested and validated to ensure accuracy. (This is a point of emphasis for regulators.)
Once they achieve a clearly defined scope, compliance teams can better understand and focus on their most-pressing needs. According to our survey, this stage encompasses:
- Cleaning up data sources to ensure accuracy and integrity
- Monitoring risks from third-party partners and vendors more closely
- Linking the monitoring and testing systems to advanced analytics engines that enable more forward-looking risk assessments
AI, automation, and enhanced enterprise monitoring technologies can offer immediate enhancement opportunities. For example, AI predictive models can run complex scenario analyses that focus on risk prevention rather than after-the-fact mitigation. And automation can streamline the monitoring and testing workload.
Next-gen enterprise risk management
Moving compliance from its traditional role of reactive responder/enforcer to a more forward-looking, proactive approach isn’t going to happen overnight. Many companies are just at the beginning the process of implementing advanced technologies and data-driven tools.
According to the KPMG survey, only one-third of CCOs use bots for repetitive manual processes, and just 23 percent are harnessing D&A and predictive modeling for compliance monitoring and risk management. Virtually none reported leveraging AI to perform more complex decision-making.
The case for investment
To deliver on technology’s promise, compliance leaders need to make a strong case for increased budget and expenditures to senior management and the board. A large majority of the CCOs in our survey were strategizing on the best approaches to increase budget and staff for new compliance challenges and upgraded technology.
As we outline in a related report, Implementing tech and data-driven compliance, CCOs can help their cause with hard data. They can demonstrate that compliance and related tech expenditures generate quantifiable returns, such as fines avoided, positive publicity garnered, and sales made.
Measuring the return on compliance expenditures from the start will help transform to more effective, efficient, and sustainable operations.
Take a deeper dive into our Compliance insights
Popular category topics
Insight
Regulatory Alerts
Quick hitting summaries of specific regulatory developments and their impact.
Insight
2023 KPMG Chief Ethics & Compliance Officer Survey
Anticipating more scrutiny
Insight
KPMG Chief Risk Officer Survey
Data and insights on transforming risk management to seize the power of trust.
Subscribe to receive regulatory and compliance transformation insights
By registering you will periodically receive additional compliance-related communications from KPMG.
Explore our Compliance services
KPMG’s Regulatory and Compliance Transformation services encompass a spectrum of innovative technology solutions, including:
- Compliance automation
- Compliance controls
- Regulatory change management
- Compliance risk culture
- Compliance target operating models
Meet our team
