On the CAE Agenda Q3/Q4, 2025 – Financial Services
The role and focus of internal audit (IA) in financial services is evolving. This installment of the KPMG On the CAE Agenda series provides quick insights into what IA leaders within the financial services industry may be hearing, doing, and discussing with their stakeholders across the core elements of their business agendas during the second half of 2025.
Hot topics in IA and key focus areas for financial services
- Enterprise Risk Management (ERM): Focus on reconciling Non-Financial Risk issues not previously identified through audit execution
- Financial & operational resilience: Prepare for and withstand or recover from "shocks" as well as adapt to longer-term change, more stringent capital and liquidity requirements
- Auditable Entity (AE) Composition: Focus on depth of AEs and avoiding coverage being too high level. IA functions are doing deeper dive coverage reviews in areas like Financial Crimes, Compliance, Credit, Fraud, and ERM/ORM.
- Audit Report Rating & Tone: Focus on the tone of reporting appropriate accountability with remediation plans. Include more quantitative measures with qualitative guidelines.
- Auditor Judgement: Include more quantitative measures with qualitative guidelines.
- Trusted AI & Systems: Focus on the interplay between trusted systems and potential cybersecurity, privacy and national security risks
- Asset Management: The rise of alternative investment products targeting retail investors is a key current development and one in which the regulators are focused on.
- Private Markets: The democratization of the private markets is emerging as a game changer for both retail investors and asset managers and ensuring that Internal Audit is involved in assessing the governance, operational and compliance frameworks implemented is key.
Financial Crimes: Insights and IA considerations
Compliance and Risk Identification: IA should continuously monitor & track changes in financial crime regulations and financial crime risks in new products and services (risk assessments for new product launches. Results of monitoring should be defined within auditable entities and aligned with organizational priorities
Compliance Program Assessment: IA should evaluate actual financial crimes outcomes in addition to testing controls (analyze past incidents, measure the efficacy of existing prevention measures) as well as focus on high-risk products and services and the growth rate of financial crimes functions (international wire transfers, cryptocurrency, offshore banking, prepaid cards).
Analytics & AI: IA should modernize outdated monitoring and testing approaches and integrate data sources to leverage machine learning (cloud-based solutions, machine learning algorithms to detect fraudulent patterns). Leading practices include monitoring for immediate detection and response to financial crime indicators (insider threat detection, profiling, transaction monitoring, network mapping, behavioral analysis).
Dive into our thinking:
On the CAE Agenda Q3/Q4, 2025 – Financial Services
Download PDFExplore more
Insight
On the Chief Audit Executive's agenda
A pulse on what Chief Audit Executives (CAEs) are focused on, with a lens on top risks being considered.
Insight
On the CAE Agenda Q1/Q2, 2025 - Banking
Insight
On the CAE Agenda Q3/Q4, 2025– Consumer and Retail
Meet our team
