Skip to main content

07 Ensuring Resiliency

Ten Key Regulatory Challenges of 2026

Columns

A growing focus on organizations’ preparedness to withstand or recover from significant market stresses and disruptions that may impact non-financial operations (e.g., cybersecurity, technology) and financial risks (e.g., capital, liquidity).

Ten Key Regulatory Challenges of 2026


“As banks advance their ambitions for expanded reach, management teams must operationalize strategic roadmaps that will enable them to thrive with a more competitive peer group.” 

KB Babar
Principal
Advisory


“Resilience is not achieved through isolated disciplines. Operational Resilience, Business and IT Continuity, and Incident and Crisis Management must converge into a single, integrated program—one that anticipates, absorbs, and adapts to disruption. Only through harmonized processes and unified oversight can organizations build the agility and strength required to thrive in an increasingly uncertain world.” 

Prince Harfouche
Principal
Advisory


“Tools such as AI and cloud services add complexities to an already complicated and interconnected environment. The speed with which these technologies are changing and the increasing reliance on them means organizations must continuously adapt their risk management, compliance, and operational strategies to keep pace with evolving threats and opportunities.” 

David Tarabocchia
Principal
Advisory

Business Continuity & Resiliency Planning

07 Ensuring Resiliency

In response to increasing threats to information and technology security and complex interdependencies (e.g., supply chains, third-party service providers), regulators expect organizations to develop plans addressing critical functions, service-level agreements, and significant disruptions. Areas of focus include:

  • Plan creditability (to maintain business continuity).
  • Testing for critical operations and related third parties.

Consideration of easing expectations for some entities given certain overlapping requirements.

Examples

What to Watch

Actions from financial services regulators, including:

  • Planning focused on “most relevant” information (e.g., FDIC FAQ)
  • Potential easing of overlapping requirements (e.g., FDIC Statement (Hill) re: filers of FDIC IDI Rule and FDIC/FRB Title I plans; CFTC withdrawal of proposed operational resilience framework)
  • Scrutiny of catastrophe resilience, pre-disaster planning, and cybersecurity (e.g., state laws related to P&C insurance)

Actions from other regulators including requirements for medical device supply chain disruption reporting (FDA) and data sharing on grid reliability (DOE).

  • Possible FDIC proposal to, at a minimum, codify its 2025 FAQs into the agency’s IDI Rule and potentially also to streamline elements of the IDI Rule; concurrent consideration of streamlining requirements for entities filing pursuant to both the IDI Rule and the Title I Rule for BHCs
  • Forthcoming compliance requirements with the OCC Recovery Planning Guidelines (staggered requirements beginning January 1, 2026) alongside a proposal to withdraw the Guidelines and related planning requirement
  • Evolving/expanding regulatory expectations around operational resilience risk management practices (e.g., identifying critical operations and mapping interdependencies)
  • Continued interagency collaboration on operational resilience 

Technology Interconnectedness

07 Ensuring Resiliency

Elevated levels of operational risk reinforce the importance of operational and technology resilience, business continuity and incident response plans. 

Risk attributed to cybersecurity and technology management largely due to third-party concentrations (e.g., cloud providers, FMUs, “off the shelf” software), increasingly sophisticated threat actors, and prolonged use of legacy systems.

Examples

What to Watch

  • OCC Semi-Annual Risk Perspective 2025
  • OCC, FDIC 2025 Reports on Cybersecurity and Resilience
  • Near-term risks in cyber resiliency and TPRM (e.g., FRB Statement (Barr))
  • Top key risks including concentration risk, emerging technologies, and tech vulnerabilities (e.g., Treasury Financial Sector Risk Management Plan)
  • Continued interagency coordination on operational resilience and cybersecurity supervision for large, complex, interconnected entities and significant third parties engaged in the delivery of critical services
  • Continued interagency participation in FFIEC committees on cybersecurity, critical infrastructure and IT to share and align supervisory practices and efforts
  • Potential reforms to IT examinations
  • Heightened regulatory expectations for concentration risk assessments and contingency planning for critical service provider outages
  • Potential for changing expectations related to cyber and ICT risk management, incident reporting, and third-party risk management along with resiliency planning, monitoring, and testing based on international requirements (e.g., DORA)

Capital & Liquidity

07 Ensuring Resiliency

Actions to tailor regulatory requirements for elements of capital and liquidity based on institution size and risk, as well as providing for increased attention to transparency and accountability.

Examples

What to Watch

  • Consideration of capital “modernizations” including stress testing, Basel III, community bank tailoring, indexing thresholds (e.g., Statements from FRB, FDIC, Treasury (Bowman, Hill, Bessent))
  • Proposal to amend the ESLR (e.g., FRB, OCC, FDIC Interagency release)
  • Proposals to reduce stress testing volatility and increase transparency (e.g., FRB, OCC, FDIC interagency release)
  • Delay and reevaluation of liquidity risk management reporting (e.g., SEC Form N-PORT)

Continued focus on capital and liquidity “modernization” including:

  • Final interagency rules on ESLR, transparency in stress test models and scenario development, and averaging of stress test results and related stress capital buffer
  • Revision of the Basel III Endgame proposal
  • Tailoring of community bank capital requirements, including the CBLR

Reassessment of the liquidity framework including:

  • The role of the discount window and FHLBs
  • Access to Federal Reserve “master accounts” as well as consideration of “skinny master accounts”
  • Potential OCC codification of contingency funding plan expectations

07 Ensuring Resiliency

Read the document

Download the Section

Dive into our thinking:

Ten Key Regulatory Challenges of 2026

Balancing the Regulatory Stack

Download PDF

Explore more

Points of View

Points of View

Insights and analyses of emerging regulatory issues and their impact.

Read more
Regulatory Insights View

Regulatory Insights View

Series covering regulatory trends and emerging topics

Read more

Regulatory Alerts

Quick hitting summaries of specific regulatory developments and their impact.

Read more

Get the latest from KPMG Regulatory Insights

KPMG Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments.

Subscribe

Meet our team

Image of Laura Byerly
Laura Byerly
Managing Director, Clients & Markets, Regulatory Insights, KPMG LLP
Read bio
Image of Khuram "KB" Babar
Khuram "KB" Babar
Partner, Advisory, FS Risk, Regulatory & Compliance, KPMG LLP
Read bio
Image of Prince Harfouche
Prince Harfouche
Principal, Advisory, FS Risk, Regulatory & Compliance, KPMG US
Read bio
Image of David Tarabocchia
David Tarabocchia
Principal, CIO Advisory , KPMG US
Read bio
Image of Laura Byerly
Laura Byerly
Managing Director, Clients & Markets, Regulatory Insights, KPMG LLP
Read bio
Image of Khuram "KB" Babar
Khuram "KB" Babar
Partner, Advisory, FS Risk, Regulatory & Compliance, KPMG LLP
Read bio
Image of Prince Harfouche
Prince Harfouche
Principal, Advisory, FS Risk, Regulatory & Compliance, KPMG US
Read bio
Image of David Tarabocchia
David Tarabocchia
Principal, CIO Advisory , KPMG US
Read bio

Thank you

Thank you for signing up to receive Regulatory Insights thought leadership content. You will receive our next issue when we publish.

Get the latest from KPMG Regulatory Insights

KPMG Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments. Get the latest perspectives on evolving supervisory, regulatory, and enforcement trends. 

To receive ongoing KPMG Regulatory Insights, please submit your information below:
(*required field)
All fields with an asterisk (*) are required.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred. Please contact customer support.

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2026 KPMG LLP, a Delaware limited liability partnership, and its subsidiaries are part of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.
All fields with an asterisk (*) are required.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline