5 mounting pressures require the accelerated transformation of the risk function – New KPMG Chief Risk Officer survey finds

Organizations are facing an increasingly complex risk landscape due to various factors including volatile market conditions, mounting compliance requirements and rapid technological change and digitization. Risk functions are balancing pressures to adapt to this fast-moving environment and increased regulation. Today's risk leaders are tasked to align the risk strategy to the growth strategy and enhance overall trust and resilience. A robust, modern risk function has become vital to an organization's health and future.

Chief Risk Officers (CROs) are facing five mounting pressures – de-risking, growth and strategy, regulatory compliance, effectiveness & efficiency, and cost-takeout - that require the acceleration in the transformation of the risk function to adapt to change, according to the new 2023 KPMG Chief Risk Officer survey. In fact, CROs said that the greatest challenges in risk management also rank within the top areas they feel least prepared to address.

“Organizations are facing shifting pressures and interrelated threats that require CROs to rapidly transform risk strategies and simultaneously address immediate and long-term priorities,” said Tim Phelps, Risk Service Leader, KPMG LLP. “The economic and geopolitical environment is only growing more complex. This volatility demands new, more efficient and effective ways of identifying and managing risks to ensure organizations maintain stakeholder trust.

A CRO’s role is expanding beyond traditional risk management and into navigating threats early and effectively, while driving cost efficiencies and ensuring compliance to deliver business growth.”

These 5 mounting pressures are accelerating changes in organizations’ risk management function:

1. De-risking:

• CROs say the most significant future risks are also those that they feel least prepared to address: regulatory/compliance risks (28% moderately prepared or worse), economic downturn/recession (40% moderately prepared or worse), and macro/geopolitical risks (37% moderately prepared or worse).
• Technology disruption (such as generative AI) and outdated systems rank as middle-of-the-road threats in the eyes of CROs, while 70% of CROs say they are well prepared or very well prepared to address these risks.
• The majority of CROs, 80%, are also confident in their organizations’ ability to handle cybersecurity threats and data breaches today, while 53% rank cybersecurity measures a priority risk area to modernize in the next 2 years.

2. Growth or strategic change:

• 82% of CROs indicated that they have a high level of support from the C-suite in terms of sufficient budget and attention to risk management. Most of those that lack support say they want greater alignment of risk management to business strategy.
• The risk activities set to be strengthened most over the next 2 years are emerging risk and trend analysis, risk strategy alignment with the business, and data analytics and predictive modelling.

“The strategy of the risk function should align with the organization’s business objectives and CROs have to ensure that they are helping the c-suite make decisions and investments where there is greater certainty of upside and reduced severity of downside, which is ultimately how risk leaders can drive organizational value,” said Brian Hart, U.S. Network Leader - Financial Services Risk, Regulatory and Compliance, KPMG LLP.

3. Compliance risk:

• It is no surprise that regulatory and compliance issues are the biggest expected risk management challenges in the next 2-5 years.
• Regulators/government agencies (33%) and stakeholders/investors (22%) are creating the most pressure and interest around risk management.

“CROs should ensure that compliance and other risk activities are agile, tech-enabled, strategic and support business growth, while allowing for adaptation to new or evolving regulatory requirements,” added Hart.

4. Effectiveness and efficiency:

• 88% of organizations will increase risk management budgets by at least 5% in the next 12 months.
• CROs cited artificial intelligence (AI) and machine learning (ML) as the most vital digital tools to accelerate risk management processes in the next five years, followed by cloud and cyber solutions.
• Three-quarters of companies use AI and ML in their risk management practices, with the leading use cases being monitoring success of implemented tools and considering technical feasibility and alignment with organizational capabilities.
• CROs are also focused on building out the skills and capabilities on their teams, particularly in:  improving data, analytics and visualizations/dashboards; increasing training for employees in targeted areas; and increasing diligence in policy management, controls and employee accountability.

“Organizations can turn risk management into a competitive advantage by harnessing technology to more efficiently and effectively manage risk, as well as meet or even exceed stakeholder expectations,” said Lisa Rawls, Americas Governance, Risk and Compliance Technology Service Network Leader, KPMG LLP. “CROs need to ensure that the digital acceleration of the risk function is in sync with their organization’s transformation goals and is supported by organizational changes.”

5.  Cost takeout:

Cost takeout is the reduction in the overall costs associated with the governance, maintenance, oversight and execution of risk requirements and practices.

• The top areas organizations will consider outsourcing are: strategic risk management and planning (33%); financial risk analysis, including market, liquidity, and credit risks (33%); cybersecurity and threat protection services (33%); and technology-driven risk management, such as AI/ML implementation and oversight (32%).

“In their modern approach to risk management, CROs can make the best use of technology and talent to lower costs while improving risk posture,” added Phelps.

About the survey:

From July to September 2023, KPMG LLP conducted an online survey of 390 enterprise risk officers representing U.S. organizations across 6 industry sectors with at least $4 billion in annual sales or $25 billion in assets under management.

To learn more about the results of the 2023 KPMG Chief Risk Officer survey, or to arrange an interview with Tim Phelps, Brian Hart or Lisa Rawls, please contact Andreas Marathovouniotis.

About KPMG LLP

KPMG LLP is the U.S. firm of the KPMG global organization of independent professional services firms providing audit, tax and advisory services. The KPMG global organization operates in 143 countries and territories and has more than 265,000 people working in member firms around the world. Each KPMG firm is a legally distinct and separate entity and describes itself as such.

KPMG is widely recognized for being a great place to work and build a career. Our people share a sense of purpose in the work we do, and a strong commitment to community service, inclusion and diversity and eradicating childhood illiteracy. Learn more at www.kpmg.com/us.