A Mid-year Look Forward on the Ten Key Regulatory Challenges of 2024

2024 is shaping up to be remembered by financial services organizations as a year of regulatory challenge marked by three factors:

a. Exam Findings and Remediation:

• Across areas of financial and nonfinancial risk, including data, AML, third party, trade surveillance, and e-communications.   
• Multi-year examination resolution and remediation time/costs.  

b. Regulatory Discord:

• Legal challenge on new rulemaking
• State to state and state to federal discordant rules
• High reputational, operational and compliance risks

c. Frameworks and Existing Regulations:

• Issuance of frameworks/ guidance (versus new rulemaking)
• Use of existing regulations in supervision and enforcement to new areas/products

“From robust supervision to state, federal and global regulatory discord to election-year uncertainty—regulatory intensity is driving corporate costs as well as high anxiety,” said Amy Matsuo, Regulatory Insights Leader, KPMG LLP. “Going forward, regulators may shift their focus towards supervision and enforcement of existing rules rather than extensive rulemaking.”

(note: Additional comments from KPMG LLP financial services leaders are below)

Supported by the KPMG Regulatory Insights Barometer, which assesses areas of regulatory pressure and direction of change, the report covers mid-year perspectives on the 10 key regulatory challenge areas identified for financial services companies in 2024, and insights on what is expected looking forward to the second half of the year:

1. Regulatory Intensity

As of mid-year 2024, we are seeing a shift away from “net-new” rulemakings and toward a stringent supervision and enforcement of existing rules and the use of frameworks/guidance in lieu of new rules. Uncertainty around the 2024 election outcome, and how different administrations could potentially impact upcoming regulatory, supervisory, and enforcement activities, prompted a rush of rulemakings in 2023 and in the first half of 2024.

Risk Management & Governance:

2. Regulatory Intensity – There are regulatory expectations for robust risk management and governance, with an expanding focus on operational and compliance risk. Continued application of, and exam intensity around, heightened standards is expected in the future, across risk pillars and within risk areas.

3. Risk Sustainability – There are regulatory expectations for adoption, functionality, continuous improvement and "sustainability" of risk processes and functions across governance, risk assessments, internal controls, issues management, and challenge. Ongoing supervisory attention to the sustainability of processes is expected for the remainder of the year, particularly around operational resilience, as well as its link to other areas of non-financial risk management.

Financial Risk:

4. Growth & Resiliency – There is ongoing and increasing regulatory focus on capabilities related to liquidity and interest rate risk management, contingency funding, and resolution planning.

5. Capital & Valuations - Regulatory expectations are “leveling-up” on financial risk management practices, with areas of focus that include capital, liquidity and interest rate risk, CRE and consumer credit, strategic planning, board oversight, and reporting. Going forward, there are heightened expectations and supervisory focus in compliance with existing guidance and rules around financial, operational, and risk calculations, as well as on CRE risk management loan classification, regulatory reporting, and accounting considerations on estimating loan losses.

Consumer/Investor Protection:

6. ‘Threat Actors’ – There has been supervisory focus on the expansion of perceived threats and vulnerabilities. Ongoing focus is expected around maintaining comprehensive, compliant BSA/AML/CFT programs, sanctions compliance, and data lineage and quality, transaction monitoring, and threat mitigation and vulnerabilities.

7. Fairness – We have seen legal challenges to rulemakings and a focus on fees and "product risk.” Increasing supervision and enforcement is expected in expanding areas with legal challenges adding to uncertainty and discord around fairness regulations.

Tech and Data Risk:

8. Responsible Systems – Scrutiny of technology, operations, and model/”model-like” use (including AI/GenAI), is ongoing, with a focus on vulnerabilities, security, privacy, explainability, fairness, and integrity. Evaluating AI technologies, conducting ‘red-teaming’ tests, facilitating consensus-based standards and providing testing environments is expected going forward.

9. Security & Privacy – There are ongoing regulatory concerns around data security, management, and privacy driven by security risks spanning cyber and technology to operational, physical, and third parties. Supervision and enforcement of management and oversight of security-related risks is expected, including processes, reporting, remediation, and recovery, as well as supervision and enforcement of compliance with security-related rules and requirements.

10. Data – There is demonstrable and sustainable implementation of heightened standards throughout the data lifecycle. Going forward, increased regulatory scrutiny is expected around governance, universe & tiering, lineage, and management.

Additional KPMG financial services leaders share Amy Matsuo’s views on the regulatory environment:

• “Financial services companies are facing a high degree of regulatory supervision and enforcement related to risk management and governance, accountability and transparency,” said Rob Fisher, Line of Business Leader, Financial Services, KPMG LLP. “We expect more stringent supervision and enforcement in the future, along with heightened standards.”
• Peter Torrente, National Sector Leader, Banking & Capital Markets, KPMG U.S., said, "In this age of compound volatility, banks continue to confront economic uncertainty, geopolitical risks, and a dynamic regulatory landscape. The ability to anticipate and swiftly respond to the immediate challenges of the present will be vital for banks to attain their longer term aspirations."
• “Regulators must keep up with the fast-changing risks posed by factors like climate change and artificial intelligence,” said Scott Shapiro, KPMG Insurance Sector Leader. “Insurance companies can gain a competitive advantage by optimizing and adapting to regulatory changes, which will help ensure financial stability and consumer protection.”

Methodology:

The KPMG Regulatory Insights Barometer uses a 10-point scale to assess upcoming regulatory pressure and direction of change. It assesses three attributes for each challenge area: volume, complexity, and impact, and combines them to arrive at a single weighted average indicator of regulatory intensity.

To learn more about the Ten Key Regulatory Challenges of 2024: Mid-year Look Forward report, or to arrange an interview with Amy Matsuo, please contact Andreas Marathovouniotis.

# # #

About KPMG LLP

KPMG LLP is the U.S. firm of the KPMG global organization of independent professional services firms providing audit, tax and advisory services. The KPMG global organization operates in 143 countries and territories and has more than 273,000 people working in member firms around the world. Each KPMG firm is a legally distinct and separate entity and describes itself as such.

KPMG is widely recognized for being a great place to work and build a career. Our people share a sense of purpose in the work we do, and a strong commitment to community service, inclusion and diversity and eradicating childhood illiteracy. Learn more at www.kpmg.com/us.

____________________