Risk management isn’t just about controlling threats. It can also enable growth through resilience and trust.
When you can bounce back from disruption, you can grow with confidence. And when you earn the trust of regulators, customers, and other stakeholders, they give you the permission to make bold moves, from product launches to market expansion.
That’s why progressive companies align their risk strategies to their growth goals, while ensuring they can manage fast-evolving risks. Two of the biggest, according to the KPMG 2023 Chief Risk Officer Surveyopens in a new tab, are regulatory changes and cybersecurity.
An emerging operating model
In response, nearly 90 percent of CROs in the US survey said they plan to increase their risk management budgets over the next 12 months, and about a third of them are considering outsourcing strategies to help.
One such strategy is managed services. In this model, leading service providers are not transactional processors. They are strategic collaborators who combine advanced tech, data management, sector expertise, and advisory capabilities to deliver critical risk processes — packaged in a multi-year subscription with predictable costs.
Modern providers drive growth-enabling outcomes like stakeholder trust, customer retention, organizational agility, and operational resilience — while also reducing the cost of operations.
Top hurdles in the next two to five years
In the survey, 42 percent of CROs said that regulatory compliance issues, marked by increasing scrutiny from regulators, are their most significant challenge, while 38% cited cybersecurity. Managed services are helping on both fronts:
1. Compliance risk comes in the form of new and emerging regulations, noncompliance with existing regulations, and a company’s relationship with regulators. It can be especially challenging for multinational organizations since jurisdictional regulations — from General Data Protection Regulation (GDPR) to Know Your Customer (KYC) — can change on a dime.
With the right tech and talent, leading providers can automate policies, perform ongoing analysis, continually evolve them to meet new requirements, integrate compliance tech with core business systems, and more. Outcomes can include faster customer onboarding, enhanced reputation, and agile adaptation to market change.
2. Cyber threats and data breaches, meanwhile, have a way of slowing down a company’s growth ambitions. That’s why some firms are seeking providers with capabilities like 24x7 monitoring, hypothesis-driven threat hunting, and a single-pane view that unifies all alerts, investigations, threat intelligence, and controls into one source of cybersecurity truth.
These providers can take responsibility for ongoing threat detection, containment and response, as well as related areas like application security, data protection, and identity & access management. Results can range from faster software development to higher customer loyalty to confidence in launching new services.
In a volatile business environment, risk functions must continually improve their effectiveness and efficiency, while also supporting the growth strategy. In some cases, that requires a new operating model, and managed services is a key consideration.
Learn more about KPMG Managed Services.
Our people
David J. Brown
Global Head, Managed Services, KPMG International and Principal, Advisory,
KPMG in the U.S.
