Compliance risk challenges in financial services

Regulators are looking more closely at the effectiveness of compliance programs. Explore challenges, regulatory pressures and actions to take.

The disruptions that affected all industries in 2020 will forever reshape the financial services industry. With such changes come regulatory and public policy challenges and concerns, which in 2021 will begin to inform the future, altering our view of the course to take. 

Here, from the KPMG report Ten key regulatory challenges of 2021, we share insights related to compliance risk.


The disruptions from 2020 caused an almost untenable pace of change to operations and risk within compliance departments. However, the prospect of additional “waves” in the COVID-19 pandemic as well as the likelihood of additional economic stimulus measures will push strains on compliance staff and governance processes well into 2021. So far, the most significant challenges include:

  • redeployment of resources to immediate operational needs/demands and a high degree of waivers/exceptions given immediacy of operational needs
  • reprioritization of compliance activities due to quickly emerging and evolving disruption risks coupled with resource constraints (e.g., delayed accelerated training, testing/auditing schedules, remote workforce)
  • rapid roll-out of complex government stimulus programs with ongoing iterative changes and expedited delivery to market
  • increased compliance risks (as some risk assessments rendered obsolete by emerging risks, requiring new ways to assess risk and leverage data and technology to enable real-time risk analysis) and misconduct risk (such as insider trading, PII use, fraud, and phishing)
  • providing additional and/or new communications, training, monitoring and data analysis sufficient to maintain compliance amid new regulatory and supervisory expectations.

In spite of the disruptions, or perhaps because of them, regulators are looking more closely at the effectiveness of compliance programs. In particular, they expect compliance programs to be evaluated on an ongoing basis, technology-enabled (using automated analytics/AI, digitized data and processes), linked to a firm’s enterprise risk management, and revised based on relevant operational data and information as well as “lessons learned.” Regulators also expect firms to further invest adequate resources into the compliance function to address evolving/enhanced skillsets, including staffing, training, structure, and stature.

Regulatory pressures

Similar to the regulatory focus for overall enterprise risk management, the compliance risk area will continue to be assessed to ensure the sound establishment, use, and effectiveness of the organization’s compliance management system. 

Shifts in public policy due in part with an Administration change may significantly change prior regulatory accommodation, as well as regulatory expectations in both specific areas of risk and compliance (e.g., ESG and climate) and overall compliance management systems. Changes in agency leadership and direction will likely intensify regulatory supervision and enforcement.

The unique nature of the disruptions tied to the COVID-19 response will direct regulatory attention toward full and accurate implementation of policies and procedures designed to meet the applicable laws and regulations and consumer protections related to loan underwriting, new account opening, monitoring customer activity, processing transactions, modifying loans, servicing loans, and communicating with customers given the:

  • ongoing economic uncertainty and consumer financial insecurity tied to high unemployment, potential future shutdowns, and the unknown magnitude or composition of any possible stimulus package
  • risk of fraud associated with the urgent roll-out of stimulus fund programs and the rising number of investigations and charges being brought, especially in conjunction with the PPP
  • risk of disparate impact and disparate treatment associated with the urgent roll-out of stimulus fund programs and public attention drawn by the number of related consumer complaints and lawsuits
  • multiplicity of federal, state, and local assistance programs with varying applications, requirements, and timing in addition to actions taken by individual institutions
  • complicated and iterative changes to obligations under the assistance programs in addition to actions by individual institutions (e.g., extensions of temporary rules, relief)
  • rapid regulatory process changes required combined with high transaction volume
  • various workforce constraints, including remote locations, absenteeism, training, monitoring, and surveillance
  • customer interactions, including increased call center activity, error resolution related to new product/service implementation, requests for accommodations
  • deferred actions and other departures from standard processes due to the introduction of new priorities and redeployment of resources.

7 actions to take

In order to maintain stability and respond to regulatory pressures, financial services institutions should consider taking the following actions:

  1. Keep finger on the pulse of rapidly changing federal, state and local obligations related to foreclosures.
  2. Strengthen fraud and employee misconduct controls, including surveillance and fraud prevention programs that address ongoing remote working conditions and staff constraints.
  3. Increase the frequency at which you refresh risk assessments in order to account for the new environment.
  4. Increase the frequency at which you refresh and validate risk and compliance core data.
  5. Strengthen integration of compliance within the business, taking advantage of opportunities to embed compliance resources and new functionalities alongside large operational shifts.
  6. Know when to curtail accommodative strategies on loan modifications and loosened underwriting standards.
  7. Evolve consumer and investor standards and controls to heightened and changing regulatory risks and expectations (e.g., ADA, underbanked, protected classes, elderly protections, CRA, Best Interest).

Amy S. Matsuo

Amy S. Matsuo

Regulatory and ESG Insights Leader, KPMG US

+1 919-664-7100
Todd Semanco

Todd Semanco

Partner, Advisory, FS Regulatory & Compliance Risk, KPMG US

+1 412-232-1601
Damian Plioplys

Damian Plioplys

Advisory Managing Director, FS Regulatory & Compliance Risk, KPMG US

+1 212-872-7959