Regulation: The right risk management attitude

How banks can prepare for expanded regulatory oversight.

The banking industry faces several challenges due to recent economic, geopolitical and regulatory developments. KPMG has identified the top 10 issues facing banks in 2022 and beyond, and in this article we examine the topic of regulation.

Avoiding the domino risk effect

As bank executives manage their institutions in 2022, they are facing heightened levels of regulatory supervision and enforcement as risks become more interconnected, regulatory “perimeters” continue to expand, and regulatory expectations rapidly increase.

Against that backdrop, banks will need to be especially cognizant of the broadening regulatory focus and prepare accordingly. 

KPMG’s Regulatory Insights has published a synopsis – “Ten Key Regulatory Challenges of 2022­’’ – that outlines specific issues we expect to be front-and-center for the financial services industry in 2022.

The 10 challenges are placed into three groups:

Rapid changes

1. Fairness and inclusion

Investor demand, public awareness, social unrest, and the priorities and directives of the Administration have focused regulatory attention on supervision and enforcement of consumer and investor protection on a broad scale and expanded the parameters of “fairness” to include all consumer touchpoints.

2. Climate and sustainability

Pushed largely by significant and widespread investor demand and facilitated by myriad voluntary disclosure frameworks, financial services companies are working toward measuring, monitoring, and mitigating their climate-related financial risk. Regulatory expectations in this area have experienced sweeping changes that will continue, with rigor, into 2022 under existing and expanded jurisdictional authority. Federal financial agencies must develop, and execute on, a strategy to quantify, disclose, and mitigate the financial risk of climate change on both public and private assets. Public policy seeks to advance “consistent, clear, intelligible, comparable, and accurate disclosure of climaterelated financial risk,” and “to mitigate that risk and its drivers, while accounting for addressing disparate impacts on disadvantaged communities and communities of color.”

3. Crypto and digital assets

Regulatory activity around crypto and digital assets is intensifying as usage by investors, companies, and even some central banks, shows widespread interest and adoption at retail and institutional levels. The regulatory landscape in the U.S. is evolving alongside the market expansion with state and federal regulators and legislators all considering approaches to add clarity. Key issues include a focus on chartering, licensing, fraud and financial crimes risks, and consumer and investor protections.

4. Platforms and conduct

Rapid developments in technology, increases in digital banking activity, growing sophistication of data collection, and the increasing influence of social media is reshaping the financial services landscape in ways never before seen or anticipated. These unprecedented times, underscored by ongoing social and economic changes associated with COVID-19, have fostered and accelerated unique advancements in the consumer experience—and given rise to new risks related to data security, fraud, and conflicts of interest.

Maintain Focus

5. Cyber & Data

The financial services regulators have called cyber risk the foremost risk to financial stability—and the Administration has called it a persistent and increasingly sophisticated threat that weighs heavily on governments and financial services companies alike. Given the highly interconnected nature of the financial services sector and its dependencies on critical third-party service providers, all participants in the financial system must implement risk mitigation and resilience initiatives relative to both frequency and impact of cyber threats. Current or emerging threats include malware (e.g., ransomware), supply chain risk, and sophisticated DDOS.

6. Fraud & Financial Crimes

The adoption of innovative technologies to improve the effectiveness of fraud and financial crimes risks management is becoming an imperative as regulators emphasize innovative approaches (e.g., machine learning, enhanced data analytics) and the preponderance of threat risks, from cybersecurity to ransomware to cryptocurrency to identity theft, are technology-driven. The Administration has prioritized many of these concerns as issues of national security, embarking on a “whole-of-government” approach; new and emerging areas of focus are tied to transparency and ESG.

7. Valuation vulnerabilities

There is a large amount of debt and leverage in some sectors of the financial system, coupled with historically elevated valuations for almost all asset classes (from corporate equities to real estate to cryptocurrencies). These areas may be susceptible to correction if rising inflation sends interest rates sharply higher; even relatively small pullbacks could have outsized impacts on asset values in market segments with concentrated or leveraged exposure. Regulatory focus on principles of fairness and competition could separately impose impacts on valuations.

Mitigate Risk

8. Third party & cloud

Driven to enhance competitiveness, expand operations, and accommodate customer needs, financial services companies are forming more numerous and complex relationships with third-party companies at significant speed and scale, including financial technology-focused entities such as cloud service providers. These relationships offer advantages but can also reduce management’s direct control of activities, which may introduce new risks or elevate existing risks for companies and their customers.

9. Tech & resiliency

Recent events, including technology-based failures, cyber incidents, pandemic outbreaks, and natural disasters, have made clear that significant disruptions are increasingly likely and can be interconnected (consider how a health crisis sparked a mobility crisis that spawned a financial crisis). Although advances in technology have improved firms’ ability to identify and recover from such disruptions, the frequency of events and potential for interconnectedness and/or interdependencies to amplify risks nonetheless underscore the need for operational resilience and are prompting leading companies to adopt a more holistic, multi-function approach.

10. Risk "complacency"

Regulators view “risk complacency” by financial service companies as a potential threat to both stakeholder trust and safety and soundness. Companies must deliberately ensure that they are guarding against overconfidence—particularly during times of business, M&A, and innovative growth—by raising risk and compliance investment and voice.

Taking Action in 2022 - Regulatory

Click on each section below for actionable steps you can take now

Prepare for expanded oversight

Higher levels of supervision and enforcement are expected across the 10 challenge areas. Technology developments, evolving markets, public awareness, and economic changes are shifting stakeholder expectations (e.g, regulators, investors, and consumers) giving rise to new risks within the current regulatory framework. Key areas that will inexorably broaden include customer service, privacy and protection, fairness, sustainability, and other important considerations.

Maintain regulatory vigilance

Frequent communication and in-depth education and training at all levels of the company can be key pillars that support a vigilant posture to keep pace with today’s expanded regulatory risk expectations. Taking these steps may help a bank better detect, prevent, and mitigate the full spectrum of risks (including operational, credit, strategic, market, compliance/legal, reputational).

Guard against overconfidence

Regulators view risk complacency by financial services companies as a potential threat to stakeholder trust as well as safety and soundness. Companies must guard against overconfidence – particularly at times of business, M&A, and innovation growth – by raising the stature of and investment in risk, compliance, information security, and audit to levels comparable to other strategic functions.

Shifting to a higher gear
Download the full report to learn about all of the key issues impacting banks in 2022 and beyond

Connect with KPMG

Amy S. Matsuo

Amy S. Matsuo

Regulatory and ESG Insights Leader, KPMG US

+1 919-664-7100