Platforms and conduct: Regulatory challenges

Unprecedented and rapid developments in data, tech, and social media are reshaping financial services.

Amy S. Matsuo

Amy S. Matsuo

Regulatory and ESG Insights Leader, KPMG US

+1 919-664-7100

Stefan Cooper

Stefan Cooper

Principal, Advisory, FS Regulatory &Compliance Risk, KPMG US

+1 267-256-1741

Chad Polen

Chad Polen

Advisory Managing Director, FS Regulatory & Compliance Risk, KPMG US

+1 412-208-6144

Rapid developments in technology, increases in digital banking activity, growing sophistication of data collection, and the increasing influence of social media are reshaping the financial services landscape in ways never before seen or anticipated. These unprecedented times, underscored by ongoing social and economic changes associated with COVID-19, have fostered and accelerated unique advancements in the consumer experience—and given rise to new risks related to data security, fraud, and conflicts of interest.

The FTC is redoubling its commitment and improving its processes to expeditiously refer criminal behavior to criminal authorities, promoting accountability and deterrence.
Lina Khan, FTC Chair, November 2021

Explore here insights from the KPMG report Ten key regulatory challenges of 2022.



Rapid changes: Platforms and conduct

Design compliant digital platforms with demonstrable and measurable customer experience, access, fairness, and inclusion principles and metrics.

Digitalization has increased consumer expectations regarding the availability of, and access to, core financial services, including payments, savings, lending, and investing. In general, they are looking for powerful, intuitive, and personalized interfaces to conduct transactions through multiple and interconnected channels (e.g., online, mobile, phone, in person) on an anytime, anywhere basis. Social media is a benchmark, having set expectations for personalized experience that are now carried through to financial services by fintechs and Big Tech companies with access to vast stores of data.

Regulatory considerations on the horizon will include:

  • Companies’ commitment to reach unbanked, underbanked, and underserved populations through digitally-enabled products and services offered directly or through partnerships and affiliations.
  • Payments processing issues, such as fee amounts, frequency of charges, charge-backs, type of transaction, ordering of debits, third-party risk management, and marketing and disclosures. 
  • Open banking initiatives, and in particular the CFPB’s rulemaking for section 1033 of the Dodd-Frank Act to facilitate the portability of consumer financial transaction data. Notably, there are industry-led initiatives to establish data-sharing networks and adoption of an API technical standard. 
  • Data capture and use. CFPB is actively reviewing the policies and practices of consumer data collection by Big Tech payment systems, as well as their protection and use of that data; findings could inform initiatives related to open banking and faster payments. Separately, the Administration has encouraged FTC to consider rulemakings related to unfair data collection and surveillance, and unfair competition in major internet marketplaces.  
  • “Gamification” - including behavioral prompts, differential marketing, game-like features, and other elements or features designed to engage with retail investors on digital platforms. 


Ensure data quality and integrity controls between the digital platform and the broader surveillance architecture at critical data handoffs in the workflow in order to maximize the integrity of the market conduct surveillances.

  • The rapid expansion of remote access and digital activity has increased the number of access points to customer data, significantly increasing the risk of fraud and financial crime. Areas of vulnerability include new marketplace platforms, online payments, peer-to-peer payment apps, online account opening, synthetic identity fraud, and increasingly sophisticated malicious actors. New FFIEC guidance outlines effective risk management principles and practices to address weak access management and authentication controls.   
  • The shift toward digitalization poses regulatory challenges to the oversight of financial services. Relying solely on traditional supervisory tools, such as on-site examinations, has become less practical as digital markets evolve rapidly and new entrants (such a “digital natives”) join the market. Regulatory expectations have evolved and financial services companies should anticipate tools will be developed or integrated enabling supervisors to leverage data and technology to oversee increasingly digitized markets more efficiently and effectively.


Assess, make needed changes, and actively surveil and mitigate conflicts of interest and market conduct risk.  

Growing levels of scrutiny now surround long-standing - and some new - market practices that may present conflicts of interest for broker-dealers, exchanges, and wholesalers and could put fair market conduct at risk for investors. Regulators are looking at:  

  • Payment for order flow (PFOF). Both SEC and FINRA have highlighted the potential for conflicts of interest arising from PFOF. SEC has suggested that, because of opacity in the markets, investors may not always receive the “best price.” Potential actions to address PFOF might encompass prohibitions, new disclosure, changes to tick sizes or the settlement cycle, or new rules related to DEPs.
  • Optimization. Predictive analytics and other features of DEPs designed to increase revenues, data collection, or customer engagement may lead to conflicts of interest between the platform and investors.  
  • DEPs and Best Interest. The use of artificial intelligence, sophisticated algorithms, and game-like features may serve to encourage an investor to engage in more frequent or more risky trading than in the absence of DEPs, potentially blurring the line between solicited and unsolicited transactions. Regulation Best Interest protections would apply if the DEPs are determined to provide recommendations or investment advice. 


Heighted regulatory focus on investor protections and conflicts of interest will assure continued attention on:  

  • Conflict disclosures and handling practices, including fees, expenses, and compensation arrangements. 
  • Payment practices including discounts, rebates, fee reductions, and/or credits around best execution. 
  • Real-time monitoring of trading practices in an effort to identify, document, track, and report existing and potential conflicts of interests for evaluation and mitigation.


Ten Key Regulatory Challenges of 2022

The year 2022 brings high levels of risk and regulatory supervision and enforcement. Regulatory “perimeters” continue to expand, and regulatory expectations are rapidly increasing. All financial services companies should expect high levels of supervision and enforcement activity across ten key challenge areas. Read the full report to learn more.

Subscribe to our mailing list to receive our Regulatory Alerts and Points of View.