Top risks for Consumer & Retail businesses in 2021

Key steps to help consumer and retail organizations manage risk

Duleep Rodrigo

Duleep Rodrigo

National Advisory Leader, Consumer & Retail, KPMG US

+1 949-278-2899

Marc Miller

Marc Miller

Partner, Forensic Network Leader, KPMG US

+1 212-872-6916

Recent KPMG consumer research suggests that attitudes about finances remain unchanged since the start of the COVID-19 outbreak, with 43% of consumers reporting feeling financially overwhelmed and sensitive. Yet in the latest KPMG CEO Outlook pulse survey – fielded in July and August 2020 – 76% of Consumer & Retail CEOs indicated they are more confident now about economic growth for their country and industry than they were before COVID-19.

Despite executives’ optimism, risks remain, and shifts in consumer behavior underpin many of these risks. When we asked CEOs about the greatest threats to growth before COVID-19, a return to territorialism and environmental/climate change risks emerged as the top two threats (cited by 28% and 22% of respondents, respectively). But when we followed up this summer, the threat landscape had shifted.

In the latest survey, 31% of Consumer & Retail executives said supply chain is a key risk, with 21% of respondents still pointing to the related threat of a return to territorialism. CEOs also increasingly cited threats related to emerging/disruptive technology (from 7% before COVID-19 to 21% after) and talent (surging from 1% before COVID-19 to 14% after).

Interestingly, in the latest survey, just 3% of respondents cited environmental/climate change as a risk. The same percentage said that cyber security is a significant threat – a finding that seems out of sync with recent surges in cyber incidents, which have been exacerbated by the present circumstances.

These new CEO Outlook findings underscore some of the most pressing challenges facing the industry – and point to critical opportunities for underlying business transformation.

Supply Chain & Return to Territorialism

It comes as no surprise that supply chain topped the list of threats in the minds of consumer and retail leaders. After all, the global challenges left many consumer goods companies without essential raw materials and had some retailers scrambling to keep shelves stocked for customers. Meanwhile, other retailers have faced the opposite disruption: an abundance of out-of-season or obsolete inventory and diminished channels to liquidate it effectively.

As companies rush to meet these challenges, we’re seeing many companies migrating key parts of their supply chains to different geographies. In doing so, they may accelerate supplier onboarding and inadvertently incur new third-party risks. In some cases, those new third parties are outsourcing to their own third parties – that is, fourth parties or strategic partners – fueling yet another level of risk. We are seeing similar shifts and increasing risks in the area of logistics with ever-increasing demand to fulfill the last mile.

 The recent  KPMG Global Third Party Risk Management (TPRM) Outlook 2020 survey affirmed the rise in third-party threats. More than three-quarters of cross-industry respondents indicated that third-party risk management is a strategic priority for their business – especially since an organization’s reputation is linked to the performance of its third parties. The same percentage admitted that increasing the consistency of third-party risk management across their enterprise is an urgent priority.

As with third-party risks, the return to territorialism poses another threat to many consumer and retail organizations. A migration to economic nationalism – that is, a “make-where-you-sell-and-buy-where-you-make” approach – has gained momentum in recent years. And the trend is intensifying as nation-states continue responding unilaterally to COVID-19.

Emerging/Disruptive Technologies

For consumer and retail organizations, the global challenges have turned some digital disruptions – from buy online, pickup in store to contactless payment solutions – into must-have investments. Although CEOs may perceive that the greatest technology risk is failing to innovate (or to innovate with sufficient speed), too much emphasis on the “disruptive” may shortchange other workhorses of an IT environment. A strategic, proactive approach to technology risk management can help balance the need for speed with the necessity of mitigating business and technical risks.


Qualified candidates are in high demand, and many are willing to make moves – especially in an increasingly “work-from-anywhere” environment. Remote work is the new normal, and while it creates tremendous opportunity for both businesses and employees, there are considerations CEOs must address.  How does this model impact organizational culture? Have policies been created – and fully implemented – to reflect greater use of remote work? More specifically, how are internal controls being managed and monitored to ensure compliance? During times of crisis – when many employees experience impacts to their compensation – the risk of fraud increases. Employees may feel business pressure to manipulate sales and other metrics that affect commission and bonus structures, which could also lead to inaccurate reporting of financial metrics for the company overall. At the same time, employees may be less inclined to report concerns. Addressing culture – while balancing flexibility and control – is key to managing these and other talent risks.

Managing Strategic Risks

Especially in challenging times, organizations may find their time splintered across multiple initiatives focused on piecemeal business improvements. It is critical to manage these risks not in silos but strategically across multiple business owners, business units, functions and geographies.

It’s important to recognize how these risks interconnect with many other organizational risks. What’s more, risk velocity – the speed at which risk changes – has increased during these times. Given those realities, organizations should consider the following:

Continuous risk assessments. Conduct comprehensive risk assessments that effectively identify both current and emerging risks on a more frequent basis. Doing so can help organizations avoid blind spots and unintended breakdown of controls resulting from COVID-19. Depending on an organization’s impact from the recent challenges and risk tolerance, we recommend a quarterly update to the risk assessment.

Third Party Risk Management (TPRM). Ensure a clear vision about who will own TPRM and where it will live within the organization. Implement an approach that enables ongoing assessment and remediation of third parties, as well as continuous improvement of the TPRM function.

Communication and early action. As issues get raised, the ability to effectively communicate within the organization and act early to course correct can help mitigate risks. Reinforcing an organization’s culture and values can also be effective tools to leverage in these instances.    

These steps can help your organization outline a course of action and then manage the interrelated risks that arise along the way. After all, every risk is best handled in the context of the larger vision for how the business will operate, how it will differentiate, and how it will thrive in the market.