The shifting terrain of the regulatory landscape is a given. For global financial organizations, this can require monitoring more than 750 regulatory sources and tracking over 65,000 laws, rules and citations. There are two ways organizations can respond to this new reality. They can develop a strategic vision that deals with change by leveraging digital and automation capabilities. Or they can fall behind and pay the price.
Our client, a global financial services firm, chose the first option — and began building a broad and thorough risk and compliance global framework that would help identify and manage their compliance efforts across more than 25 jurisdictions and 30 legal entities around the world.
While our client had a risk and compliance management program in place, many of its manual processes couldn’t keep pace with the speed, volume and complexity of today’s dynamic regulatory ecosystem. This made it inevitable that some regulatory requirement obligations could fall into gaps where roles and responsibilities were not clearly defined—or where ad hoc activities might not be triggered.
Developing an enterprise-wide risk and compliance framework with the agility to provide consistent, comprehensive, and sustainable oversight was chief among the board’s and senior management’s objectives. Once the framework is in place, the client can move beyond time-consuming and error-prone manual processes and take advantage of automated approaches to help anticipate obligations, increase efficiencies, address the rising cost of compliance, improve decision making—and meet regulator and stakeholder expectations.
Like many of its peers, our client relies on three lines of defense to manage regulatory obligations. Lines of business cover controls; compliance and legal provide oversight; and audit backs these with extensive review.
Working alongside our client in its multiyear journey, our KPMG team is helping to develop an advanced risk and compliance framework. This model will eventually adopt innovative technologies that will streamline how critical information is identified and delivered to these lines of defense based upon their strategic vision. This includes mapping regulatory responsibilities across the organization, compiling applicable laws and rules, creating risk statements in plain English, and developing thorough risk statement standards.
Once completed, the project will provide a global risk and compliance framework that fully supports the client’s vision—and delivers value and competitive advantage for years to come.
Innovative technology can help you identify upcoming regulatory changes, see where these may apply, and anticipate how they might affect your organization in the future.
When it comes to regulatory obligations, knowing what isn’t enough. You also need to know who owns and has accountability for a responsibility if you want to make sure nothing slips through the cracks.
When it comes to defining the obligations required by every rule or regulation, use plain English. This way everyone will have a clear understanding of which obligations apply and what they call for.
Global risk and compliance frameworks should be flexible enough to answer today’s challenges and anticipate tomorrow’s. To do this, your framework should incorporate the latest enabling technologies, while reflecting the compliance requirements of your geographies, the business models of your legal entities, and the strategic objectives of your global enterprise.
KPMG complies with the auditor independence rules of the AICPA, SEC, PCAOB and DOL. As a result, some services described herein may not be available to our audit clients. KPMG audit clients should check with their respective lead audit partner for more information.