Five mounting pressures require the accelerated transformation of the risk function – New KPMG Chief Risk Officer survey finds

1.  De-risking:

• CROs say the most significant future risks are also those that they feel least prepared to address: regulatory/compliance risks (28% moderately prepared or worse), economic downturn/recession (40% moderately prepared or worse), and macro/geopolitical risks (37% moderately prepared or worse).

• Technology disruption (such as generative AI) and outdated systems rank as middle-of-the-road threats in the eyes of CROs, while 70% of CROs say they are well prepared or very well prepared to address these risks.

• The majority of CROs, 80%, are also confident in their organizations’ ability to handle cybersecurity threats and data breaches today, while 53% rank cybersecurity measures a priority risk area to modernize in the next 2 years.

2. Growth or strategic change:

• 82% of CROs indicated that they have a high level of support from the C-suite in terms of sufficient budget and attention to risk management. Most of those that lack support say they want greater alignment of risk management to business strategy.

• The risk activities set to be strengthened most over the next 2 years are emerging risk and trend analysis, risk strategy alignment with the business, and data analytics and predictive modelling.

“The strategy of the risk function should align with the organization’s business objectives and CROs have to ensure that they are helping the c-suite make decisions and investments where there is greater certainty of upside and reduced severity of downside, which is ultimately how risk leaders can drive organizational value,” said Brian Hart, U.S. Network Leader - Financial Services Risk, Regulatory and Compliance, KPMG LLP.

3. Compliance risk:

• It is no surprise that regulatory and compliance issues are the biggest expected risk management challenges in the next 2-5 years.

• Regulators/government agencies (33%) and stakeholders/investors (22%) are creating the most pressure and interest around risk management.

“CROs should ensure that compliance and other risk activities are agile, tech-enabled, strategic and support business growth, while allowing for adaptation to new or evolving regulatory requirements,” added Hart.

4. Effectiveness and efficiency:

• 88% of organizations will increase risk management budgets by at least 5% in the next 12 months.

• CROs cited artificial intelligence (AI) and machine learning (ML) as the most vital digital tools to accelerate risk management processes in the next five years, followed by cloud and cyber solutions.

• Three-quarters of companies use AI and ML in their risk management practices, with the leading use cases being monitoring success of implemented tools and considering technical feasibility and alignment with organizational capabilities.

• CROs are also focused on building out the skills and capabilities on their teams, particularly in:  improving data, analytics and visualizations/dashboards; increasing training for employees in targeted areas; and increasing diligence in policy management, controls and employee accountability.

“Organizations can turn risk management into a competitive advantage by harnessing technology to more efficiently and effectively manage risk, as well as meet or even exceed stakeholder expectations,” said Lisa Rawls, Americas Governance, Risk and Compliance Technology Service Network Leader, KPMG LLP. “CROs need to ensure that the digital acceleration of the risk function is in sync with their organization’s transformation goals and is supported by organizational changes.”

5.  Cost takeout:

Cost takeout is the reduction in the overall costs associated with the governance, maintenance, oversight and execution of risk requirements and practices.

• The top areas organizations will consider outsourcing are: strategic risk management and planning (33%); financial risk analysis, including market, liquidity, and credit risks (33%); cybersecurity and threat protection services (33%); and technology-driven risk management, such as AI/ML implementation and oversight (32%).

“In their modern approach to risk management, CROs can make the best use of technology and talent to lower costs while improving risk posture,” added Phelps.