KPMG LLP: Taking a Holistic Approach to Governance, Risk and Compliance

Mike Nolan, Global Partner-In-Charge, Risk Consulting
Organizations today face complex compliance challenges due to an onslaught of new and changing regulation accompanied by increased domestic and cross-border regulatory enforcement. This changing landscape coupled with advancing globalization has rendered managing compliance cost (including litigation and technology costs) and compliance talent increasingly important priorities for organizations.

Companies that conduct business globally must manage and optimize a dizzying array of risks. According to KPMG’s Global Risk Survey, companies consider the following as top risks: regulatory pressure, reputational risk, credit markets and liquidity, geopolitical risk, supply chain risk, third party risk, IT/cyber security threats and disruptive technology. “Interestingly, it was not only the highly regulated industries that considered ‘regulatory pressure’ to be a top risk. Having moved very aggressively beyond highly regulated industries,’ compliance has now become real for other industries like consumer markets and diversified industrials,” says Mike Nolan, Global Partner-In-Charge of KPMG’s Risk Consulting Services.

Organizations are searching for efficient ways to identify and absorb regulations. Amidst this evolving regulatory environment, our holistic model for Governance, Risk and Compliance (GRC) brings an integrated approach for developing and establishing a successful and sustainable GRC framework within an organization,” says Nolan.

A guiding principle to KPMG’s model is that ‘risk management’, including compliance, is everyone’s responsibility. KPMG has adopted the ‘three lines of defense’ model where risk and compliance management is pushed to the first line’s (the business) day-to-day responsibilities as best as possible. The second line identifies and monitors new risks and regulatory matters and creates effective and efficient policies and processes to enable compliance. The third line consists of the independent assurance provider.

“When these three lines of defense work well together, the organization has the best opportunity to achieve an integrated approach to managing risk and compliance, thereby managing cost while still creating a complete understanding of the regulatory and enterprise risk environment,” says Deon Minnaar, Leader of KPMG’s ERM/GRC Practice for the Americas.

Technology enablement becomes an important component to creating workflow to integrate risk and controls information organization-wide and complying with and monitoring regulations.

Our holistic model for GRC brings an integrated approach for developing and establishing a successful and sustainable GRC framework within an organization

KPMG’s profound understanding of regulatory requirements and ability to bridge requirements under multiple control frameworks and government enforcement policies have set the firm apart. “With our GRC services, technology skills, and the configuration opportunities, we can more effectively manage and automate compliance activities,” says Tony Torchia, Leader of KPMG’s IT Governance, Risk & compliance practice. “KPMG deploys a technology strategy that allows alignment with leading technology providers and to internally build software solutions where gaps exist in the marketplace. Most frequently, the internally developed technology solutions are enabled with content and strengthened with data analytics capabilities,” he adds.

Among KPMG’s Risk Consulting solutions is its cadre of tools supporting its Anti-Money Laundering (AML) services. The firm assists clients in transactional reviews to identify suspicious activities using its AML Case Management tool. “Our AML Modeling and Astrus tools help in testing and validating the effectiveness of transaction monitoring systems and enabling due diligence reviews to ensure compliance with Know Your Customer requirements,” says Richard Girgenti, Leader of PMG’s Forensic Advisory Services.

KPMG’s experience working with boards, c-level executives, and risk committees helps it to sharpen its dedicated methodologies to ensure consistent and efficient risk management and optimization. Specific to compliance, KPMG’s holistic approach to create an effective regulatory change management discipline that can efficiently absorb new regulations and enable the first line of defense as part of their everyday responsibilities creates a sustainable program. Once the process is well-defined,KPMG can enable it with leading vendor or proprietary technology solutions. This completes the transformative efforts many companies are currently undergoing.


New York, NY

Mike Nolan, Global Partner-In-Charge, Risk Consulting

A provider of audit, tax and advisory services.