Audio Quick Take: KPMG’s Amy Matsuo on Building Trust at the Forefront of Change
KPMG’s recently released 2021 Chief Compliance Officer (CCO) survey explores how CCOs across multiple industries are adapting to new global trends and evolving risks. CCOs are shifting from being responsive to being proactive—including anticipating changes in regulatory and stakeholder expectations and preventing exposures before they occur—by adopting new approaches and technologies that help their companies stay at the forefront of change.
Download this podcast
Julie Devoll, HBR
Welcome to the HBR Quick Take. I’m Julie Devoll, editor of special projects and webinars at HBR. Today I’m joined by Amy Matsuo. Amy is the leader of compliance transformation, ESG [environmental, social, and governance], and regulatory insights at KPMG. She’s here to share some of the insights from KPMG’s 2021 Chief Compliance Officer survey. Amy, thank you so much for joining us today.
Amy Matsuo, KPMG
Thank you, Julie. Thanks so much for having me, happy to be here.
Julie Devoll, HBR
Amy, start us off by telling us a little bit about the survey findings and what information you were looking to uncover.
Amy Matsuo, KPMG
Sure. So we both surveyed and analyzed almost 250 chief compliance officers at Fortune 500-level organizations across multiple industries on how they’re adapting to new global trends and evolving risks. The survey highlights the changes that we expect to see in compliance over the next three years as organizations navigate increased regulatory scrutiny, gaps in resources and budgets, and competitive pressures to harness large volumes of data into meaningful analysis. We asked them about their priorities, what they want to enhance in areas where they plan to invest. We also asked them about how they’re expanding their scope of compliance and their role within their organization to embrace these new areas of risk, and specifically asked questions around automation and technology ESG and how they’re accommodating the shift toward post-pandemic ways to work.
Julie Devoll, HBR
You mentioned one of the things you were looking at were ways that CCOs are looking to enhance within their organization. What were some of the key areas that you found?
Amy Matsuo, KPMG
Really interesting survey results in this regard, as far as a key takeaway. We did allow survey respondents to pick more than one [answer], so this is not mutually exclusive by any means, but number one: more than two-thirds of respondents answered the use of automation and technology, which is probably not too much of a surprise but [is] a great indicative, proactive look at how compliance is evolving to get that kind of overwhelming response. So about 67% on the use of automation and technology, but likewise, strong showings in other areas. Data analytics: 35%. Regulatory change management: 32%. Risk assessments, 26%: Monitoring and testing: 23%. So again, a lot of enhancement looking to come to this area within the organization. What’s key to these findings is really the contrast to our 2019 survey, where monitoring and testing and investigations were the top two activities to enhance. As a comparative for 2019 to this 2021 survey, you see this movement from more reactive to proactive compliance, which is exciting for all of us in this space, to see that shift toward more proactive compliance activities.
Julie Devoll, HBR
In terms of the CCOs’ top regulatory and compliance obligations, what are their areas of focus, and what trends are you seeing?
Amy Matsuo, KPMG
Interestingly, almost 40% of respondents indicated that industry-specific regulations were among their top obligations to refine. The reason that’s interesting is that’s a 16 percentage point increase over our 2019 survey. While this clearly reflects ongoing regulatory focus on those highly regulated industries like financial services and health care life science, it also reflects a growing regulatory focus [on] other areas as well—so technology, telecom, consumer products, and retail, and industrial manufacturing. In addition, I would say 70% of respondents expected to see an increase in compliance focus by their regulators. No one believed that it would decrease. I think that’s a really important finding, the sort of regulatory intensity towards this space. About 61% of respondents identified new regulatory requirements as being one of their top challenges. And one top obligation that CCOs are focused on refining in that space is really consumer protection—34% of respondents indicated consumer protection as a focal area, up 18 percentage points from 2019.
Cyber and information protection ranks among the top obligations as well, by about a third of respondents. This is reflective of the growing discussions around data privacy and security for both individuals’ and organizations’ own proprietary data.
Julie Devoll, HBR
I’d like to discuss ESG, as it’s such a hot topic right now and I imagine it’s especially so in the regulatory compliance area. What did CCOs have to say about ESG?
Amy Matsuo, KPMG
This is another interesting finding [from] this survey. We are seeing an increased ESG focus with chief compliance officers, specifically with social issues and with issues of climate change making global headlines. Organizations are increasingly focused on developing and monitoring ESG efforts, and they’re calling on the compliance function to be part of that, and in some cases, this function is driving those initiatives. We expect that’s only going to increase in the years to come.
We’re especially seeing a focus on ESG in certain industries— so energy, industrial manufacturing, consumer market, and retail have already made great strides in monitoring some of their ESG-related impacts. In the coming years, we’re seeing that role of the CCO expanding into ESG becoming even more important. Slightly more than half, about 51% of respondents, indicated that the compliance function participates today in ESG strategy planning and that they’re involved in establishing ESG-related policies and procedures. A similar number are incorporating ESG risks into their overall compliance risk assessments, and about 37% are monitoring ESG components of business investments. This will be really interesting to see even two years from now, because I would expect all those numbers to increase.
Julie Devoll, HBR
What actions should chief compliance officers consider taking, given the current landscape we’re in?
Amy Matsuo, KPMG
We’re definitely already seeing chief compliance officers becoming change agents. They’re advancing their own organizational function in operations and analytics, as I indicated before, really from more responsive to more proactive. Based on this and what we’ve heard in the survey, we break down our recommendations primarily into three areas. One, evolving risks. Two, investments to be made in compliance. And the third one is compliance at the forefront of change.
The first one, in terms of evolving risks, includes taking action to refresh and validate internal risk assessments and key data, including ESG, leveraging technology and analytics to create risk monitoring that drives better and more timely risk management. It also defines those ESG programs, including key metrics to measure success and compliance and consistency across the risk areas, including third parties and heightened focus on industry-specific regulatory risks, inclusive of both heavily regulated [industries] and those that may have traditionally not been as heavily regulated.
The second area is investments in compliance. So, the first action I would say is to develop an inventory of existing compliance data and other potential data sources across the organization. That’s the first step to really increasing your data and analytics. Understand those relationships among the relevant data sources and your access to getting the data that you need to really do effective and proactive monitoring. The second step is to shift those compliance effective metrics from reactive to proactive. It’s important to measure reactive measurements. It always will be within compliance, but to the extent that we can continue to build more proactive monitoring using more predictive analytics, that’s certainly the way forward. As a result of those steps, [we can] increase investment in compliance technology, from simple case management type tools to more intricate and advanced analytics around data, to prioritize the automation of key compliance areas.
Finally, the third is compliance, at that forefront of change and within the new reality. I would say embed ethics and compliance in any business operating model changes, which are coming fast and furious, so that risks are identified and addressed. That’s inclusive of those ESG risks, and it’s inclusive of the industry-specific risks. This also includes your organization’s fraud and misconduct programs around risk relative to remote working and staffing constraints, anything that’s introducing new operations and new risks to your business. Compliance needs to be at the forefront of that.
Julie Devoll, HBR
Amy, this has been a great discussion. I want to thank you so much for joining us today.
Amy Matsuo, KPMG
Great. Thank you so much for having me.
If you’d like to learn more about how KPMG helps clients earn the trust of stakeholders and explore the findings of the KPMG 2021 CCO survey, visit read.kpmg.us/trust.