2025年十大关键监管挑战：在变革中前行

Rolling throughthe Shift TableofContents 01 Regulatory Divergence 02 Trusted AI & Systems 03 Cybersecurity & Information Protection 04 Financial Crime 05 Fraud & Scams 06 Fairness & Protection 07 Financial & Operational Resilience 09 Governance & Controls 10 Markets & Competition Regulatory Barometer Methodology TenKeyRegulatoryChallengesof2025 On behalf of KPMG Regulatory Insights, Iam delighted to issue the tenth edition of ‘roll-forward' to mitigate and respond to We, of course, welcome the opportunity toassist you in these and related areas to This 2025 edition anticipates theregulatory volume, complexity, and impactdue to the new Administration’s priorities We anticipate 2025 to be the Year ofRegulatory Shift—across areas oftechnology and data risks, consumer/ In the following pages we anticipate howthis Regulatory Shift will alter regulatory “2025 will be the Year of Regulatory Shiftfueled by a new Administration, agencyleadership changes, and expandedregulatory divergence. Companies willlook to "roll through the shift" but must Amy MatsuoPrincipal & National LeaderRegulatory Insightsamatsuo@kpmg.com RegulatoryDivergence 12345678910 emerging and evolvingregulatory expectations.Regulatory focus and actionswill be impacted by agencyleadership mission changesamid the Administration's "day Regulatory divergence andlegal challenge will continue,drive high operational, risk andcompliance challenges/ impactsand potential compliance andreputational risks. Companies RegulatoryBarometer Regulatory Shift reporting, skilled resources, business continuityplanning).•AI/GenAI (e.g., governance, testing and validation,transparency). Although the regulatorylandscape is expected toevolve in 2025, reflectingchanges related to increasingdigitalization, technology RegulatoryShift Financial Crime To keep pace with increasingly sophisticated financialcrime threats (including risks to critical systems, servicesand infrastructure), expect attention in regulatory areassuch as cybercrime, ransomware, sanctions, know-your- Fraud Risks related to fraud, scams, and misrepresentations areincreasing alongside advancements in technology, withincreasing and significant cost to consumers andcompanies. Closely tied to cybersecurity and data privacy Actions •Consumer/investor protections against fraud, identitytheft, and imposter and other scams (e.g., payments,deepfakes).•Complaints management (e.g., fair treatment,resolution/remediation). Key areas will include: Resiliency Regulators are emphasizing the importance of resiliencyin both financial risk (e.g., capital, liquidity, credit) andnon-financial risk (e.g., cybersecurity, third party,operational) and companies’ abilities to anticipate and Rulemaking Regulators will continue to utilize and apply existing rules,regulations, and guidance (e.g., heightened standards/ERM,financial stability, AML/BSA, UDAAP/UDAP, fair marketing,conflicts of interest, recordkeeping) to the supervision andenforcement of new and emerging areas (e.g., “automated Technology Risk With the increasing adoption of innovative technologiessuch as AI/GenAI and predictive analytics, there areincreasing expectations for risk and compliance in areasof technology risk including: •Cybersecurity /information protection (e.g., incident LegalImpacts Increased Guidance vs.NewRegulations Legal challenges and impactsfrom prior legal cases will A noticeable rise in legal challenges to federal and statelevel regulations will prompt a shift towards more guidanceand frameworks rather than the introduction of new Extended RulemakingProcesses Agencies will take measures to fortify their case forregulatory requirements and jurisdictional authority by: •Seeking consumer voice and industry comments viaRFIs, extended comment periods, etc.•Providing indicators of potential regulations prior toreleasing rulemakings through analytic/assessment AgencyLegal Actions Actions The uptick in legal actions both against and by agencies,particularly in areas such as anti-trust and labor practices,will continue to highlight the contentious and complex Diverging RegulationsAcrossOther Jurisdictions State&Global RegulatoryActivity As federal rulemaking is slowed due to bipartisandivergence, state regulatory activity is expected tocontinue to increase, especially in areas such as AI,cybercrime, privacy, and “fair access” consumer/ investor Operational and Compliance Risk Divergences across states and between state, federal,and international regulations will increase regulatorycomplexities. These differences could potentially heighten Actions 12345678910 Conduct dynamic and ongoingskills, resourcing levels, assetallocation and technologyinvestment assessmentsto identifythe most important departmentalneeds to appropriately mitigateemerging risks. Expand analytical and Assess governance structure forRisk and Compliance.Expandedroles in terms of both direct andindirect areas of Compliance covera