Five Mounting Pressures Propelling Risk Transformation

Tim Phelps


January 30, 2024

Risk transformation sequence

The evolving landscape in economic, geopolitical, regulatory and technological spheres has put a significant spotlight on the enterprise risk function within organizations. The role of the risk function is transforming from primarily mitigating threats to also identifying opportunities and contributing to the strategic direction of the company. Responsibilities are expanding beyond mere compliance to actively shaping strategies that enhance performance and fortify the competitive edge. Amid constant volatility, the risk function plays a pivotal role in ensuring organizational resilience and fostering trust among stakeholders. 

The 2023 KPMG Chief Risk Officer survey captures the views of 390 U.S. enterprise risk executives and their perspectives about the next five years. Are risk functions ready to meet the demands of the future? What challenges are keeping risk leaders up at night, and what priorities are dominating their attention? How are risk teams evolving to optimize how they proactively support organizational objectives and meet regulatory expectations?

The survey data provides insights on how the following five mounting pressures are accelerating changes in organizations’ risk management strategies, structures, processes and capabilities—and the challenges and opportunities to come on the risk transformation journey. 


Macroeconomic uncertainty is straining risk leaders’ ability to keep pace with change. The survey identifies regulatory and compliance risks, economic downturns and geopolitical volatility to be among the top future risk challenges, all of which many executives feel insufficiently prepared to tackle. These challenges are exacerbated by “compound volatility,” due to cataclysmic disruptions—such as climate events, major bank failures, wars and supply chain failures—occurring at greater frequencies and intensifying the overall level of risk.

Although 80% of risk leaders reported being well-equipped to address cybersecurity risks, barely one-third of companies use predictive modeling and automation to anticipate potential risks. To proactively tackle emerging risks, organizations must invest in a centralized risk technology architecture, advanced data analytical capabilities and technology integration to enable the risk function to execute its high-stakes activities with greater speed, precision and agility. Allocating more resources to understanding and planning for "tail risks” can better hedge against the impact of unusual risks.

Growth or Strategic Change

From new technology to shifting markets and customers, the rapid pace of change across the business landscape presents opportunities for agile, forward-looking companies to improve performance. But to take advantage, organizations must manage new and changing risks in a way that supports the business strategy. Strengthening risk strategy alignment with the business objectives ranked as one of the top three goals for risk professionals.

In terms of sufficient budget, attention to risk management and overall alignment with business strategy, 82% of respondents reported receiving a high level of support from the C-suite. To make progress toward strategic enterprise risk management, incorporating shifting risks and strategic changes into the risk framework should be a key risk transformation goal, including providing training and resources for employees on risk management and corporate strategy alignment; analyzing risk mitigation successes and updating the corporate strategy; and fostering a strong risk and compliance culture as an enterprise-wide strategy.

Regulatory Compliance

Regulatory compliance is the top risk management challenge for organizations over the next two to five years. With global regulatory authorities actively using regulatory change as a policy execution tool, there is increased pressure from government agencies to integrate new requirements and be compliant. In fact, CROs say regulators are putting the most pressure on the risk management function.

The evolving regulatory environment demands a more proactive and agile risk management culture—one that is primarily driven by strategic inputs, rather than operating in response to regulatory demands. Moving beyond a compliance-centered approach focused on satisfying requirements and incorporating risk considerations into broader business strategies is critical to improving overall performance and supporting smart business growth.

Effectiveness and Efficiency

Today’s risk functions face a tall order: to actively contribute to their organizations’ long-term viability, growth and trust. Eighty-eight percent of companies are set to increase their risk management budgets by at least 5% within the next 12 months, with AI and machine learning emerging as key tools for accelerating risk control processes.

Capitalizing on technology convergence will be key to driving specific business outcomes and enabling the risk management ecosystem to adapt and improve over time. The top measure for empowering risk teams was improving data and analytics capabilities, followed by increasing training for employees in targeted areas, and increasing diligence in policy management and employee accountability. Risk executives must align digital acceleration with the organization’s transformation goals, including fostering an integrated, digital-first strategy and operating model, as well as acquiring or upskilling talent to meet new challenges, particularly in technical risk areas.

Cost Takeout

The cost to maintain effective risk management programs is at an all-time high. While labor typically constitutes the largest portion of risk operating costs, outsourcing offers potential efficiencies and cost reduction benefits. However, firms must always remember that they are outsourcing the risk management activity, not the risk itself. About one-third of companies are considering outsourcing across various risk management areas, such as strategic risk planning, financial risk analysis, cybersecurity and technology-driven threat protection.

It is crucial to carefully weigh the benefits of outsourcing against the need for adequate risk control, governance and sustainable savings. Risk leaders should develop and implement a strategic operating model that balances costs and effectiveness, leveraging technology, location strategies and global talent pools. Cost-saving strategies may differ across organizations but may include entity rationalization, product and channel simplification, operational model centralization and consolidation and automation of risk management processes.

The Way Forward

The strategic scope for the risk function now includes driving cost efficiencies, ensuring compliance and delivering business growth. It goes well beyond what has been traditionally expected from the function. To enable the risk function to deliver, leaders will need to be comfortable with uncertainty and double down on value drivers to navigate threats earlier and more effectively.

As new risks emerge, understanding the interplay between them will be crucial to define long-term mitigation strategies and resource allocation. While technology is playing a key role in enabling this transformation, culture and people are also critical success factors. Ultimately, organizations that look beyond compliance and cost-optimization, and integrate risk management as a strategic component of their value chain of the business, will come out on top.

Tim Phelps is a risk service leader at KPMG LLP