Skip to Main Content

Q&A: How Banks Can Navigate 2025’s Regulatory Uncertainty

Reg Uncertainty 2025 1168X660

The regulatory environment for banks is expected to undergo significant shifts in 2025, influenced by a combination of expanded legal challenges, Supreme Court rulings, and the possibility of new leadership at key agencies. These factors could slow the pace of new rulemaking, contributing to a period of regulatory uncertainty for the financial industry. While the outcomes of the U.S. elections will play a major role in shaping the regulatory landscape, certain areas—like AI and cybersecurity—will remain at the forefront, regardless of who is in office. 

In 2025: The Year of Regulatory Shift, KPMG Regulatory Insights provides an in-depth analysis of these potential changes and how banks can best prepare for the evolving regulatory challenges ahead. In this Q&A, KPMG’s Amy Matsuo highlights the key findings from the report and explores strategies for navigating this shifting landscape. 

Given the potential slowdown in new rulemaking due to expanded legal challenges and potential changes in agency leadership, how should banks prepare to navigate this period of regulatory uncertainty? 

As we approach 2025, banks need to start thinking ahead by evaluating different scenarios and considering the potential impacts of those changes. 

Let’s talk about agency leadership. If we see a Democratic administration, leadership at the Federal Reserve Board (FRB), Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and Consumer Financial Protection Bureau (CFPB) is likely to remain stable, although we might see nominations for key roles like the Comptroller and Federal Deposit Insurance Corporation (FDIC) chair (there’s already a nomination pending for FDIC chair). On the other hand, a Republican administration could bring quicker changes, especially at the CFPB, FDIC, and Office of the Comptroller of the Currency (OCC)—important because all three of these leaders sit on the FDIC’s five-member board. Since these six agency heads also have voting power on the Financial Stability Oversight Council (FSOC), any shifts in leadership could influence its direction. 

In terms of rulemaking, no matter who wins the election, we’ll continue to see the use of executive orders as a fast way to push regulatory initiatives or undo previous orders. Banks should also brace for a rise in legal challenges [to new regulations] and state-level activity, while progress in Congress may be slow. 

Even with this uncertainty, don’t expect regulators to hit pause. Agency staff will keep moving forward on ongoing and near-term issues, such as exam and enforcement resolutions. 

The report highlights that regardless of the election outcome, the regulatory focus on AI and cybersecurity will remain intense. What specific areas within these domains should banks prioritize to stay ahead of regulatory expectations? 

Whether there’s a change in administration or not, AI and cybersecurity will continue to be high-priority areas. Banks need to be ready to show that they have strong risk management and compliance practices in place. 

For AI, the focus should be on a few key things: 

  • Making sure your data privacy protections are solid. 
  • Ensuring fairness in your models—this means addressing risks like bias, conflicts of interest, and anything else that could harm consumers. 
  • Implementing a robust risk management framework that covers the design, use, and deployment of AI systems. 

When it comes to cybersecurity, banks should: 

  • Improve resilience to prevent disruptions in critical systems and operations. 
  • Strengthen data management practices, including how data is classified and secured. 
  • Work closely with your AML and fraud teams to stay ahead of fraud risks, especially as customer data becomes more accessible through platforms like open banking. 

With the possibility of divergent regulatory approaches depending on the election outcome, how can risk management teams balance preparation for both high and low regulatory activity scenarios? 

We’re almost guaranteed to see divergent regulatory approaches, given the increase in state-level regulation and the growing number of legal challenges. So how can risk management teams prepare for both intense regulatory activity and more relaxed periods? 

Make sure you’re investing enough time and resources in what we call “regulatory intensity”—including any new regulations that might come up. You’ll also want to develop regulatory routines, using process automation and data analysis to keep things consistent and spot trends. 

Also, map regulations to your risk assessments and controls so that you have a clear understanding of how each impacts your overall risk profile. And integrate regulatory issues management into your dynamic risk assessments. Make sure ownership and accountability are clearly defined so that any critical challenges are addressed head-on. 

Looking ahead, we expect the key regulatory themes in 2025 to focus on areas like regulatory divergence, AI, cybersecurity, fraud, fairness, and operational resilience. We’ll continue monitoring these trends, so stay tuned.