Insight

A triple threat across the Americas: KPMG 2022 Fraud Outlook

A review of the fraud, compliance and cyber security risks facing the Americas

Marc Miller

Marc Miller

Partner, Risk & Compliance Leader, KPMG US

+1 212-872-6916

KPMG is pleased to present its 2022 outlook on fraud, cyber attacks and compliance concerns across the Americas. Our survey of more than 600 executives across multiple industries confirms anecdotal evidence about the effects of the pandemic on these three interconnected threats: it reveals that fraud, compliance concerns and cyber attacks are common, have increased in severity — and are expected to become more frequent.

Are companies in the Americas managing to fend off this triple threat? This research suggests that many have limited defenses in place, and the shift to hybrid or remote working is making existing controls less effective.

Key Findings

The majority of companies across North and Latin America reported that they have suffered losses from fraud, compliance breaches, and/or cyber attacks.


 

The COVID-19 pandemic has made things worse.


 

Large companies are more at risk of fraud.


Businesses expect fraud, compliance risk and cyber attacks to rise.


 

Fraud threats differ between North and Latin America.


Not enough companies are completely on top of fraud controls, compliance and cyber security.


A united defense against a triple threat

Fraud, compliance risks and cyber attacks are widespread, growing dangers for companies across North and Latin America.

Companies need to mitigate what KPMG calls the ‘threat loop,’ which comprises the triple threat of fraud, compliance risk and a growing array of cyber security threats.


 

fraud-compliance-cyber-thread-loop.gif

Companies have urgent priorities

  • Fraud: Never discount the possibility of an inside job. A significant 31 percent of respondents say their companies have suffered from fraud perpetrated by an insider in the past year.
  • Compliance: Compliance is a reputational issue. More respondents say that reputational considerations cause their leaders to pay attention to compliance than say the same of fines and enforcement.
  • Cyber security: Slow and steady will not win the cyber security race. Respondents tell us it takes about a month, on average, for a cyber attack to be fully contained, and most seem satisfied with how well their companies do in this area. This indicates that there is a potentially fatal lack of urgency in how companies are responding to the threat of cyber attacks.

 

Fraud, non-compliance and cyber breaches are the costly norm


Of the risks that we examined, respondents indicated that their companies are most likely to have experienced cyber attacks.
 


 

1.5%

The percentage of profits large companies are losing due to fraud and non-compliance.

 

The reality of the triple threat


Covid-19 and the impact on the risk environment

The shift to remote working has increased our risk of fraud, due to a reduced ability to monitor and control for fraudulent behavior.

Working from home has negatively impacted our ability to respond appropriately to fraud in our business.

The anti-fraud controls we had in place pre-pandemic have not been effectively updated to reflect the new working reality.

  • Overall, 86% of respondents say that remote working has negatively affected at least one element of fraud prevention, compliance and cyber security programs at their company.
  • Half of respondents tell us that working from home has negatively impacted their companies’ ability to respond to fraud.


Risk levels are rising…

    

69%

of respondents expect an increase in the risk in at least one of either external or internal fraud in the next year.


 

29%

project a rise in both.
 


Worries about growing cyber crime are widespread

 

77%

say that cyber-security risk will increase in the next 12 months.


 

7%

Only 7% foresee a decline.

New requirements and tougher enforcement ahead
 

Is your company prepared for the triple threat?

The results of the survey indicate that fraud, compliance risks and cyber attacks are widespread, growing dangers for companies across North and Latin America. Increasingly, companies need to mitigate what KPMG calls the ‘threat loop,’ which comprises the triple threat of fraud, compliance risk and a growing array of cyber security threats. Defending against this threat loop requires a collective, interconnected effort. Companies need to look at the impact created by these threats in conjunction, rather than just the risks they pose in isolation.


Top 5 things to consider

  1. Set the right tone from the top
  2. Carry out a risk review
  3. Communicate effectively
  4. Strengthen detection
  5. Create a culture of enforcement and accountability