Strengthen compliance culture to manage risks

Insights from the KPMG 2022 Fraud Outlook

Jose Claudio Treviño

Jose Claudio Treviño

Advisory Managing Director, Forensic, KPMG LLP

+1 346-786-4571

Marc Miller

Marc Miller

Partner, Risk & Compliance Leader, KPMG US

+1 212-872-6916

A key finding in the 2022 KPMG Fraud Outlook survey is a triple threat of fraud, compliance, and cyber-security risk facing companies in the Americas. We believe that defending against this “threat loop” requires an interconnected effort across the enterprise. We call it a loop because these threats should be addressed in conjunction with one another rather than separately.

The threat loop is a serious issue for all companies in the survey. Our respondents report an average loss of 1 percent of profits from fraud and compliance-related fines in the last year.

Findings differ between North America to Latin America

The survey represented companies in both North America and Latin America. Respondents were asked about the maturity of their companies’ controls to address this triple threat. We calculated how many of those surveyed rated their companies as excellent for at least half of the controls covered in each risk category. (We call this the ‘half-or-more’ standard.) 

Respondents rated their companies as ‘Excellent’ for at least half of the controls covering these three areas of risk

Perceptions in the maturity of controls differ between the two regions, suggesting companies need to take a nuanced approach to manage these risks when doing business across borders. As the chart shows, respondents from North American companies rated themselves higher than those from Latin American companies. In general, more respondents from North American companies either think they are meeting international standards of risk mitigation or doing well by domestic standards.

By contrast, most Latin American respondents say that their companies meet their legal obligations but do not excel by domestic or international standards. In fact, over a quarter of Latin American respondents are unsure if they fully meet even local rules with respect to corruption and money-laundering regulation.

Regarding fraud, responses differ significantly between the two regions. Respondents indicate that fraud is a more widespread problem for North American companies. Most North American businesses that we surveyed are considerably larger than those in Latin America, and our survey also shows that larger, richer companies are more often targeted by external fraud. However, Latin American companies are nearly twice as likely to report insider involvement in fraud (49 percent in Latin America versus 17 percent in North America). 

Creating a new culture

Based on findings from our study as well as our experience in the field, we suggest that companies consider the following steps to strengthen their compliance culture to help mitigate fraud, non-compliance and cyber risk:

  • Develop a strong mentality about the need to identify and mitigate risk. Business leaders should reject the attitude that fraud is just part of the cost of doing business. Set the right tone from the top, with senior executives and a board supporting a culture of ethical and compliant behavior as part of the company’s DNA.
  • Be proactive, not reactive. In difficult economic times, such as a pandemic, bad behavior is sometimes justified by companies. But threats will only continue to increase according to our respondents, and proper governance is never a quick fix. Now is the time to begin or strengthen programs and policies for enhanced risk mitigation.
  • Conduct a detailed and rigorous review of threats. This includes a review of not just potential threats but actual risks. Examine existing policies and verify that operational oversight of these policies and procedures is thorough and effective.
  • Carefully recruit, monitor, and manage third parties across the entire vendor management lifecycle. This includes due diligence of suppliers; detailed contracts designed to limit the risk of third-party non-compliance; and well-documented onboarding, ongoing monitoring, and proper exiting of these business partners.
  • Closely supervise workers in remote locations to help ensure that risks and issues are adequately identified and addressed. This involves regular internal audits, continued training, and ongoing communications about compliance requirements. 

The bottom line

A proactive approach to developing and improving good governance can help companies in Latin America and North America mitigate threats. Addressing the threat loop can protect your reputation; reduce losses from fraud, cyber attacks and compliance-related fines; and improve business relations in markets around the world.

About the Research

  • More than half of respondents are board members, members of the C-suite, or department heads
  • Respondents are evenly divided across seven major industries:
    • Industrial manufacturing
    • Consumer products and retail
    • Energy and natural resources
    • Financial services
    • Insurance
    • Life sciences and pharmaceutical
    • Telecoms, media and entertainment and technology

Based on a survey of 640 executives

Respondents represent companies across a range of sizes:

KPMG LLP does not provide legal services.