KPMG Survey Finds that Fraud, Cyber, and Compliance Threats are High and Companies are Ill-Prepared
KPMG has issued A triple threat across the Americas: 2022 KPMG Fraud Outlook. The report, which is based on survey of 642 senior executives and board members in the Americas from seven industries, presents a bleak picture. KPMG finds that “fraud, compliance concerns and cyber attacks are common, have increased in severity--and are expected to become more frequent.” Specifically --
The majority of companies across North and Latin America reported that they have suffered losses from fraud, compliance breaches, and/or cyber attacks. Eighty-three percent of companies represented in the survey were impacted by a cyber attack in the last 12 months, 71 percent experienced internal or external fraud (including 31 percent that suffered fraud perpetrated by an insider), and 55 percent incurred losses due to a regulatory fine or compliance breach.
Large companies are more at risk of fraud. Only 15 percent of respondents from companies with at least US$10 billion in revenue said that they experienced no fraud losses in the past year. At smaller businesses, 29 percent report no fraud losses. Large companies lost 1.5 percent of their profits due to fraud and non-compliance.
Fraud threats differ between North and Latin America. Seventy-six percent of North American company respondents experienced fraud losses involving external parties, compared with 42 percent in Latin America. However, respondents in Latin America were more than twice as likely to experience internal frauds; 49 percent of Latin American respondents reported such events, compared with 17 percent in North America. KPMG suggests that fraud risk management programs and other internal anti-fraud defenses may be less robust in Latin America.
The COVID-19 pandemic has made things worse. Overall, 86 percent of respondents reported that remote work negatively affected at least one element of fraud prevention, compliance, or cybersecurity programs at their company. Half of respondents reported that working from home negatively impacted their company’s ability to respond to fraud.
Businesses expect fraud, compliance risk and cyber attacks to rise. Sixty-nine percent of respondents expect an increase in either external or internal fraud in the next year, while 29 percent project a rise in both. Seventy-seven percent thought that cybersecurity risk will increase in the next 12 months, and only seven percent foresee a decline. Six in ten expect compliance risk to grow, in part due an expected increase in regulation. Nearly every respondent expects more regulatory or compliance requirements related to data privacy, labor relations and the environment in the next five years.
Not enough companies are completely on top of fraud controls, compliance and cyber security. Only minorities of respondents said that their company reflected international best practice in anti-corruption compliance (18 percent), environmental compliance (21 percent), anti-money-laundering compliance (22 percent), anti-fraud controls (23 percent), and data-privacy controls (27 percent). Just 24 percent believed that their company is strong in half or more of the relevant cybersecurity protections, 17 percent in controls to prevent and detect fraud, and 13 percent in addressing compliance risks. Only 4 percent say that their company excels in all three areas.
KPMG outlines five steps that companies can take to mitigate fraud, compliance, and cyber risks: (1) Set the right tone from the top; (2) Carry out a risk review; (3) Communicate effectively; (4) Strengthen detection; (5) Create a culture of enforcement and accountability.