KPMG 2022 Fraud Outlook Survey

A review of the fraud, compliance and cyber security risks facing the Americas

KPMG is pleased to present its 2022 outlook on fraud, cyber attacks and compliance concerns across the Americas. Our survey of more than 600 executives across multiple industries confirms anecdotal evidence about the effects of the pandemic on these three interconnected threats: it reveals that fraud, compliance concerns and cyber attacks are common, have increased in severity — and are expected to become more frequent.

Are companies in the Americas managing to fend off this triple threat? This research suggests that many have limited defenses in place, and the shift to hybrid or remote working is making existing controls less effective.

New cost imperatives in banking, PDF cover

A triple threat across the Americas

Learn more about the threat loop that is challenging organizations across the Americas

Download PDF ⤓

Key Findings

Our survey reveals that fraud, compliance concerns and cyber attacks are common, have increased in severity, and are expected to become more frequent.

The majority of companies across North and Latin America reported that they have suffered losses from fraud, compliance breaches, and/or cyber attacks.

Large companies are more at risk of fraud.

Fraud threats differ between North and Latin America.

The COVID-19 pandemic has made things worse.

Businesses expect fraud, compliance risk and cyber attacks to rise.

Not enough companies are completely on top of fraud controls, compliance and cyber security.

A united defense against a triple threat

The results of the survey indicate that fraud, compliance risks and cyber attacks are widespread, growing dangers for companies across North and Latin America. Increasingly, companies need to mitigate what KPMG calls the 'threat loop', which comprises the triple threat of fraud, compliance risk and a growing array of cyber security threats. Defending against this threat loop requires a collective, interconnected effort. Companies need to look at the impact created by these threats in conjunction, rather than just the risks they pose in isolation.

Companies have urgent priorities

Fraud: Never discount the possibility of an inside job. A significant 31 percent of respondents say their companies have suffered from fraud perpetrated by an insider in the past year.
Compliance: Compliance is a reputational issue. More respondents say that reputational considerations cause their leaders to pay attention to compliance than say the same of fines and enforcement.
Cyber security: Slow and steady will not win the cyber security race. Respondents tell us it takes about a month, on average, for a cyber attack to be fully contained, and most seem satisfied with how well their companies do in this area. This indicates that there is a potentially fatal lack of urgency in how companies are responding to the threat of cyber attacks.

Fraud, non-compliance and cyber breaches are the costly norm

Of the risks that we examined, respondents indicated that their companies are most likely to have experienced cyber attacks.

1.5%

The percentage of profits large companies are losing due to fraud and non-compliance.

The reality of a triple threat

Covid-19 and the impact on the risk environment

Overall, 86% of respondents say that remote working has negatively affected at least one element of fraud prevention, compliance and cyber security programs at their company.

Half of respondents tell us that working from home has negatively impacted their companies’ ability to respond to fraud.

The shift to remote working has increased our risk of fraud, due to a reduced ability to monitor and control for fraudulent behavior.