Switching suppliers requires robust due diligence as fraud and cybersecurity risks are on the rise, KPMG forensic and cybersecurity specialists warn
TORONTO, March 6, 2025 /CNW/ - With the recent implementation of 25 per cent, across-the-board tariffs on Canadian goods, Canadian businesses that are considering or already making changes to their supply chain must remain extra vigilant for increased fraud and cybersecurity risks, KPMG in Canada specialists warn.
A recent KPMG in Canada survey of Canadian businesses found that in anticipation of tariffs, nearly half (44 per cent) of respondents said they are already reconfiguring their supply chains to divert U.S.-destined exports to these third-party countries, with another 44 per cent exploring that option.
Changing suppliers and reconfiguring supply chains can introduce numerous fraud risks, says Myriam Duguay, Partner and National Forensic Leader at KPMG in Canada.
"With U.S. tariffs now in place for Canadian exporters, many businesses might rush to switch suppliers, and in doing so, they might not do the rigorous due diligence that's needed to reduce third party risks," she says.
"Businesses must be vigilant about engaging new suppliers that make illegitimate or overstated claims about their capabilities," she adds.
Hartaj Nijjar, KPMG in Canada's National Cybersecurity Leader adds that engaging new suppliers increases an organization's cybersecurity risks.
"If the new suppliers do not have robust cybersecurity measures in place, they could become a weak link in an organization's supply chain, potentially leading to data breaches," he says.
"Businesses should also be aware of fake suppliers that appear legitimate but are actually threat actors in disguise. This is becoming more prevalent now with the rise of AI-powered deepfakes," he adds.
KPMG's forensic and cybersecurity specialists recommend Canadian organizations consider the following points when changing suppliers.
- Supplier Due Diligence: When switching suppliers, conducting an integrity due diligence is the first and most critical step. This includes verifying the legitimacy and integrity of the new suppliers, checking their financial stability, and assessing their reputation. Skipping this critical step could lead to partnerships with potentially fraudulent entities that might engage in practices such as overcharging, delivering substandard goods, or even disappearing with prepayments.
- Contractual Risks: New contracts with suppliers can be a source of fraud if not carefully reviewed. There may be hidden clauses that could be exploited, or the supplier may misrepresent their capabilities or the quality of their products. Legal experts must review contracts to mitigate these risks.
- Payment Fraud: Changing suppliers often involves new payment processes. This can create opportunities for fraud, such as invoice fraud, where a fraudulent invoice is submitted for payment. According to Payments Canada, one in five Canadian businesses experienced some form of payment fraud in the past six months. Implementing strict controls and verification processes for invoices can help reduce this risk.
- Supply Chain Visibility: A reconfigured supply chain may lead to reduced visibility over the entire process. If there are multiple intermediaries involved, it can be challenging to track the flow of goods and payments, increasing the risk of fraud. Utilizing technology such as AI-powered digital twins or blockchain can enhance transparency and traceability in the supply chain.
- Internal Controls: Changes in suppliers and supply chain configurations may also affect internal controls. If these controls are not updated or reinforced, it can create vulnerabilities that fraudsters may exploit. Regular audits and assessments of internal controls are necessary to ensure they remain effective.
- Cybersecurity Risks: Engaging new suppliers could expose organizations to cybersecurity risks. If new suppliers do not have robust cybersecurity measures in place, they could expose an organization to a security breach. Before onboarding new suppliers, organizations should conduct rigorous risk assessments to evaluate their cybersecurity posture.
- Deepfake Risks: Deepfakes could be used to create false narratives about a supplier's reliability or capabilities, which could lead to further risks and supply chain disruptions for organizations. Investing in advanced verification technologies and educating employees on how to identify deepfakes could help mitigate these risks.
- Employee Training: Employees in the supply chain and accounting departments should be trained to recognize potential fraud and cybersecurity risks associated with new suppliers. This includes understanding red flags and knowing the proper procedures for reporting suspicious activities.
- Regulatory Compliance: Depending on your industry, changing suppliers may also involve compliance with various regulations. Non-compliance can lead to legal issues, corruption and potential fraud if suppliers are not adhering to the necessary standards.
"While changing suppliers and reconfiguring supply chains can help businesses mitigate the added cost of tariffs, they need to be aware of the associated fraud and cybersecurity risks. Implementing robust due diligence, maintaining strong internal controls, and ensuring compliance with regulations can help mitigate these risks," Ms. Duguay adds.
For more resources on fraud prevention, visit: Fraud prevention - KPMG Canada
Tune in to KPMG in Canada's upcoming DX Coffee Chat, Outsmarting Fraud in a Digital World: Outsmarting fraud in a digital world Registration
For more resources on U.S. tariffs, visit: Navigating tariffs - KPMG Canada
About KPMG in Canada
KPMG LLP, a limited liability partnership, is a full-service Audit, Tax and Advisory firm owned and operated by Canadians. For over 150 years, our professionals have provided consulting, accounting, auditing, and tax services to Canadians, inspiring confidence, empowering change, and driving innovation. Guided by our core values of Integrity, Excellence, Courage, Together, For Better, KPMG employs more than 10,000 people in over 40 locations across Canada, serving private- and public-sector clients. KPMG is consistently ranked one of Canada's top employers and one of the best places to work in the country.
The firm is established under the laws of Ontario and is a member of KPMG's global organization of independent member firms affiliated with KPMG International, a private English company limited by guarantee. Each KPMG firm is a legally distinct and separate entity and describes itself as such. For more information, see kpmg.com/ca
For media inquiries:
Roula Meditskos
National Communications and Media Relations
KPMG in Canada
416-549-7982
[email protected]
SOURCE KPMG LLP
Share this article