‘Get it right, be convincing and do it fast’: PwC’s Risk Proof upends risk assessments

As the New Equation was announced, PwC’s Cyber, Risk & Regulatory practice was ready

When PwC US Chairman Tim Ryan described trust within the firm’s recently unveiled “The New Equation,” he discussed a variety of business issues, including data, compliance, and environmental commitments, that increasingly challenge PwC’s clients and that “all come back to trust.” The firm, in Ryan’s explanation, can help clients build trust not only within their own organization but also as a client’s core characteristic. Ryan’s description of the importance PwC places on trust, highlighted as part of the firm’s US Analyst Day earlier this month, loudly echoed what TBR heard from the firm’s Financial Crimes team earlier this year during a briefing on the firm’s Risk Proof product offering.

Jeff Lavine, PwC’s Global Financial Crimes leader, told TBR in May that PwC’s Cyber, Risk & Regulatory practice helps clients quantify and measure risk; tell their boards, investors and regulators a convincing and compelling story; and move clients from checking the risk box to administering meaningful control over their enterprise’s risks. That extension of trust — from PwC, fully through the client and into the client’s ecosystem — perfectly syncs with the firm’s New Equation and suggests sustained alignment throughout the various parts of PwC, including the new Trust and Consulting organizations, will be critical to making the New Equation the kind of generational change Ryan anticipates.

Lavine and Vikas Agarwal, PwC’s Risk Products and Financial Crimes Unit leader, detailed for TBR the overall Cyber, Risk & Regulatory practice, including several distinct service lines, from strategy, to data analytics, implementation, and managed services. The Strategy service line takes a compliance and licensing perspective into advising clients on opportunities, particularly around financial technology (fintech). Risk and Controls, staffed by former regulators and experienced risk professionals, provides advice, testing and validation for clients’ risk practices. Operations, the largest of the service lines, provides anti-money-laundering and Know Your Customer (KYC) solutions, primarily based on open-source technology, which, according to PwC, helps the firm more rapidly deliver results. According to Lavine, “We go faster because we’re not a platform.” And Technology and Analytics focuses on implementing risk solutions.

With these well-established service lines providing a foundation, PwC — as part of the firmwide recognition of PwC Products — examined the opportunities for developing a robust, scalable and flexible product to bring the firm’s expertise to a wider market. PwC considered feedback from clients across the full spectrum of the firm’s engagements around risk, examined where white space existed in the current market, and analyzed which current risk trends and needs would continue beyond the next few years, ensuring PwC could build — and properly price — a sustainable and profitable product.

From consulting engagements to subscriptions: A better way to assess risk

Risk Proof, PwC’s platform approach to risk assessment, helps clients perform three basic but essential actions: quantify and measure risk; tell a more robust story to boards, investors, employees and clients; and transition from taking an administrative and reactive risk posture to exercising meaningful risk controls. With features common now in many PwC Products, such as customizable dashboards and interactive reporting, the Risk Proof platform also builds on the firm’s trusted brand around data, financial reporting, compliance and, increasingly, technology.

From a functional perspective, Risk Proof appears to be straightforward; from a strategic perspective, Risk Proof addresses what Agarwal described as critical for enterprises in increasingly interconnected and data-intensive ecosystems, stating that “getting a good risk assessment is foundational to a good financial crimes practice, for example.” While Agarwal may have been reflecting views primarily held by financial institutions required to meet financial crimes regulations, the overall sentiment that good risk assessment is foundational to good business practices stretches across every enterprise and all industry segments. And for companies seeking help around risk, PwC’s Risk Proof solution, in Lavine’s words, allows them to “get it right, be convincing and do it fast.”

Risk Proof also helps PwC. Currently, the firm conducts 15 to 20 risk assessments per year, using a methodology that, while thorough and expansive, requires considerable manual processes and runs up against data and audit trail limitations. In place of these risk assessments, clients can now subscribe to Risk Proof and access all the assessment, reporting and decision-making tools at a fraction of the traditional risk assessment engagement costs. While that opens up a wider market for PwC — those enterprises less likely or unable to pay Big Four rates for risk services — Risk Proof also cannibalizes PwC’s risk revenues.

For Lavine, even with that cannibalization, the firm benefits in the long run in three ways. First, PwC is acting upon itself, rather than being disrupted, which gives the firm some control over the pace and damage of any cannibalization. Second, the Risk Proof dashboard helps PwC better understand its clients, allowing the firm to make better-informed recommendations for other consulting or technology-driven work, ultimately boosting the total relationship value. And, third — rather neatly echoing Ryan’s point about trust and the New Equation — reducing a client’s spend on risk while increasing the client’s capabilities to assess, report and manage risk further enhances the trusted relationship between the client and PwC and between the client and its customers.