In mid-February, TBR met with senior leaders from PwC’s U.S. Cybersecurity, Risk & Regulatory practice, including Vikas Agarwal, the firm’s Financial Crimes Unit leader, and Arlene Laungayan, a director in the firm’s Cyber Risk & Regulatory practice. The PwC team brought TBR up to speed on developments across the firm’s range of offerings, focusing on the Risk Management Portfolio. PwC’s risk management strategy is driven by the firm’s Cyber, Risk & Regulatory leader Sean Joyce and his managing partner John Sabatini under consulting and firm leadership. The following reflects both the mid-February briefing and TBR’s ongoing analysis of PwC within the larger management consulting space.
Risk evolves along with The New Equation
After setting the stage with an update on organizational changes and a description of some recent client engagements, including timely advice provided to clients on the secondary and tertiary effects of economic sanctions imposed against Russia over the invasion of Ukraine, Agarwal commented that while PwC has collaborated closely with the largest technology vendors, the professional services firm does not aim to “be a tech company.” PwC instead aspires to be “the best knowledge company, well equipped to merge knowledge with technology.”
In the context of risk and regulations, PwC is capable of helping clients understand key issues and challenges, develop meaningful content, and deliver services through a solution. Not surprisingly, Agarwal led the discussion with PwC’s The New Equation, and his description of PwC’s value and how it is delivered dovetailed well with both The New Equation and TBR’s evolving view of PwC as a firm. Risk and compliance may be one of the oldest service lines offered by PwC and its Big Four peers, so successfully pulling technology through to the heart of risk offerings requires balancing speed, efficiency and evolving client expectations for the tried-and-true characteristics of risk and compliance (consider that one of The New Equation’s founding principles, according to PwC, is that “when our better selves and the greatest aspects of technology are brought together, there is no opportunity too great for us to achieve.”).
While internal change continues to drive PwC’s evolution, Agarwal and his colleagues did note the importance of changing client demands, particularly as the total number of chief compliance officers has increased in recent years, particularly within the Fortune 500. CEOs and CFOs, in Agarwal’s telling, have become “sick of chasing the issues” and have looked to chief compliance offices to “solve risks in silos, but [to] tell the story at the top [and to] understand and communicate” to the full enterprise the criticality of risk and compliance to the overall business.
Dealing with multiple people within an organization around risk issues could be a winning strategy in two ways. First, the more people and personas PwC interacts with, the more the firm’s value becomes clear to its clients. Conversely, consulting on risk only with a chief compliance officer and a limited risk team potentially places restrictions on PwC’s overall relationship with the client. Second, maturity, with respect to risk, will vary across an organization, providing an opening for PwC to serve clients with appropriate solutions for their needs. Of course, being able to serve multiple stakeholders within a client and at various maturity levels requires a robust set of risk and compliance offerings.