Posts

‘Get it right, be convincing and do it fast’: PwC’s Risk Proof upends risk assessments

As the New Equation was announced, PwC’s Cyber, Risk & Regulatory practice was ready

When PwC US Chairman Tim Ryan described trust within the firm’s recently unveiled “The New Equation,” he discussed a variety of business issues, including data, compliance, and environmental commitments, that increasingly challenge PwC’s clients and that “all come back to trust.” The firm, in Ryan’s explanation, can help clients build trust not only within their own organization but also as a client’s core characteristic. Ryan’s description of the importance PwC places on trust, highlighted as part of the firm’s US Analyst Day earlier this month, loudly echoed what TBR heard from the firm’s Financial Crimes team earlier this year during a briefing on the firm’s Risk Proof product offering.

Jeff Lavine, PwC’s Global Financial Crimes leader, told TBR in May that PwC’s Cyber, Risk & Regulatory practice helps clients quantify and measure risk; tell their boards, investors and regulators a convincing and compelling story; and move clients from checking the risk box to administering meaningful control over their enterprise’s risks. That extension of trust — from PwC, fully through the client and into the client’s ecosystem — perfectly syncs with the firm’s New Equation and suggests sustained alignment throughout the various parts of PwC, including the new Trust and Consulting organizations, will be critical to making the New Equation the kind of generational change Ryan anticipates.

Lavine and Vikas Agarwal, PwC’s Risk Products and Financial Crimes Unit leader, detailed for TBR the overall Cyber, Risk & Regulatory practice, including several distinct service lines, from strategy, to data analytics, implementation, and managed services. The Strategy service line takes a compliance and licensing perspective into advising clients on opportunities, particularly around financial technology (fintech). Risk and Controls, staffed by former regulators and experienced risk professionals, provides advice, testing and validation for clients’ risk practices. Operations, the largest of the service lines, provides anti-money-laundering and Know Your Customer (KYC) solutions, primarily based on open-source technology, which, according to PwC, helps the firm more rapidly deliver results. According to Lavine, “We go faster because we’re not a platform.” And Technology and Analytics focuses on implementing risk solutions.

With these well-established service lines providing a foundation, PwC — as part of the firmwide recognition of PwC Products — examined the opportunities for developing a robust, scalable and flexible product to bring the firm’s expertise to a wider market. PwC considered feedback from clients across the full spectrum of the firm’s engagements around risk, examined where white space existed in the current market, and analyzed which current risk trends and needs would continue beyond the next few years, ensuring PwC could build — and properly price — a sustainable and profitable product.

From consulting engagements to subscriptions: A better way to assess risk

Risk Proof, PwC’s platform approach to risk assessment, helps clients perform three basic but essential actions: quantify and measure risk; tell a more robust story to boards, investors, employees and clients; and transition from taking an administrative and reactive risk posture to exercising meaningful risk controls. With features common now in many PwC Products, such as customizable dashboards and interactive reporting, the Risk Proof platform also builds on the firm’s trusted brand around data, financial reporting, compliance and, increasingly, technology.

From a functional perspective, Risk Proof appears to be straightforward; from a strategic perspective, Risk Proof addresses what Agarwal described as critical for enterprises in increasingly interconnected and data-intensive ecosystems, stating that “getting a good risk assessment is foundational to a good financial crimes practice, for example.” While Agarwal may have been reflecting views primarily held by financial institutions required to meet financial crimes regulations, the overall sentiment that good risk assessment is foundational to good business practices stretches across every enterprise and all industry segments. And for companies seeking help around risk, PwC’s Risk Proof solution, in Lavine’s words, allows them to “get it right, be convincing and do it fast.”

Risk Proof also helps PwC. Currently, the firm conducts 15 to 20 risk assessments per year, using a methodology that, while thorough and expansive, requires considerable manual processes and runs up against data and audit trail limitations. In place of these risk assessments, clients can now subscribe to Risk Proof and access all the assessment, reporting and decision-making tools at a fraction of the traditional risk assessment engagement costs. While that opens up a wider market for PwC — those enterprises less likely or unable to pay Big Four rates for risk services — Risk Proof also cannibalizes PwC’s risk revenues.

For Lavine, even with that cannibalization, the firm benefits in the long run in three ways. First, PwC is acting upon itself, rather than being disrupted, which gives the firm some control over the pace and damage of any cannibalization. Second, the Risk Proof dashboard helps PwC better understand its clients, allowing the firm to make better-informed recommendations for other consulting or technology-driven work, ultimately boosting the total relationship value. And, third — rather neatly echoing Ryan’s point about trust and the New Equation — reducing a client’s spend on risk while increasing the client’s capabilities to assess, report and manage risk further enhances the trusted relationship between the client and PwC and between the client and its customers.

Know your consultancy: EY’s FinCrime practice and the future of compliance

Be the frictionless provider of FinCrime services

Ron Giammarco, leader of EY Global FinCrime Managed Services, described EY’s foundational principles for the financial crime practice in both technology and business model terms, noting that the firm has been committed to making every new offering cloud-native, but still deployable on premises. EY’s FinCrime practice, which was established 20 years ago, generates $1 billion in annual revenue, and there are over 30 clients on the firm’s FinCrime technology platform. To further its business, EY is determined to own the technology ecosystem, including all the intellectual property within the practice and every aspect of the relationship with clients.

In Giammarco’s view, EY should provide “frictionless” experiences for clients using its different platforms and solutions, with EY smoothing out any underlying technology or partnering issues. To offer those platforms, Giammarco noted, the firm has decided to acquire and partner as much as possible, building assets internally only when needed. In TBR’s view, these foundational principles reflect a shift in EY’s approach to technology and the firm’s overall ecosystem.

Embracing the business model shift and the substantial financial investment needed to be a technology company — at least to the degree EY is now — requires reorienting around the current competitive and partnership landscape, not the more siloed and opaque environment of several years ago, when digital transformation emerged as a challenge to the traditional consulting business model. Among the significant changes, Microsoft (Nasdaq: MSFT) and SAS now list EY’s offerings within their own services catalogs, and EY expects those partners to not only provide technology support but also engage in sales efforts and the onboarding of new clients.

EY’s differentiation: Expertise, discipline and global standards

Within this changed competitive and partnering environment, EY has been challenged to differentiate from peers, an effort TBR has tracked across Strategy and Transactions, Blockchain and other EY practices. For Nic Bastable, leader of EY Global Financial Crime Managed Services Delivery, the firm’s uniqueness has coalesced around three main characteristics. First, EY has developed deep domain expertise, which continues to evolve. Bastable explained that every FinCrime interaction, even through a managed services arrangement, has eventually led to an analyst helping a bank make a financial crime risk decision, which has involved more than just following simple procedures.

EY has invested in its professionals, building career tracks for FinCrime analysts and providing ongoing training, which led the firm to have, in Bastable’s opinion, differentiated expertise. Second, within the complex environment of helping banks make decisions about risk, EY has exhibited tight operational controls — essential at the global scale of EY’s services and to meet clients’ needs. Third, over years of providing FinCrime services, EY has created a global standard operating model, distilling best practices from dozens of engagements, by thousands of professionals, across more than a million events. Underlying all this, according to Bastable, EY brought automation and efficiency to the firm’s operations and delivery, further differentiating the value of EY’s services.

In TBR’s view, while each of the core elements of EY’s FinCrime practice does not separate the firm from specialists or niche services providers, the combination, particularly with global reach and substantial scale, gives the firm a compelling story. Overall, EY’s FinCrime practice does not depend on setting itself apart from peers, especially as professional services firms rarely differentiate from one another; instead, EY succeeds through solidifying trust by offering domain depth and delivering.

Laundering money and funding terrorism cannot withstand analytics and AI

Despite banks’ substantial investments in technology, people and processes to meet regulations, they currently lack effective and efficient systems for tackling financial crimes such as money laundering and terrorist financing. Regulators cannot keep pace with change, and the time and investment to overhaul banks’ legacy systems are too great given the complexity of global organizations and inevitable disruption to operations. But the three elements — technology, people and process — match EY’s strengths in technology consulting, especially when paired with deep financial services industry and risk and compliance expertise. EY continues to invest and evolve its financial crime (FinCrime) practice as it listens to financial institutions’ demands for services that embed regulatory compliance expertise and technology innovation, offered at scale on an outcomes-based pricing model. EY’s FinCrime practice collaborates across the firm to combine legacy capabilities and emerging technologies to differentiate from competitors’ portfolios in the market and provide, in TBR’s current analysis, industry-leading offerings.

EY’s connected approach to disrupting financial crime: Technology disruption, industry collaboration and process innovation

Over the course of EY’s two-day Financial Crime Analyst Summit, the firm’s leaders and banking sector clients spoke with TBR about the challenges financial institutions face, including high operating costs, stifled revenue growth, and demands to undergo business transformation while maintaining compliance with evolving regulations. Many industries contend with the first two challenges, but this last one — transforming while complying — fits well with EY’s strengths: industry expertise, emerging tech capabilities, and a deep understanding of the regulators in the U.S. and globally. In applying those strengths, EY’s financial crime practice relies on three pillars — technology disruption, industry collaboration and process innovation — in other words, meet demand for services and solutions that are backed by regulation credibility, infused with technology innovation and offered with tiered pricing to successfully disrupt FinCrime.

Before getting to the specific ways that EY addresses FinCrime, one key aspect of the financial services market as a whole deserves extra attention: trust. In the consulting and technology spaces, trust has come to mean delivering on promises and securing data. In the banking space, with the additional weight of money and regulators, trust becomes the single most important factor in determining the extent of a provider-client relationship. With a heritage as a trusted auditor, a reputation for delivering consulting services, and a position between clients and regulators, EY has built up enough trust capital to take on industrywide challenges.