Fortune 500 global manufacturer establishes transparency and accountability with Microsoft Azure: PwC

Situation

Finding a needle in a haystack — all day, every day

Our client is a Fortune Global 500 multinational engineering company that has over 140,000 employees operating in 100 countries, including the US. They also have a vast global supply chain of hundreds of thousands of third party vendors generating millions of transactions per year.

From a governance and compliance perspective, this level of complexity is a real challenge. First, a lot can go wrong. Second, their proactive fraud detection processes were largely manual.

Global fraud, bribery and corruption is a $4 trillion per year problem and the US DoJ was determined to do something about it with the Foreign Corrupt Practices Act (FCPA).^* New DoJ guidance on the FCPA posed an immediate challenge for our client’s Chief Compliance Officer. The FCPA highly encourages companies to use the latest technology and data analytics to screen their own actions and those of their third party vendors for fraud and corruption. And, if something goes wrong, the company may get fined along with their vendor. For the Chief Compliance Officer, the company’s vast global supply chain created thousands of points of risk exposure and considerable financial and reputational risk.

_{^{*Source: https://www.cia.gov/library/publications/the-world-factbook/geos/xx.html (retrieved March 22, 2018), via Association of Certified Fraud Examiners, “2018 Report to the National Global Study Occupational Fraud and Abuse”}}

Microsoft, a PwC Alliance Partner, wrestled with a similar FCPA compliance risk with their global sales channel (200K+ resellers and distributors). They collaborated with PwC to use data analytics and automation to build an early warning and monitoring solution to help identify risky sales contracts and third parties on a continuous basis. This involved millions of transactions and hundreds of thousands of third parties.

The result of this collaboration was PwC's Proactive Risk Analytics solution (PRA), built on Microsoft’s Azure cloud platform, which can automatically identify, predict and monitor corruption risk in Microsoft’s third party network in real time. PwC recognized that many of its clients needed a wide array of analytic capabilities to solve their complex problems, so PRA along with other innovative solutions were brought together to help build our Risk Detect product.

Our client was aware of our previous work with Microsoft and reached out to her Microsoft contact for some guidance. Microsoft then facilitated a meeting with PwC’s Anti-corruption and Anti-bribery team.

Solution

Understanding the environment

Working with the client, the team began by laying out their IT environment, various risk scenarios and overall roles and responsibilities. Because frontline employees and managers are key to understanding contracting, vendor management, project management and accounts payable, their input was critical. The team also needed to understand the established internal audit procedures and uncover any special considerations or issues with respect to controls and compliance.

Modeling the risk profile and integrating the data

Against this backdrop, we put together a list of key indicators for potentially high risk categories and scenarios when dealing with third parties payments or projects. These indicators were identified by stakeholders across multiple functions who understood specific opportunities for exploiting the vendor system in the pilot market. For instance, they surfaced specific geographic risks based upon the country or transactions with a vendor prior to qualification.

To test drive the platform, the team integrated data from one of the higher risk business units into a unique instance of Risk Detect. The idea was to get a broad geographic range of potential risk indicators. By hosting it on PwC’s Azure instance, both the data and processing were isolated to address any data privacy concerns.

Throwing the switch

When the team flipped the switch on Risk Detect, the dashboard lit up. The ability to continuously monitor and use sophisticated analytics was an asset for the client. The platform ingested disparate data sets and identified risk indicators that were previously unknown. Why is this significant? Because with the existing largely manual processes, these risk indicators may have gone undetected for some time. The client’s compliance team was able to help identify and remediate the problems before they became a major issue.

Results

Reimagining the compliance function: continuous global compliance monitoring through innovation

Witnessing Risk Detect in action, our client immediately saw ways to anticipate and prevent risk exposure and reduce corruption and fraud. They gained important insights into their current compliance operations which will help them improve their program moving forward. For example:

Analytics could reduce compliance incidents and subsequent regulatory actions and fines.
An automated solution, aligned with new DoJ guidance, could greatly reduce the money they were spending on manual, reactive investigations.
And through interdepartmental collaboration, they began to understand how risk extends to everyone who uses third parties – every department in the company.

The company now understands how data analytics, automation and continuous monitoring can advance their compliance program by anticipating and prioritizing risks. They have seen the benefit of being able to look at their data through a magnifying glass, tailoring and automating red flags as their insights evolve and how Risk Detect can help provide the first line of defense against FCPA targeted activities. But innovation in compliance goes beyond flagging risky contracts and third parties. It establishes a culture of integrity, excellence, transparency, and accountability across the entire organization. As Microsoft also found out, proactive risk analytics can become a powerful source of competitive advantage.