SITUATION
A Fortune Global 500 multinational engineering company with over 140,000 employees operating in 100 countries, including the US was struggling with a largely manual proactive fraud detection process. They also have a vast global supply chain of hundreds of thousands of third party vendors generating millions of transactions per year.
From a governance and compliance perspective, this level of complexity is a real challenge.
Global fraud, bribery and corruption is a $4 trillion per year problem and the US DoJ was determined to do something about it with the Foreign Corrupt Practices Act (FCPA).* New DoJ guidance on the FCPA posed an immediate challenge for the client’s Chief Compliance Officer. The FCPA highly encourages companies to use the latest technology and data analytics to screen their own actions and those of third party vendors for fraud and corruption. And, if something goes wrong, the company may get fined along with their vendor. For the Chief Compliance Officer, the company’s vast global supply chain created thousands of points of risk exposure and considerable financial and reputational risk.
Microsoft, a PwC Alliance Partner, wrestled with a similar FCPA compliance risk with their global sales channel (200K+ resellers and distributors). Microsoft collaborated with PwC to use data analytics and automation to build an early warning and monitoring solution to help identify risky sales contracts and third parties on a continuous basis. This involved millions of transactions and hundreds of thousands of third parties.
The result of this collaboration was PwC's Proactive Risk Analytics solution (PRA), built on Microsoft’s Azure cloud platform, which can automatically identify, predict and monitor corruption risk in Microsoft’s third party network in real time. PwC recognized that many of its clients needed a wide array of analytic capabilities to solve their complex problems, so PRA along with other innovative solutions were brought together to help build our Risk Detect product.
Our client was aware of our previous work with Microsoft and reached out to her Microsoft contact for some guidance. Microsoft then facilitated a meeting with PwC’s Anti-corruption and Anti-bribery team.
*Source: https://www.cia.gov/library/publications/the-world-factbook/geos/xx.html (retrieved March 22, 2018), via Association of Certified Fraud Examiners, “2018 Report to the National Global Study Occupational Fraud and Abuse”
SOLUTION
Working with the client, the team began by laying out their IT environment, various risk scenarios and overall roles and responsibilities. Because frontline employees and managers are key to understanding contracting, vendor management, project management and accounts payable, their input was critical. The team also needed to understand the established internal audit procedures and uncover any special considerations or issues with respect to controls and compliance.
Against this backdrop, PwC put together a list of key indicators for potentially high risk categories and scenarios when dealing with third parties payments or projects. These indicators were identified by stakeholders across multiple functions who understood specific opportunities for exploiting the vendor system in the pilot market. For instance, they surfaced specific geographic risks based upon the country or transactions with a vendor prior to qualification.
To test drive the platform, the team integrated data from one of the higher risk business units into a unique instance of Risk Detect. The idea was to get a broad geographic range of potential risk indicators. By hosting it on PwC’s Azure instance, both the data and processing were isolated to address any data privacy concerns.
When the team flipped the switch on Risk Detect, the dashboard lit up. The ability to continuously monitor and use sophisticated analytics was an asset for the client. The platform ingested disparate data sets and identified risk indicators that were previously unknown. Why is this significant? Because with the existing largely manual processes, these risk indicators may have gone undetected for some time. The client’s compliance team was able to help identify and remediate the problems before they became a major issue.
RESULTS
With Risk Detect in place, the client gained real-time visibility into third-party risk across its global network — transforming compliance from a manual, reactive process into a proactive, technology-driven advantage. Sophisticated analytics now help the team identify and prioritize risk signals that were previously undetectable, reducing the likelihood of regulatory action and financial penalties.
The new platform also reduced reliance on costly investigations and enabled broader collaboration across departments, elevating awareness of shared compliance responsibilities. Most importantly, the shift to continuous monitoring is building a culture of transparency, accountability and integrity — establishing the compliance function as a strategic asset, not just a safeguard.
Get more on this topic
PwC and Microsoft help leading organizations use data, automation and analytics to strengthen compliance, reduce exposure and build lasting advantage.
Expertise. Technology. Results. Powered by collaboration. Explore our case studies to see what’s possible.