January 17, 2022
Business leaders in heavily regulated industries — especially those at companies with large, indirect sales networks or third party intermediaries — may not like to think about what could happen in the wake of charges leveled under any regulatory settlement. No one wants to pay hefty fines or face prosecution. Even worse is the specter of corporate monitorship, which can often be as financially burdensome as monetary penalties.
Monitorships can potentially eliminate or postpone prosecution, but most companies prefer to avoid them altogether. The US Department of Justice (DOJ) elaborates on this point in a memo, which clarifies that “the scope of any monitorship should be appropriately tailored to address the specific issues and concerns that created the need for the monitor.” The DOJ reiterates two guiding principles it will use when assigning monitorships: First, “the potential benefits that employing a monitor may have for the corporation and the public,” and second, “the cost of a monitor and its impact on the operations of a corporation.” The memo also states that “a monitor should never be imposed for punitive purposes.”
Every monitorship is different, but the company being monitored has to foot the bill. Depending on the scope, duration, frequency of monitoring activity the costs can be alarming — sometimes even reaching tens of millions. These are resources and dollars that would be better used if put toward a stronger compliance program.
As obvious as it sounds, the way to keep your company in the clear is to avoid getting involved in any situation that sends up red flags to regulators. How? By getting in front of corruption and fraud risk before it occurs so you can avoid Foreign and Corrupt Practices (FCPA) or other violations altogether. But, if the regulator has already come knocking, it’s paramount to demonstrate your commitment to remediation and improvement while you’re in ongoing discussions with the agency.
In addition to an increase in monitorships as part of non-prosecution and deferred prosecution agreements, the DOJ has made it clear that it expects companies to take a proactive approach to risk and compliance. The department has issued guidance directing businesses to fortify their compliance programs by doing a better job using the wealth of data from across the enterprise — as well as data from third parties — to monitor transactions for fraud and other risk.
In PwC’s most recent Trust in US Business Survey, almost half of business leaders said they’ve taken steps to achieve an ethical and sustainable supply chain as part of their overall efforts to strengthen stakeholder trust. This is especially important in an era of ongoing globalization. Despite some of the weaknesses in the global supply chain exposed by the COVID-19 pandemic, most businesses expect their dependence on third parties to grow, along with heightened regulatory scrutiny of third parties and an increase in third-party risks. This is why third-party-risk management (TPRM) is such a critical component of any compliance program.
But you can't monitor what you can’t see. Unfortunately, this is a shortcoming for many companies as the complexities of business partnerships and vendor/supplier networks increase. Proactivity, and advanced technology, like artificial intelligence (AI), analytics and smart automation, will be critical to addressing these challenges.
Not only do you need to confirm your own organization is operating above board, but you also have to know what the third parties you engage with are doing. There are many public cases of companies being prosecuted or incurring fines as a direct result of corruption that wasn’t committed within their own walls. Often, these problems could have been avoided if the company had more thoroughly vetted and monitored those third parties before signing on the dotted line.
With a robust, tech-powered integrated risk management program, you can be more confident and comprehensive in your due diligence — on an ongoing basis.
Preventing fraud and corruption should be the goal. But if your organization finds itself under investigation or subject to monitorship, you can still benefit from the same technology that could have most likely prevented what got you in trouble in the first place.
The technology solution you choose should be able to connect data, systems and processes to provide a single source of truth. The same solution that can help you prevent compliance incidents should also be able to provide an audit trail. You can leverage this trail internally for your own due diligence and have it handy as needed for any investigative matters that require you to show the reasonable steps you took to mitigate risk and prevent fraud.
A well-designed AI-powered monitoring system can look in the obvious places for risk, like indirect sales networks, as well as specific scenarios likely to pose greater risk. The most effective solutions can monitor transactions in real time to identify and flag high-risk activity. The key is confirming that the machine learning (ML) powering the analytics uses key risk identifiers that reveal the kinds of risks companies should be aware of before signing a deal with a new business partner or reseller.
Meanwhile, case management capabilities, integrated workflows that use ML, can create efficiencies with automation. These integrated workflows can leverage ML to detect risk indicators and notify the right person(s) who can then conduct further investigations. At the same time, ML is continuously improving because as it “learns” more, the models improve, saving additional human hours.
The ability to prioritize activity for review makes better use of people's time while casting a wide net for identifying potential risks.
For example, if a company is monitoring its channel reseller network to determine whether the resellers getting the largest discounts are acting lawfully, they could potentially get better information by looking not only at the resellers getting the largest discounts, but also specifically at those in regions where corruption is common, or at specific resellers or specific customers. The findings may show that the large discount to a specific reseller is atypical for that region. Or other anomalies may be revealed that can be flagged for further review. Better yet, if this type of risk indicator is built into the vetting system, a company could weigh the risks against the benefits of entering such a deal and proceed knowing that ongoing monitoring is required or decide not to assume the risk at all.
This approach is more proactive — and effective — than trying to clean up after a regulator catches wind of an instance of fraud or corruption and launches a formal investigation.
When a Fortune 500 technology company with an extensive global software reseller network set out to become a leader in corporate ethics, it worked with PwC to help design a solution that leverages data analytics to identify risky transactions for additional compliance oversight throughout the sales deal life cycle. The solution employed intelligent automation, ML, AI and data visualization to expose sales transaction-level corruption risks by identifying trends, patterns, relationships and anomalies.
To complement the analytics, PwC helped the company design a new operating model, including a “high-risk” deals desk that reviews sales transactions flagged by the analytics and manages the identified risks. This dual-pronged approach advanced the company's goal to establish and maintain ethical sales practices while reducing corruption risk.
Compliance incidents went down, as did the risk of fines and reputational damage.
At the same time, deal speed and efficacy increased because deal approvers had data and actionable insights earlier in the transaction life cycle and could make more informed decisions.
You need to develop a forward-looking compliance and risk management strategy and back it up with action. In the past, gathering and analyzing the data needed to gain the necessary insights was an overwhelmingly manual and linear undertaking. But today, it can happen seamlessly, in real time, on a single platform. As a result, you can make better, less risky decisions faster.
PwC has helped numerous clients make good on stated goals around compliance, ethics and putting data to work to improve in both areas. AI-powered risk detection and monitoring can give companies a huge leg up. But confirming it’s implemented within a larger framework that encompasses all aspects of risk management — essentially providing a 360-degree view of your risk profile — is equally important.
Taking care of certain aspects of risk management, like TPRM or transaction-level risk monitoring, may sound difficult and expensive. But if investing in the right solutions or expertise can help your company avoid a costly, time-consuming monitorship — not to mention fines, settlements and reputational damage from having your name in the headlines — isn’t it worth it?
Related resources
Product: Risk Detect - faster analytics and more intelligent testing with the power of AI
Check out other related risk management insights
Explore our products
Stay ready for new risks and remain compliant with products and technologies designed by industry experts — and built for your needs. Our consultants are here to help you keep your business protected and prepared so you can focus on what’s next.
Learn more