Electronic Communications Surveillance raises Regulatory and Technological Challenges

This blog was updated on 09.02.2021

Did you hear the one about the Russian banker who deleted his WhatsApp messages in front of the British police officers apprehending him? That sounds like either the opening line to an inappropriate joke or it’s today’s headline news. Alas, it is the latter. However, meeting regulatory requirements for e-Communications surveillance is no laughing matter. And for many financial firms, the joke will be on them when they fail to demonstrate compliance.

Adding complexity to the equation is the growing breadth and scope of compliance efforts needed which are exacerbated further through the demands imposed by trading in multiple economies. Trending upward: the stringency of regulatory requirements. Trending downward: definition around e-Comms, which channels should be included, how to surveil them, and so on. Standard lexicon-based search software commonly used in financial services is effective up to a certain level of scale and complexity, but the expectations of today’s financial regulators have already eclipsed the capabilities of traditional enterprise software solutions.

Legacy Software Solutions Weren’t Designed for 2021 Work

By definition, “legacy” carries the connotation of being old. Some things age well, like pocket watches, vintage fashion, and antiques. You’ll notice that regulatory compliance software does not make the list of things that stand the test of time. Most of the enterprise compliance solutions currently in operation at the majority of financial firms were designed at least a decade ago. And they were architected to identify blatantly obvious forms of market abuse with phrases like, “What if we get caught?” queued into the algorithm, priming these legacy software solutions to search for acts of market fraud, and even in some cases, to search for intended acts of abuse.

However, throughout history, criminal minds have always been one step ahead of the authorities with enough savvy and sophistication to outwit those who monitor them. The bottom line is that legacy compliance software solutions can’t meet today’s demands. They simply weren’t designed to operate at today’s scale, global remit, or level of cross-platform integration. And they certainly weren’t designed to surveil financial transactions conducted through direct messages and other e-Comms and trades conducted from brokers’ kitchens in an era where the entire world works from home.

Data management has become a critical component of day-to-day operations for regulated firms, but collecting, validating, standardizing, and integrating different types of data is a technologically challenging task. Many regulated financial companies rely on processes that are limited to collecting these pieces of information and dumping them into large drives. However, these software applications isolate different types of digital data – voice, text, and graphic data in their various forms – and store it all separately. In fact, they archive it; doing so makes it challenging to access as data archives were intended for deep storage, not routine access the way that data warehouses have been designed. Other challenges include how each data form is in its own silo making it even more difficult to integrate and analyze en bloc.

What you’re beginning to see in the market is a shift away from legacy systems. Many firms recognize that their existing solutions have proven functional in flagging and recording information required by regulators, but that’s no longer enough. Financial firms need compliance solutions that can operate cross-platform and solutions that identify the intention to commit market abuse. Doing so requires that the regtech software be capable of insinuating contextual nuance which may be abstract in the form of an emoji or a foreign word, and, where the communication may be outside of “standard” channels to include all forms of e-Comms.

New eComms channels emerging daily

The Path of Least Resistance

In the laws of physics, friction is a negative force that naturally repels forward progress. Human beings resist friction in the same way. As a broker, think about the likelihood of you logging in to your secured, encrypted laptop or workstation to respond to a client who’s just DM’ed you on social media on your mobile. Let’s assume that probability is close to zero given the friction of the experience. Now ask yourself what are the odds of you replying directly – and rapidly – on whatever e-Comms channel they contacted you on in the first place? Less friction equals greater probability.

People are constantly looking for better ways to connect with each other, and tech companies are innovating new ways to meet these needs every day. New communications technologies are allowing financial firms to connect both internally and with their clients in increasingly effective ways, which has improved the quality of service. However, the new e-Comms channels emerging every day are raising new challenges for regulatory compliance. Compliant communications monitoring systems must extend beyond phone and email systems to include social media platforms, teleconferencing software, and communications sent via instant messaging.

Modern financial institutions are responsive to their employee’s and clients’ needs. Traders are communicating using new smartphone apps and web platforms in order to improve customer experience. However, the increasing breadth and variety of data collected in the course of regular electronic communications surveillance are raising technical challenges for large financial firms. Compliance is becoming more difficult for firms as they embrace new electronic communications channels, and in today’s challenging regulatory environment this added complexity can have a real impact on a firm’s bottom line.

Driving Forces

Think about this: SMS messages have a 98% open rate which is about 209% higher than email. Last year, nearly 50 million people in the US opted-in to SMS messages from businesses they buy from. Over 65 billion messages and 2 billion minutes of calls are exchanged on WhatsApp – daily! Last year, four banks in the US folded, largely in response to COVID and an inability to continue operations, losing a combined totally of $0.5 billion.

About this time last year, Turkey imposed new regulations that restrict economic reporting. Former President Trump rolled back components of the Frank-Dodd Act leaving consumers and investors more vulnerable. Compliance costs have tripled since the 2008-9 Financial Crisis. Lawmakers were busier than usual in 2020 making significant changes (both introducing new Acts and amendments) governing anti-corruption and anti-money laundering regulations.

And then there’s the COVID effect. The pandemic spurred digital transformation across the financial industry; the laggard sector when it comes to the adoption of technology. Even financial firms recognized the value – read that as “the business continuity imperative” – that necessitated rapid adoption of cloud-based solutions to enable communication among remote workers.

After the financial crisis of 2008, regulators passed a suite of new rules aimed at preventing fraud and other improper financial practices. These regulations cast a wide net, requiring financial services companies to collect and store countless pieces of the customer and transaction-related data. As a result, competing forces are now at work. On one side, there are the growing regulatory requirements for increased transparency, and, in direct opposition, are the requirements of General Data Protection Regulation (GDPR) and other regulations around data privacy.

GDPR is a major piece of EU legislation that came into effect in May 2018; it requires regulated companies to protect the personal data they collect. The Regulation’s extensive consent and privacy protection requirements are making it harder and harder for financial firms to manage electronic communications in an effective and compliant manner.

Consider these phenomena as driving forces. However, as financial firms manage a growing number of electronic communications in various forms, compliance officers are finding it more and more difficult to ensure that all regulated communications are monitored effectively. Further, even if all required electronic communications are captured and stored in compliance with applicable regulations, current software applications standards in the financial services industry make it difficult to connect related pieces of data.

It’s a classic technology problem: disparate data types were never designed to be integrated with each other. Not to mention that the volume of those data has now exceeded the feature function capabilities of nearly all legacy compliance software solutions. Yet continued permission to operate as a financial institution requires that it meet all financial compliance guidelines, protect consumers as well as investors – and that includes surveilling all forms of e-Comms. The regulatory and technological challenges facing today’s regulated financial services firms demand innovative solutions, like those that can interpret nuance, synthesize patterns across disparate systems and intercept potential acts of market abuse before they happen.

And this is where AI-based solutions will prevail.