THIS POST WAS UPDATED ON 6.4.2021
One of the things that still amazes me about the field of regtech is how similar the needs are no matter who the client is, where they’re headquartered or who is managing their compliance programs. It’s striking to see how compliance officers around the world face the exact same problems and struggles in their day-to-day. At Shield, we spend a lot of time talking to compliance officers to explore and learn how we can best support them. Let’s break it down by diving into a day in the life of a compliance officer.
A day in the life of a compliance officer
To bring a level of personalization to this story, we’re going to call our compliance officer, Tom. Monday is pretty much just like Tuesday, and Wednesday, and Thursday. Friday is a little different in that Tom and a few of his co-workers typically grab a takeaway (takeout) from their favorite deli next door to the firm and have lunch together. But, for the last year, in the COVID era of remote work, they haven’t kept up with the tradition, so all the days of the week tend to blur together.
Each day begins the same way for Tom. He wakes up, pours a coffee, and settles down in front of his terminal. His inbox contains a few dozen emails with various requests to investigate some suspicious trades, provide status updates on some of the cases he’s working, and confirm his attendance at a couple of meetings later that day and that week. These days, it’s mostly zoom meetings, but participation is mandatory so clicking “yes” to accept the invitations is a pretty mindless task. Tom answers a few pings on their internal messaging system but that’s been relatively quiet with most people working from home. He goes through his morning routine, savors the last sip of his coffee, and then it’s time for his real work to begin.
Tom logs into their proprietary trade surveillance system. He’s worked at the firm for 11 years and he can’t ever recall a major software update. Sure, the regulations change on the back-end, but the front-end user interface has remained essentially unchanged for as long as he can remember. It wasn’t user-friendly when they first rolled it out and trained him on it, and it certainly hadn’t gotten any easier to use over the years. He was just used to it and could almost operate it blindfolded.
The game that he plans to break up the monotony is to try to guess how many alerts will greet him when he logs in. That’s pretty much the only thing that changes day-to-day is the number of alerts. If there are more than 100 alerts, Tom braces for an intense day. At 75-100 alerts, which is pretty typical given his firm’s volume of trades, he’ll be in for a busy day, but it helps make the time pass. On those rare 50-75 alert days, he takes a late morning break at the café next door and treats himself to an espresso with a lemon twist. In this COVID era, Tom misses that espresso more than anything: coffee at home just isn’t the same.
Today, he’s greeted with 102 alerts; it’s going to be a busy day after all and he had guessed hoped that the day’s alert tally would be 78. Alas, wishful thinking. He makes his way through the alerts as he makes his way through his lunch. Even working from home, there’s not really sufficient time to take a proper break and lounge through lunch.
Once he’s worked his way through each of the alerts, clearing or flagging them for further analysis as he reviews them, it’s time to open investigations into the two traders that he received notifications about earlier in the morning. It’s already late in the day so Tom can’t put off the task any longer. He bristles and gets to it. And that’s when he starts wishing that he had chosen a different career path.
A day in the life of a compliance officer is an exercise in patience, monotony – and frustration. Although the task of reviewing, assessing, and scoring each alert for its inherent level of risk is mundane, alert saturation takes its toll on a person. On the surface, his task seems simple, but it carries great responsibility. Email is mindless – alert review is anything but.
Tom reopens the file that he saw hours ago, barely remembering who it was or what trading activity was suspicious. Okay, he knows who it is. Now the “fun” begins. He starts trolling through all the recorded calls conducted by Trader A on the office line; there aren’t that many because traders are only coming into the office one day per week and each cohort of traders is coming in on a different day to maintain social distancing. Trader A doesn’t appear to be using the firm’s internal DM (Direct Message) system so that was a pretty quick lift.
Next, Tom puts in a search query and requests to harvest all the financial transactions tagged to Trader A. There’s a lot of them. More than usual. That in of itself is a flag. But therein lies the challenge: he put a request in to get access to the transactions because he can’t actually see them. Sure, he gets a tally, but he has to secure approval from each of the IT administrators who manage the different systems. Some of the IT admins are friendly with Tom so he knows that he’ll likely get those reports by the time that he logs in tomorrow morning, but there are a few admins that he never managed to get along with so it could take a couple of days until he sees those reports. The issue is that all the vital trade information is stored in different systems. And some of it is archived which adds a whole other dimension of pain to the investigation.
One possible solution
Sounds easy right?
Well, here’s the catch, all these data sources are stored in separate systems, with a different IT admin in charge who of course won’t give him access to this vital information so easily, needs approval and so on and so on. Not to mention the 100’s of alerts Tom needs to review in the hopes of finding a smidge of a scenario that can be turned into a real investigation.
This is the day-to-day of thousands of compliance officers, analysts, operation consultants or anyone who needs to perform investigations at the firm, and this is real.
So what do you do about it?
For years, the approach financial firms have taken to compliance, regulations and their requirements have been tactical, “cross that bridge when you get there” mindset. Buying systems and licenses with every requirement that arose – for example if the regulation said to record calls, they bought a system just for that and the list goes on as the communication channels grew.
This created an IT disruption called data silos.
From a compliance standpoint, at Shield, we placed all that data into our compliance platform using AI-powered correlation engines. And now a Compliance Officer like Tom will have a visualized workspace to dig through relevant data and inevitably create effective investigations. In order to help Tom reduce his false-positive alert list, we have modules in place to perfect scenarios and make his work more efficient.
Essentially you need to close the gap and the disruption I have just described both from a compliance perspective as well as a technological one.
With our platform, firms are not only meeting regulatory requirements but also reducing compliance costs and risks and most importantly empowering the business with the latest and greatest technology in the world of regulations.