Archiving isn’t enough: trader escapes charges by deleting WhatsApp messages

Now that’s a headline that wouldn’t have been relevant just 5 years ago. However, a recent legal ruling that went in favor of a suspected fraudster gives us cause for pause. This case underscores the importance of having clearly defined policies regarding electronic Communications (eComms). And how archaic and irrelevant the practice of enterprise archiving has become. There is a growing imperative for technology solutions that can adequately surveil eComms to identify, capture and report suspected market abuse. It is becoming more apparent that these days, Data Archiving just isn’t enough, here’s why.

The verdict that exposed the fallacy of archiving

In the last few days of September 2020, the FCA received disappointing news of a verdict that they had been anxiously awaiting for more than 20 months: Konstantin Vishnyak was found not guilty of insider trading. Two years earlier, Vishnyak was apprehended by London Police. He was allegedly involved in committing insider trading offenses based on an investigation by the FCA into some suspicious transactions executed by the former banker. Prior to his arrest, he was employed at Russia’s VTB Bank and was communicating with some people of a dubious character using WhatsApp on his personal iPhone.

As Vishnyak was being arrested, he deleted WhatsApp from his personal phone – in front of the London Police – and then proceeded to turn over both phones in his possession. He defended his decision as “personal” to “avoid embarrassment” versus a deliberate act to destroy evidence of his financial dealings. In court, his attorney argued that Vishnyak deleted the popular eComms app to protect himself and his family.

The rise of electronic communications

A 2016 report cites the ubiquity of eComms in the financial industry, which was echoed by Forbes in 2018. At the time, the data showed that 85% of bankers used social media and eComms apps daily to interact with their clients. The report also cited a staggering 423% increase y/y in the total amount of fines levied for non-compliance in reporting. Since the publication of that report, particularly in response to the onset of the global pandemic of 2020 and the mandated work-from-home model, usage of eComms has increased substantially. Most notably, WhatsApp, direct messaging on Instagram and collaboration tools. Archiving remains popular, but, despite the new guidelines rolled out since that report, most firms remain unable to adhere to those regulations and cannot yet proactively or effectively detect fraud.

The US Financial Industry Regulatory Authority (FINRA) updated its guidelines in 2017 in response to the rise of eComms to transact trades and conduct other financial business within the industry. Globally, despite an estimated 200+ regulatory enhancements, updates and addenda each day, the financial services sector and the agencies governing its activity remain woefully ill-prepared to manage the challenges related to monitoring, detecting, capturing, analyzing and reporting market abuse on e-Comms solutions. Most of them will have a system in place to Archive, retain and meet the basic regulatory requirements but the nuance around the context, such as the subtly of an emoji or mixed language reference, remains difficult to interpret. Current solutions, with the exception of one, focus on isolated keywords or phrases which cannot extract the contextual relevance and hence, fail to detect non-compliance behaviors.

COVID has forced bankers into working from home. Compliance officers, tasked with the unenviable burden of enhancing remote monitoring capabilities to enable financial firms for business continuity, have fought nobly but are losing the war. The UK Financial Conduct Authority (FCA) has made it clear that all financial firms must step up their efforts to monitor bankers and brokers towards the prevention (which requires the identification of an intention to commit market abuse before it happens) as well as the detection of market abuse that has been committed. With work-from-home emerging as the new normal for the foreseeable future, stricter employee monitoring will continue to be a challenge. This challenge will be exacerbated further as the variety of options and usage of eComms continues to grow.

Shining light on the darkness of archives

If 2020 has taught us anything, it is to “expect the unexpected.” Lockdowns and quarantine mandates are helpful with respect to controlling the spread of the virus, but they are exacerbating the challenges faced by compliance officers. Access to unprecedented levels of information and operations outside of a controlled environment has increased the temptation factor of committing financial fraud; a temptation that the old archiving platforms simply can’t deal with.

The term, “archives,” is essentially a euphemism used to describe the cold, dark, lifeless place where “information goes to die.” It conjures up the visual of dimly lit, dank, musty library stacks several levels below ground where only the brave dare to traverse. Archiving critical eComms and related transaction data is standard practice and a regulatory requirement upheld by all financial firms. However, in my completely unbiased ???? opinion, archiving isn’t surveillance.

There are a series of questions worth asking rhetorically of your archived data. How easy is it to access? Is the data enriched and correlated to any extent? How hard is it to find something specific within the data? How efficient is the process to do so? How many false positives are you getting from these searches? What is the cost to export data out of your archive? If your responses are tilting towards “difficult and expensive,” perhaps this is a good time to rethink your data archiving strategy.

Artificial intelligence (AI) technology that can interpret eComms in real-time, before those messages are vanquished to the archives represents the future of the field. These emerging AI solutions can also readily scan archived content to identify contextually relevant examples of non-compliance. Consider these new solutions as the superheroes “saving” or “unleashing” the information from its dead-end fate, helping you find what you need faster, and with a smarter approach enabled through automation. It’s all about being proactive and shining the light on these eComms to elucidate anything nefarious as it’s happening. And, in some cases, AI-based interpretation of the contextual nuance is so sophisticated that the technology can spotlight the potential for market abuse even before it happens.

Where do we go from here?

One could successfully argue that FCA, FINRA and other financial regulatory agencies are likely to double-down on their efforts to pursue charges against all persons and organizations suspected of and proven to be guilty of tampering with or deleting critical evidence, including e-Comms, that is material to a financial investigation. What’s up for debate is how quickly financial firms will embrace a solution that captures, enriches and surveils encrypted messages like those traded on WhatsApp, even if they’ve been archived. In the ever-changing world of compliance where operational efficiency, automation and user experience are driving innovation and transformation, making more out of existing data is an emerging need that compliance organizations should take note of. If your eComms and other transaction data go to the archives “to die,” perhaps it’s time to rethink your surveillance strategy with respect to ease of access, comprehensiveness, contextual relevance and accuracy around detection.