Iftach Drori
Head of Marketing
A few months ago, back in May 2021, (E-Comms Surveillance) surveillance professionals from around the globe came together to discuss the future of communications surveillance. Shield was there. We garnered numerous insights on how surveillance had changed, was changing – and needed to change. Since there was agreement around the big challenges facing the industries and professionals represented at the summit, there were also key differences in how firms were approaching these challenges. At the heart of everything was the theme of monitoring in a manner that was thorough enough to detect the vast majority of compliance failures yet do without breaking any privacy laws.
Last week, we dove into the most prominent challenges like integration and multi-channel surveillance in Part A of our two-part blog series. Here, in Part B, we are zeroing in on what’s different. Integration as a theme straddled both articles; it’s clearly a business imperative but how firms approach it is wildly different. Financial firms disagree on the definition of “real-time” and on the topic of who to monitor. They also highlighted enormous variability regarding their success with the application of machine learning.
Company size, budget, and level of sophistication all influence integration. Some compliance teams are focused on improving their analytics so that they get fewer but higher quality alerts. In contrast, other teams are integrating financial crime, HR, social media feeds, and all sorts of other data types to create richer contextual maps that better inform alerts. On the backend, these workflows can become really tricky sorting out who originated the trade.
All those in attendance were collectively unconvinced that integrated surveillance was going to offer any superior benefits when it came to detecting misconduct that existing solutions missed or yielding detection results any faster. About half (44%) said they’re doing it and taking these types of measures because they think that the regulator expects it.
Apparently, many banks are seeking real-time dynamic risk assessment solutions. But this is neither practical nor feasible. Changing the scoping map to be current with evidence coverage is an onerous task. In fact, it’s a task that none of the panelists or attendees were willing to embrace more than once per year. It’s quite an onerous process to update the map with any new gaps identified in the types of conduct and market conduct risks that are placed under surveillance with each update to a regulatory guideline. For many, remaining current means employing a strong governance strategy that regularly and frequently updates policies.
One of the great needs around real-time surveillance is the ability to cross-monitor multiple e-Comms platforms in parallel. Doing so, and then using ML to identify any patterns in the activity, is one way to keep up with the bad actors who employ a multi-channel strategy as a means of thwarting detection of their market abuse. The technology here hasn’t quite caught up to this strategy yet, but it’s almost there and the attendees recognized the value of having a solution to do so given the ubiquitous utilization of third-party chat apps in transacting trades.
Risk-based approaches seem like an ideal practice in theory, but, when it comes to their practical application, it’s a different story. Such methods can clash directly with existing regulatory practices. Those who seek to expand the population surveilled to create a more accurate risk picture face different challenges. Specifically, surveilling people like non-sales employees that have never been monitored or scrutinized for their behaviors in their past will likely feel psychologically unsafe.
A natural progression on that path is to rank job roles or individual employees based on their respective risk profiles. From there, focusing surveillance activity and/or limiting it to those deemed highest risk creates numerous issues. Employment law, privacy issues, and heightened inquiries with the potential for additional audits by regulatory authorities all put the firm at greater risk – essentially the opposite of what was originally intended. The majority (about 2/3) of attendees felt that these practices, including expanding population under surveillance and narrowing efforts on those deemed highest risk were “reasonable.” The corollary is that any policy violations be publicly and vigorously enforced to uphold compliance.
It’s certainly not a cheap proposition, either. Companies are investing extraordinary sums and large numbers of personnel into machine learning. Doing so is required given the enormous data volumes, time, and effort required to properly train the search algorithms. This is no easy task and expertise is in short supply. Not to mention the literal bandwidth suck imposed by these efforts as analyses this complicated levy a high toll on internet speed and the productivity of everyone else sharing that ethernet pipe.
Employees aren’t the only ones putting heightened demands on their intranets. External third-parties conducting stability tests of foundational processes and systems are also compromising up-and-download speeds. Moreover, the increasing frequency of such tests has caught the eye of the regulatory agencies: expect to see some new rules here at some point in the future.
Here’s where the conversation about machine learning (ML) got really interesting. The success rate of applying the technology to detect market abuse varies widely from one financial firm to the next. Success outcomes shared at the event offered evidence that firms who used third-party ML solutions saw a 90% reduction in false positives compared to those firms who were using in-house proprietary or legacy systems. That translates to a time- and cost-savings of about 25 hours – per analyst – per week! Extraordinary gains in efficiency for some firms versus marginal gains by those firms reluctant to outsource their RegTech.
So, where does it go from here? If we highlight the key takeaways from the e-Comms Surveillance summit held a couple of months ago, a few things are crystal clear.
From here, it will be interesting to see which path financial firms pursue in light of the findings shared at this summit.
Capture everything. Deploy anywhere. Store in one place.