A few months ago, back in May 2021, (E-Comms Surveillance) surveillance professionals from around the globe came together to discuss the future of communications surveillance. Shield was there. We garnered numerous insights on how surveillance had changed, was changing – and needed to change. Since there was agreement around the big challenges facing the industries and professionals represented at the summit, there were also key differences in how firms were approaching these challenges. At the heart of everything was the theme of monitoring in a manner that was thorough enough to detect the vast majority of compliance failures yet do without breaking any privacy laws.
The E-Comms Surveillance Deep Dive
Last week, we dove into the most prominent challenges like integration and multi-channel surveillance in Part A of our two-part blog series. Here, in Part B, we are zeroing in on what’s different. Integration as a theme straddled both articles; it’s clearly a business imperative but how firms approach it is wildly different. Financial firms disagree on the definition of “real-time” and on the topic of who to monitor. They also highlighted enormous variability regarding their success with the application of machine learning.
Integration is Very Much a My Way-Your Way Thing
Company size, budget, and level of sophistication all influence integration. Some compliance teams are focused on improving their analytics so that they get fewer but higher quality alerts. In contrast, other teams are integrating financial crime, HR, social media feeds, and all sorts of other data types to create richer contextual maps that better inform alerts. On the backend, these workflows can become really tricky sorting out who originated the trade.
All those in attendance were collectively unconvinced that integrated surveillance was going to offer any superior benefits when it came to detecting misconduct that existing solutions missed or yielding detection results any faster. About half (44%) said they’re doing it and taking these types of measures because they think that the regulator expects it.
Real-time Doesn’t Always Mean Right Now
Apparently, many banks are seeking real-time dynamic risk assessment solutions. But this is neither practical nor feasible. Changing the scoping map to be current with evidence coverage is an onerous task. In fact, it’s a task that none of the panelists or attendees were willing to embrace more than once per year. It’s quite an onerous process to update the map with any new gaps identified in the types of conduct and market conduct risks that are placed under surveillance with each update to a regulatory guideline. For many, remaining current means employing a strong governance strategy that regularly and frequently updates policies.
One of the great needs around real-time surveillance is the ability to cross-monitor multiple e-Comms platforms in parallel. Doing so, and then using ML to identify any patterns in the activity, is one way to keep up with the bad actors who employ a multi-channel strategy as a means of thwarting detection of their market abuse. The technology here hasn’t quite caught up to this strategy yet, but it’s almost there and the attendees recognized the value of having a solution to do so given the ubiquitous utilization of third-party chat apps in transacting trades.
More Invitations to the Surveillance Party
Risk-based approaches seem like an ideal practice in theory, but, when it comes to their practical application, it’s a different story. Such methods can clash directly with existing regulatory practices. Those who seek to expand the population surveilled to create a more accurate risk picture face different challenges. Specifically, surveilling people like non-sales employees that have never been monitored or scrutinized for their behaviors in their past will likely feel psychologically unsafe.
A natural progression on that path is to rank job roles or individual employees based on their respective risk profiles. From there, focusing surveillance activity and/or limiting it to those deemed highest risk creates numerous issues. Employment law, privacy issues, and heightened inquiries with the potential for additional audits by regulatory authorities all put the firm at greater risk – essentially the opposite of what was originally intended. The majority (about 2/3) of attendees felt that these practices, including expanding population under surveillance and narrowing efforts on those deemed highest risk were “reasonable.” The corollary is that any policy violations be publicly and vigorously enforced to uphold compliance.
Machine Learning is Not a Silver Bullet
It’s certainly not a cheap proposition, either. Companies are investing extraordinary sums and large numbers of personnel into machine learning. Doing so is required given the enormous data volumes, time, and effort required to properly train the search algorithms. This is no easy task and expertise is in short supply. Not to mention the literal bandwidth suck imposed by these efforts as analyses this complicated levy a high toll on internet speed and the productivity of everyone else sharing that ethernet pipe.
Employees aren’t the only ones putting heightened demands on their intranets. External third-parties conducting stability tests of foundational processes and systems are also compromising up-and-download speeds. Moreover, the increasing frequency of such tests has caught the eye of the regulatory agencies: expect to see some new rules here at some point in the future.
Here’s where the conversation about machine learning (ML) got really interesting. The success rate of applying the technology to detect market abuse varies widely from one financial firm to the next. Success outcomes shared at the event offered evidence that firms who used third-party ML solutions saw a 90% reduction in false positives compared to those firms who were using in-house proprietary or legacy systems. That translates to a time- and cost-savings of about 25 hours – per analyst – per week! Extraordinary gains in efficiency for some firms versus marginal gains by those firms reluctant to outsource their RegTech.
So, where does it go from here? If we highlight the key takeaways from the e-Comms Surveillance summit held a couple of months ago, a few things are crystal clear.
- One, the extensive usage of e-Comms apps in the day-to-day activities of brokers remains highly problematic for compliance officers across the financial industry.
- Two, efficiency and optimization remain hotly debated in a chicken-and-egg loop where about half of compliance experts favor investing in technology and efforts that generate even incremental gains in productivity to lower cost. The other half favor integrating a multitude of technologies first to create a comprehensive solution – then dedicate efforts and monies to optimizing it.
- Finally, machine learning is clearly a technology that has moved and will continue to move the needle regarding e-Comms surveillance. However, the critical finding is that those who outsource their ML solutions see 90% greater efficiency.
From here, it will be interesting to see which path financial firms pursue in light of the findings shared at this summit.