eComms Surveillance & Compliance for Financial Services
In this current regulatory environment, it’s going to cost you if you’re using it in a manner that’s non-compliant. How popular is WhatsApp? More than 100 billion text messages are sent daily. Daily! Let that sit there for a moment.
All is well and good if you’re using this wildly popular communication channel to chat with your friends regarding which café you should meet at and when. It’s a different story if you’re using the app to talk about business. And it’s a whole other matter if you’re transacting financial arrangements on the app when it hasn’t been approved as an official e-comms channel for your firm.
The latter spells T-R-O-U-B-L-E indeed. Just ask some of the leading US banks who were each fined $200 million USD for violating communications compliance regulations. Specifically, for their improper usage of WhatsApp.
In recent months, regulatory authorities have stepped up their efforts in pursuit of non-compliance, particularly around record-keeping (or the lack thereof). The Commodity Futures Trading Commission (CFTC), together with the SEC, have pinned nearly $2 billion in fines on three financial institutions (charged $10-50 million each) and eight banks (charged $125 million each payable to the SEC plus $700 million collectively to the CFTC). Each of the financial firms committed a similar compliance offense: they sent text and chat messages between Jan 2018 and Sept 2021 from their personal phones which were not monitored, and their messages were neither collected nor retained as required.
Nobody that we know has a crystal ball, but, if you care to place a wager on it, we’re pretty confident that the SEC hasn’t finished its penalty spree. Going after banks and charging egregious fines may sound palatable to some – but the rumor on Wall Street is that they’re coming after the asset and hedge fund managers themselves in Phase II. Sure, you could argue that they’re giving it all back to whistleblowers where 207 of them have collectively pocketed more than $1 billion in rewards, but that’s not the point of this article.
If your staff uses WhatsApp, here is how you can put your team on the right path to compliance. You’re probably thinking, “None of our staff use WhatsApp. It’s not an approved e-comms channel at our firm.” In a phrase? Wishful thinking. So, let’s break down why you’re at risk and what you can do about it.
Here’s an example. I’m working on some new bits to train our machine-learning algorithms on to make our compliance detection system at shield even stronger. Our surveillance supervisor is Scotty (yes, like the Star Trek guy who wasn’t Scottish, either). I grab my phone, open WhatsApp and text Scotty, “The Japanese deal looks close. Can you take a look at it?”
At this point, you should see red flashing lights and hear loud alarms, like the kind in the movies that signal impending doom in an imploding nuclear reactor. That text is a violation of compliance.
In my head, I’m thinking, “I’m not colluding with Scotty. We’re not up to anything like insider trading. He’s not giving me buy-and-sell tips. We’re just doing our jobs.” Fair enough, talking about new lexicons hardly sounds nefarious. But things are black and white in the eye of the SEC. That text exchange violates SEC Rule 17.3, CFTC Rule 1.31, and FCA SYSC 9.1.2. In human speak versus legal beagle speaks, it means that we’re required to record all transactions and communications related to business activities, need to retain those records for three or more years and need to make those records readily available to anyone who requests them.
Alright, now you’re thinking about all the WhatsApp text chats that your brokers are having with their clients because you know that they are. Most likely, they’re occurring on personal mobile phones which few firms have any control over. Nobody can really stop anyone else from using WhatsApp. Even the executives at a tier 1 bank (who were fired by the way), used WhatsApp routinely even though they were the ones tasked with enforcing compliance with the policy. Since we know that the text chats are happening, it’s a matter of what you’re doing to uphold compliance.
You need an archiving solution (which we have at Shield) to capture and retain all e-comms. Before we entered the digital cloud era, only a handful of companies could afford robust archiving solutions. Now, everyone can have one.
Next, let’s consider channels. Your staff and clients aren’t going to limit their correspondence to WhatsApp. There’s chat on zoom, Instagram DMs, Messenger, Microsoft Teams, WeChat, Skype, Slack, and the list goes on and on. You’ll need to monitor and capture all those unstructured data – plus do something meaningful with it so that compliance officers (and SEC auditors) can access it and read it. Shield can do this, too, along with monitoring all those conversations you don’t know about using our AI surveillance solution.
As a RegTech vendor, we’ve talked to numerous prospective and existing customers. Many initially push back citing how their legacy systems won’t readily integrate with a new solution for monitoring, archiving, and analyzing. The expected wait until alerts can be generated starts at six months and in reality, can take years. Here comes some good news – we’ve designed our platform to reduce time to value. With scalable capture, archive, and surveillance solutions, firms can hit compliance milestones in a fraction of the time, adding much-needed capabilities while increasing efficiency where it’s needed most. . So whether you’re existing infrastructure is built on-premises, in public or private clouds, or in a hybrid environment, w we can help you achieve compliance goals fast and IT efficiency at scale.
One by one, we’ll point out our advanced AI algorithms designed specifically to identify over a hundred scenarios of financial misconduct to each of the e-comms channels that your staff is using. The training data we’ve used is so sophisticated, that it can even interpret emojis to speak. That’s correct – most solutions stumble when it comes to a graphic or emoji which tends to obfuscate the intended meaning and/or detection of illicit behaviors. We’ve designed our solution to hunting for it.
Each case study that we identify becomes an opportunity to update our algorithms so that they can look for similar patterns at our other clients. No solution is 100% – that’s why we work closely with compliance teams who can interpret the nuance and assess the full potential risk once we present them with a filtered list of “the most suspicious” messages. Together, we make a great team in the war on non-compliance.