The Original Eprivacy Directive Has Shifted
Unlike GDPR, which focuses on personal data, ePrivacy is much more extensive and includes non-personal data. Although the enactment of the proposed ePrivacy regulations has been slower than expected, legislation enforcing market transparency continues to be a hot topic of debate. For financial institutions, compliance will soon include management of these non-personal data sets such as browser cookies, transaction histories, support queries plus numerous other types of information.
To date, financial institutions have had a relatively easy path with respect to pending requirements on monitoring communications. For the most part, banks and other lenders typically have their own proprietary, secure and encrypted communications platforms through which traders interact with their customers. However, consumer needs are changing.
Today’s consumers are increasingly accustomed to engaging in dialogue with their service providers via WhatsApp, Skype, and Facebook Messenger, none of which meet the pending ePrivacy regulations in their current forms. As such, the original directive of ePrivacy has evolved beyond email and SMS messaging to include these popular communications platforms. Banks of all sizes will now have to pursue “Privacy by Design” which references the deliberate design of enhanced data privacy infrastructure with robust security and protection technology to address these communication challenges.
Recording Client Meetings Is Gaining Traction
Video recordings of crimes, altercations with police, and daily city life are increasingly being captured and made admissible in court to hold the bad actors accountable. Even the FCA believes that recording client interactions is not cost-prohibitive, requires limited technology infrastructure, and can be managed through diplomacy and transparency. Nuanced, the recordings by banks can be justified under scrutiny or if challenged as a means of “help[ing] explain the context in which the advice was given, and [to] provide insight into what the client really wanted and needed.” Essentially broadening the remit of fiscal responsibility.
This is precisely where the new opportunity and next frontier for identifying financial crime risk and market abuse will emerge. It is the intersection of data capture, automation, and surveillance that is sparking both innovation and the whispers around expanding ePrivacy even further to require analysis and interpretation of the data collected. That said, the topic of recording private client conversations with financial advisors is not new.
In fact, taking recording as the next step beyond note-taking was first introduced by the FCA in 2017 and then quickly dismissed on the grounds that doing so may “not always be appropriate.” As client recordings evolve into standard business practices adopted by all financial institutions, a heated debate is likely to accompany such efforts. Here, more definitions will be needed to demarcate which data should be collected and monitored, how the surveillance will be deployed and to what extent context should be inferred, and how those insights should be captured and used.
The Rise of NLP in Financial Compliance
A recent survey of financial risk compliance by WBResearch revealed that just over two-thirds of all institutions have already implemented (or are in the process thereof) at least some basic form of automation and AI for communications capture and surveillance. One of the commonly overlooked communication challenges stems from the growing popularity of remote work and end-user-driven work culture. With this, new challenges such as BYOD (Bring Your Own Device) have necessitated increased scrutiny of activity on the device. However, the lines between personal and work-related activities on devices owned by the employees who use them are blurred.
Automation, largely informed through natural language processing (NLP) and extensive data set training, appears as a promising solution. NLP enables automatic text summarization and classification. As humans, we interpret language based on three fundamental criteria:
1) semantics (word meanings, word sequences)
2) syntax (grammar, word order, word termination
3) pragmatics (context, conversation, social rules).
Rule-based approaches are at the core of NLP systems. Early learning algorithms relied heavily on decision-tree structures that have since been replaced by statistical models that make predictable or probable decisions based on the frequency that event or phrase or datapoint has been historically observed. Machine translation (for example, speech recognition), automatic summarization, and sentiment analysis are now all possible through machine learning and hence, can be applied to future-proof banks’ development of financial crime risk and market abuse tracking and monitoring solutions.
RegTech Is Gaining Ground
These classifications will need to first be standardized so that all banks can consistently and uniformly report and be accountable for the same measures. Arriving at a consensus on these classifications may be a daunting task given differences in terminology and practices worldwide. For now, in-network and app-based mobile recording appear to be the most popular interim solutions.
As the cost of fiscal compliance escalates, and the reach of RegTech grows, smaller financial institutions will find it increasingly challenging to future-proof their monitoring efforts. Moreover, the overlooked communication challenges will require deeper consideration and additional investment to reduce the risk of market abuse and financial crime. Make no mistake, the FCA and other regulatory bodies will seek to make examples out of those who are non-compliant with financial engagement and communication records. It’s only a matter of time until they begin levying substantial fines.