eComms Surveillance & Compliance for Financial Services
I much prefer attending events in person, and glad to be back out there. I’ve missed social interaction, networking, and community learning. My primary observation, which will be the focus of this article, is that there is keen interest in bolstering existing surveillance efforts at banks.
This event put me in front of several attendees from investment banks, private banks, and inter-dealer brokers. For the most part, small financial institutions were well represented, but there were also a couple of global banks.
Why? Because regulatory scrutiny has reached a level where smaller lending institutions can no longer meet demands. The penalties for non-compliance are too great. Look at the $2 Billion USD in fines recently levied on JP Morgan Chase, Goldman Sachs, and others for their failure to monitor and archive communications on WhatsApp and other mobile communications apps. The size of the bank is the least relevant point; here, it’s all about the ever-expanding reach of the regulatory authorities who are prepared to levy fines for non-compliance regardless of employee number, global brand reputation, or any other factor. Non-compliance *IS* non-compliance, and there are consequences.
As you would expect, much of the offline conversation and panel discussions were focused on fines. More specifically, how to avoid being fined. Attendees were informally surveyed at one point during a panel discussion, “A Deep Dive Into Trade & Communications Surveillance.” We all remember how our lives changed – overnight – at the dawn of COVID when the world shut down in mid-March 2020. Compliance officers were sent into overdrive as the financial institutions of the world dove head-first into remote work desperately seeking to solve the challenges of legally conducting trades from employees’ kitchen tables and beds.
Panelists surveyed the audience with this question, “Has hybrid working impacted investment strategy in surveillance?” The majority (45%) answered “Minimally” whereas 36% said “Substantially” and 29% responded with “Medium.” Even if we acknowledge the casual nature of the data collection, the survey is directional and suggests that over half of attendees were more actively investing in surveillance solutions than they were pre-pandemic.
Some conversation centered around what causes fines. The $11 Million CITI fine was caused by a lack of controls. A gap analysis revealed that all internal stakeholders were aware of the issues, most of which had been self-reported to regulators, but nobody took any ownership of managing those issues. So, you need good governance, issue owners, and a system that fosters accountability.
And the SEC’s appetite for enforcement tends to be correlated with who’s in the White House, and that has a ripple effect across the pond in EMEA, so that’s another factor to consider when you’re shopping for surveillance tech. There’s a lot of subjectivity when it comes to “reasonable measures and controls” which is the compliance burden imposed on all banks. Many banks said that they were now questioning if their legacy platforms, policies, and approaches to surveillance were adequate for 2022 expectations.
Another hot potato topic was the burden imposed by false positives. Everyone has them; it’s just a matter of how many you have in a given day or week and if that total overwhelms your surveillance team. When your team gets backlogged, it puts your bank at risk. Every time that you can eliminate a false positive via an automated tech solution, you free up your compliance officer to dig in deeper and to assess a suspicious finding more thoughtfully. That’s how you reduce your risk of non-compliance.
One of the topics that I am personally intrigued by is holistic or 360 degree surveillance. It’s still emerging so it’s far from being the #1 requirement by clients, but some vendors are starting to grapple with it, including us here at Shield (with a new version coming up!). But it’s hard – like extremely challenging, due to the different data sets involved and accuracy required. We’re early in our tech journey and there’s a long way to go but it’s worth striving for. I’ll keep you updated on our progress!
The main takeaway from this event is that there is a lot of interest in bolstering surveillance efforts at banks. This is no surprise, as the penalties for non-compliance are becoming increasingly costly. If you’re looking for ways to bolster your own surveillance capabilities, be sure to book a demo with Shield. We can help you stay ahead of the curve and keep your business compliant. Thanks for reading!