Communications data has an important role to play in the detection and prosecution of financial crime. In particular, communications data can help both firms and regulators spot market abuse, such as insider trading, market manipulation, and unlawful disclosure of inside information.
Free and fair capital markets are a benefit to everyone who operates within them, and they enable economies to flourish. High levels of market abuse can undermine the strength of those capital markets, because participants cannot trust that transactions are being conducted fairly and transparently. Today regulators are publishing statistics on the levels of market abuse in their capital markets. For example, the UK Financial Conduct Authority has the Potentially Anomalous Trading Ratio, and a Market Cleanliness Statistic.
In the EU, rules such as the Market Abuse Regulation (MAR) and the second Markets in Financial Instruments Directive (MiFID II) mandate that firms need to capture, monitor and archive communications data as part of their trade and communications surveillance requirements. In the UK, since Brexit, the translated form of both sets of EU rules continue to apply.
What have regulators said recently about communications capture and monitoring?
In March 2020, financial centres were forced into lockdown as part of national efforts to combat Covid-19. As a result, employees – such as traders – had to work from home. Regulators showed some forbearance for those firms without the systems and tools to capture communications of traders, and other employees, working from home. Now they have tightened the rules.
The UK Financial Conduct Authority’s (FCA’s) Market Watch 66, published mid-January 2021, tells firms that the financial services regulator’s expectations around capturing, monitoring and archiving communications data now applies equally to employees who are working from home or other remote locations. The FCA also reiterates its concerns about employees’ use of emerging communications platforms, such as WhatsApp, to communicate with each other and with clients. Data on these platforms needs to be captured, monitored, and archived if used.
"The FCA reiterates its concerns about employees’ use of emerging communications platforms, such as WhatsApp, to communicate with each other and with clients. Data on these platforms needs to be captured, monitored, and archived if used."
As a result of legacy surveillance tools, many firms are struggling to meet these obligations as the pandemic continues. Yet, firms suffer significant reputational and financial damage when they are censured and fined for compliance or market abuse violations. Regulators are better able to detect these forms of financial crime thanks to MiFID II transaction reporting data, and new analytics they have developed. In many cases, regulators are now detecting market abuse that firms themselves are failing to spot.
Whose communications need to be captured and monitored?
Communications data needs to be captured across a wide variety of job roles within financial services firms. For example, firms need to capture data that relates to transactions completed when dealing on a firm’s own account, or when providing services to clients that relate to the reception, transmission, and execution of client orders. A wide variety of job roles within financial services firms need to have their communications monitored, for example:
Essentially any employee or contractor who works for an investment firm that executes orders or carries out transactions for the firm or their clients.
How has Covid-19 impacted communications monitoring?
Since the Covid-19 pandemic and subsequent lockdown in the first quarter of 2020, firms have struggled across a variety of fronts to capture, monitor, and archive all the required communications data. Many firms just did not have the capability to monitor the traditional types of electronic communication from an off-premises location. Their communications capture and monitoring infrastructure assumed that traders would either be at their office-based trading desks or at a disaster recovery location if a business continuity event emerged.
Compliance teams have also been faced with a multiplication of electronic communications channels since the pandemic first hit, as employees seek to find ways to work effectively from home, or to engage with clients. These emerging channels include social media platforms such as Microsoft Teams, WhatsApp, WeChat, Zoom, and Slack.
The pandemic created other issues too. Once communications are captured, they need to be monitored to detect potential market abuse. During the pandemic lockdowns, many firms saw a substantially increased level of alerts, as a result of the rise in the use of electronic communications. The constraints imposed by the pandemic made compliance much more challenging, particularly where systems and tools were based of employees being in the office.
"40%of firms have increased compliance budgets during Covid-19"
How can firms capture and monitor communications data?
Technology can be used to capture the communications channels that are permitted by an organisation. That said, normalising, mapping and analysing communications data can still be challenging because it is unstructured. For example, voice data needs to be transcribed and sometimes translated before it can be alerted on or analysed using a lexicon.
Further, as new channels emerge – these either need to be integrated into firms’ communications monitoring technologies, or firms need to build policies that prohibit their use. It is important that firms have robust policies in place that restrict the use of communications channels that are not monitored by the company’s technology systems.
In short, communications technologies should capture the ‘known knowns’ i.e., the channels that are permitted by the firm that they know employees are using. Policies are thereafter vital for the ‘known unknowns’. For example, when a company isn’t capturing WhatsApp, the policy needs to outline that employee communication on this channel is not permitted.
How must the communications data be stored?
Different regulatory regimes and rules have their own individual requirements. For example, the EU rules require data retention for up to seven years, and for the data to be retrievable within 72 hours. The data also needs to be in a “write once, read many” form, so that it cannot be altered, yet accessed easily.
It is also important for certain types of electronic communications data – such as audio recording from telephone calls or social media platforms – to be high quality, and there should be quality control in place. Audio recordings need to be robust so that they can be accurately transcribed and monitored. Background noise needs to be reduced, and firms need to be able to translate calls conducted in a range of languages.
How can firms ensure they are meeting communications capture requirementstoday and into the future?
Capturing communications data remains challenging for many firms, but it is possible to do so. Compliance teams need to think strategically about how to capture the channels being used by the business at the moment, as well as emerging channels that might be required in the future.
For example, not long ago, WhatsApp was considered an emerging communications channel that most firms decided to ban. However, even before the Covid-19 pandemic, clients were increasingly demanding this channel as a way of communicating with their financial services provider or trader. Where firms have banned the use of WhatsApp, many traders have been found to be using it anyway, for example on their own personal phones. Whilst the illicit use will likely result in a dismissal of the employee, the implications on the firm of not capturing certain communications can be graver.
To keep the firm and its reputation safe, it makes sense for firms to adopt communications monitoring for new platforms as they emerge. Alternatively, if a firm does not have the ability to monitor a communications channel such as WhatsApp, and it does not intend to roll out that capability, it needs to have in place clear policies, and educate teams impacted by communications monitoring requirements as to the restrictions.
Comprehensive Communications Oversight and Risk Detection for Financial Services, ensuring unwanted behaviours get identified and stopped quickly.
SteelEye is a trusted compliance platform for MiFID II, EMIR, Dodd-Frank, MAR, SMCR & more. Established to reduce the complexity and cost of financial compliance, SteelEye enables firms globally to manage their regulatory obligations through a single platform.
SteelEye’s ability to bring together, cleanse, index and analyse structured and unstructured data across all asset classes and communication types enables clients to effortlessly meet their regulatory needs, because when all this data is in one place, compliance becomes both easy and cost-effective. And with everything under one lens, firms also gain fresh insight into their business, helping them improve their efficiency and profitability.
To date, SteelEye has launched solutions for record keeping, trade reconstruction, transaction reporting, trade and communications surveillance, best execution reporting, transaction cost analysis and advanced analytics for regulations including MiFID II, EMIR, Dodd-Frank, SMCR and MAR.