If we look back 20 years, most trading communications took place on corporate channels from corporate trading floors or offices. However, due to technological limitations, a lot of these communications were not captured and therefore unmonitored.
Today, people trade in a much wider range of products, instruments, and asset classes, across a growing number of venues and trading platforms. The communications that underpin this trading activity can now also take place from almost anywhere in the world using a range of eComms and vComms channels. Capturing these communications and understanding the context in which they took place is therefore much more difficult than it used to be.
This has made eComms and vComms surveillance increasingly challenging, costly, and complex – impacting firms’ ability to meet regulatory demand. While each regulated financial firm has different priorities, budgets, approaches, and needs, there is a range of overarching challenges most are grappling with. In this blog, we discuss some of the more common eComms Surveillance challenges and suggest ways in which they can be addressed.
Topics covered include:
Many firms still solely rely on lexicon searches to identify risk within eComms and vComms. However, this does not provide sufficient defence against misconduct or market abuse. Since most lexicons are hard to adjust and insensitive, firms often end up either:
restricting their lexicon searches to a narrow set of search terms; or
generating unmanageable volumes of false positives because of broader searches.
Both leave firms vulnerable to missing key signs of risk.
How and where we communicate has changed significantly over the past decade. WhatsApp emerged a little over ten years ago and has since become a popular tool for both personal and professional use. More recently, instant messaging platforms such as Telegram and Signal have also emerged. As these eComms channels become more and more demanded professionally, it is essential that firms can easily capture and monitor them. However, due to legacy technology and a lack of agility, many firms struggle to ingest new data sources.
If they can’t, the alternative is banning the use of specific channels through corporate policies. However, when a platform is banned, which we have seen time and time again with WhatsApp, firms need to be able to identify intent among employees to communicate on unmonitored channels. Otherwise, there is a large risk that they will be used anyway.
In this data-driven and digital world, utilising the Cloud can be advantageous for compliance data because of the flexibility it affords. It is increasingly cost-effective to leverage cloud storage, particularly when a firm has an overarching data strategy across multiple regulatory regimes. It also makes it much easier to ingest new data sources and report on compliance data – as is required under surveillance requirements. Yet despite the clear advantages of the Cloud and the secure environment in which it can be controlled, many firms are still hesitant about migrating away from on-premise data storage. As a result, many are stuck with expensive, legacy data stores that make it challenging to respond to regulatory change, capture data and improve eComms Surveillance processes.
Given the increasingly complex trading landscape and the speedy evolution of eComms, firms need to become more intelligent in their detection abilities.
It is therefore important that firms move away from relying solely on narrow lexicon-based searches and instead establish a more diversified eComms surveillance strategy that leverages technologies such as AI-driven lexicons and Natural Language Processing (NLP).
AI-driven lexicons have a natural advantage in that they can offer much more linguistic variety and apply context to alerts to assess their relevance – thus reducing false positive results. As a result, firms can set up broader searches (including more words and terms) and expand their view of risk without being overloaded with false positives.
It is worth noting that to successfully implement these technologies, firms need to get their data in order first. No matter how sophisticated a surveillance automation, AI, or ML project is, it will be undermined unless the underlying data a firm is using is accurate. The good news is that many vendors today offer data cleansing and normalisation as part of their surveillance offerings.
Best practices for eComms Surveillance combines policies, guidance, and technology. As the ability to work remotely becomes increasingly accepted across the industry, digital communication will continue to increase. Yet there is no way compliance teams can fully ensure that prohibited channels are not being used.
To enhanced eComms Surveillance, firms should utilise technology that enables them to:
easily ingest the eComms and vComms channels they want to monitor; and
effectively identify the intent among employees to communicate on prohibited platforms.
A successful programme needs to be scalable and embed the ability for firms to change, grow and ingest new data sources, platforms, and systems over time.
There are clear advantages to using a Cloud compliance solution to monitor for eComms risk and market abuse. However, firms need to take caution when considering Cloud services as they must be implemented with great care. Doing it in-house can be prohibitively expensive and resource-intensive due to the security protocols and operational standards required for Cloud-based compliance platforms. It is therefore advisable to work with a vendor that offers surveillance solutions in the Cloud. However, while all top Cloud providers (such as Azure and AWS) have achieved the highest level of certification (such as ISO 27001, SOC 2, and NIST), it is important to select a vendor that knows how to implement and operate these services securely. There are some key considerations to look out for in the search for the right Cloud compliance partner:
Do they have security tools to detect, investigate and respond to cyber threats in real-time?
Do they do regular penetration testing to evaluate the security of the platform?
Do they carry out regular vulnerability assessment to evaluate the stability of the source code?
Is all data encrypted at flight or at rest?
Do they have centrally managed company workstations to ensure IT security policies are strictly enforced?
Do they offer a dedicated environment in addition to multi-tenant storage?
If your vendor offers these security protocols, you can rest assured that the benefits of the Cloud will far outweigh the comfort you may feel that you get from your on-premise data centres.
Regulators are pushing firms to explore new technologies and improve their eComms surveillance capabilities. While firms need to invest in these tools, they also need to be able to use them. New tools require time and training and before they can be used, not to mention the fact that firms need to make sure their data is right. Remember that applying ML or AI to poor data will only add complexity, not reduce it.
The key is to invest in effective resourcing and analytics but also in the centralisation of complex data sets. This will enable firms to unify case management and facilitate more global collaboration.
Getting the data right is foundational to all compliance requirements and vital for a futureproofed eComms Surveillance programme.
COMMUNICATIONS OVERSIGHT WITH STEELEYE
The complete communications compliance platform for record keeping, analytics, monitoring and surveillance.
STEELEYE LIMITED, A COMPANY REGISTERED IN ENGLAND AND WALES WITH COMPANY NUMBER: 10581067, VAT NUMBER: 260818307 AND REGISTERED ADDRESS AT 55 STRAND, LONDON, WC2N 5LR.