The Need for Effective, Holistic Compliance Monitoring and Surveillance

In a perfect world, compliance monitoring would be redundant. Financial regulators would exist solely to define the policies and procedures needed to protect consumers, with compliance departments acting in a purely advisory role to help firms apply these principles according to their own unique requirements and structure.

In this utopia, the process of enforcing these policies would simply be a matter of lending a guiding hand when required. All members of staff, from the most junior clerk to the CEO, would take it upon themselves to adopt and adhere to these principles, working together for the best interests of their clients.

As a result, compliance monitoring systems, surveillance, detection and investigation of misconduct; abuse; crime; or even just the occasional honest slip-up, would barely be required, if at all.

And pigs might fly.

While working towards this ideal culture is undoubtedly commendable, the reality is that the roles played by regulators and compliance, risk, governance, monitoring, surveillance and audit teams are becoming increasingly complex and ever more vital.

Even with the best of intentions, humans make mistakes. People have their own agendas and, with the opportunities and pressures inherent in an industry that focuses specifically on managing the flow of vast sums of wealth, some may be tempted to bend or even break the rules. Or coerce others to do so on their behalf.

Fear and greed can both play a part. Some organisations are ineffectively structured and/or badly managed. Some people just act irresponsibly now and then.

Digitalisation and globalisation present further challenges. The alarming pace of technological change provides many opportunities for both good…and not so good. The explosion in the ways that people can now communicate and do business with each other means that strict regulation and enforcement are now more crucial than ever.

With the risk landscape growing more and more complex and new, increasingly granular regulations being continually introduced in an attempt to keep up, compliance departments must also become more sophisticated in the way they conduct eComms surveillance to monitor and control these risks.

Capital Markets Compliance in the “Golden” Age of Communication

Once upon a time, in the early 1990s, things were simpler. Mobile phones looked like bricks and cost a small fortune. Telephone calls were all made over copper wires, and email and the internet were strictly the territory of academics.

Meanwhile, Mark Zuckerberg had just started primary school, getting his first lessons in Atari BASIC programming from his Dad. The closest thing to “Social Media” back then was reading someone else’s newspaper over their shoulder on a crowded train. And the “Cloud” was still just a fluffy white thing in the sky…

Compliance monitoring systems essentially consisted of nothing more than document storage, bulky, expensive tape drives and endless reels of tape, with no easy way to locate specific calls and certainly no way to perform any kind of meaningful analysis.

There was no such thing as e-communications surveillance monitoring because, well…e-communications didn’t really exist.

The mass adoption of email over the following years, along with the explosive growth of the internet into the mainstream – fuelled by huge investment in infrastructure to provide superfast data connectivity – signalled the beginning of a massive transformation.

The commoditisation of mobile phones and rapid expansion of GSM networks revolutionised the way people communicate, to the point where there are now over a billion more mobile connections on the planet than there are people.

With the development of smartphones and the rollout of 3G, 4G and now 5G mobile data services, mobile phones have become indispensable to businesses. Unified Communications and cloud computing allow organisations and their employees to work flexibly, from almost anywhere in the world, with constant access to their corporate network and the systems and tools required to carry out their roles.

Communication with colleagues, clients, partners and other third parties now takes place in countless ways, over numerous forms of media – voice calls over fixed lines, dealer boards and mobiles; SMS; video calls; social media; and an ever-growing list of instant messaging applications, from WhatsApp to Yahoo chat, Skype, Bloomberg chat and everything in between.

Great for staying connected with each other, but a potential minefield for Risk and Compliance departments…how do you control risk and ensure your organisation is compliant when you don’t have proper visibility of what your staff are doing?

The Expanding Scope of Regulatory Requirements for Compliance Monitoring Systems and Market Abuse Surveillance Tools

With the adoption of new forms of multimedia communication over the years, regulators have had to expand the scope of existing legislation, and introduce new directives, to attempt to mitigate this risk, particularly in the wake of the 2007/8 financial crisis.

The UK Financial Services Authority’s COBS 11.8 directive in 2009, outlining the parameters of a new regime for the recording of voice and electronic communications, included several important exemptions.

Most notably, all conversations and communications (except email) over mobile devices were excluded from the recording requirement. Discretionary Investment Managers were also able to claim exemption for any communications that could reasonably be expected to be recorded on the other end, i.e. by the entities which were carrying out the execution of transactions.

With the increase in mobile usage and the growth in mobile call recording solutions, the mobile phone exemption was eventually removed in November 2011.

The subsequent introduction of MAR and MiFID II across Europe, and Dodd-Frank in the USA, have significantly widened the scope of monitoring, surveillance, recording and reporting requirements and provided a far more detailed breakdown of firms’ obligations and the measures they are expected to have in place in order to be compliant.

Certainly in the UK, and no doubt elsewhere, it has become clear that there is a significant disconnect between what many firms have considered to be “reasonable steps” and the expectations of the regulators.

As a result, the extension of the Senior Managers & Certification Regime (SM&CR) in December 2019, to include all FCA-regulated bodies, has caused some considerable concern among many firms.

Industry polls taken in June-July 2019 suggest that an overwhelming majority of firms (84.3%) conduct little or no Voice and eCommunications surveillance, many (62%) still have “a lot more” or “everything” still to do to implement SM&CR and most (84%) feel that “internal set-up and culture” are a key challenge.

Considering the level of personal accountability being introduced with the regime, it is no surprise then that firms’ trade surveillance technology and communications compliance monitoring tools are now coming under intense scrutiny.

To put it bluntly, when it’s your own head on the block, you want to make sure it doesn’t get chopped.

The Limitations, Costs and Inherent Risks of Data Silos

The underlying issue for many firms originates from the piecemeal way in which new forms of communications media have emerged over time, and the phased expansion in regulatory requirements associated to monitoring, capturing, storing and analysing communications.

Years of having to adopt different systems for new forms of communications data have led to most organisations (both large and small) eventually finding themselves with a fragmented array of disparate vendor, technology and data silos for the surveillance, capture, storage and analysis of various media types.

For example, on one end of the scale, a small, single-site fund manager might have one system to record landline calls, another to capture mobile calls and SMS, another to capture video calls, and a number of others to capture various forms of instant messaging, with some or all of these media types then being stored in separate repositories.

A global investment bank, on the other hand, might have accumulated dozens of recorders over the years, from multiple vendors, spread across numerous countries, just for capturing fixed line calls. These recordings may also be stored locally within each jurisdiction, creating further silos of data.

The dispersal of companies’ communications data across so many disjointed legacy platforms, and the absence of a single, unified view of the data across each of these silos, is the root of many of the problems that businesses face.

Having to work with such a wide range of different systems means firms are not only incurring significant costs (hardware, maintenance, licencing etc.) but are severely limited in their ability to extract any useful information from their data, and are subsequently exposed to very real operational and regulatory risks.

Real-time communications surveillance becomes practically impossible. Any proactive monitoring must be done manually, which is both resource-intensive and ineffective, and leaves firms unable to effectively deal with the volume of false positives often generated by their market surveillance systems.

The ability for timely case reconstruction, necessary for Dodd-Frank and MiFID II compliance, is also severely impaired. If required by regulators to reconstruct a trade within a certain timeframe, many firms would simply be unable to do so.

At least, not without spending an arm and a leg on external consultancy fees. Historically, many might have preferred to just pay the fine – possibly a less attractive option under SM&CR.

The Search for a Holistic Surveillance Solution and The Budgetary Tug-of-War

To address this, most organisations have now recognised the need for a more holistic surveillance solution. Some of those with deeper pockets are already working with various regulatory compliance software companies to pull together their many systems to form a coherent whole.

In general, this has involved deploying a layer of middleware to sit over the top of their myriad legacy systems and provide a central hub.

However, although this does give a more complete view of their data to those firms who can afford it, it is still adding yet another layer of technology and cost, to essentially form a “patchwork of data silos”, as opposed to addressing the root issue itself and breaking down data silos altogether.

In addition, depending on the solution(s) used, firms may still struggle to meet regulatory case reconstruction requirements and deadlines in time; especially if, for example, source data is stored in other countries or is spread across multiple jurisdictions.

For many firms though, budgets and resources are an issue, and taking an expensive and inefficient silo-based approach to compliance monitoring and surveillance is simply not an option. Even in larger organisations, there is often a tug-of-war between IT and Compliance departments as to whose budget should be used…with the Finance department stuck in the middle.

Using holistic compliance monitoring software for effective market abuse surveillance, however, is now a vital requirement for all firms, and affects all departments.

A solution is required that removes cost as an obstacle. A solution which, by eliminating data silos and replacing them instead with a single, unified platform for monitoring, capturing, normalising, storing and instantly recalling all forms of voice and electronic communications and market data, allows firms to reduce costs rather than add to them.

Such a solution would have far-reaching benefits, solving critical problems faced not only by Chief Compliance and Risk Officers, but also by Heads of Technology, Operations and Finance – as well as, ultimately, Chief Executives. And of course, most importantly, resulting in a better, safer service for end customers.

Which is the whole point…right?

The Holy Grail of Compliance Monitoring Software – “What If…?”

Technology and cultural change will always be around, forcing organisations to adapt. Mankind, by our very nature, will always ask “what if?” – forever pushing the boundaries of possibility, until the “impossible” eventually becomes the norm.

The challenges facing regulated firms will continue to evolve constantly. What may appear almost insurmountable now, will eventually become commonplace.

For now, financial institutions need to undergo a significant shift, moving away from the use of layers of legacy compliance monitoring systems and controls to a single, unified, holistic surveillance solution that allows them to meet the challenges of today and the road ahead.

The question is…what if?

What if this solution already exists?

See https://edge-edge.co.uk/soteria.

Eliminating Data, Vendor & Technology Silos for Effective Communications Compliance Monitoring & Surveillance

The universal challenge facing financial firms, in the face of increasing legislation, stricter controls and harsher penalties for non-compliance, is the dispersal of communications data across numerous disparate “silos”, making it virtually impossible to implement effective measures to proactively counter market abuse in real-time; let alone assemble historic data for case reconstruction in time, if required to do so by the regulators, without incurring fines for late delivery, incomplete records or substantial human resource spend.

These silos are usually a combination of multiple data repositories (which are often geographically dispersed), using multiple vendors and numerous different technologies. All this is currently leaving the vast majority of firms on the back foot when it comes to regulatory compliance – the fact that most firms are still thinking in terms of 1st, 2nd and 3rd Line of “Defence”, provides evidence of this.

With the introduction of SM&CR looming, senior managers of financial firms are now, more than ever, incentivised to address these issues as a matter of urgency.

Our breakfast briefing will delve into these problems, the reasons for their existence…and, crucially, showcase what has so far eluded financial institutions everywhere: a tangible, working, cost-effective solution.

By reducing or eliminating data, vendor and technology silos for the capture, storage, analysis and recall of all forms of multimedia communications, and integrating with existing trade monitoring and market abuse tools, firms can now not only streamline their compliance monitoring and trade reconstruction processes, but also reduce the number of false positives that need to be manually investigated, while at the same time reducing total cost of ownership.

This SaaS solution, SOTERIA, has already been deployed, in its first version, by 10 of the top 12 global Tier One banking institutions and over 180 other financial organisations. Its latest version, following hugely successful launches at the 1LoD summits in London and New York in March-April, is now attracting unprecedented levels of interest from firms of all shapes and sizes, from all over the globe, and has been shortlisted in 11 categories for the RegTech Insight 2019 Awards taking place on the 3rd May.

At our event, firms will have the chance to learn how the SOTERIA platform works, understand its capabilities, see it in action and engage in a Q&A. As well as enjoy a tasty breakfast of course!

For anyone wishing to attend, please register here or contact Steve Dourdil on 020 3869 2442 / steve.dourdil@edge-edge.co.uk.

DoubleEdge are pleased to announce that Soteria™, the cloud-based compliance monitoring, surveillance and analytics platform powered by DoubleEdge partners Insightful Technology, has been shortlisted in 11 categories for the 2019 RegTech Insight Awards, taking place in London on the 3rd May 2019:

  • Best Sell-Side Regulatory Data Solution
  • Best Buy-Side Regulatory Data Solution
  • Best Data Management Solution for Regulatory Compliance
  • Best Vendor Solution for Dodd-Frank
  • Best Voice and Mobile Recording Solution
  • Best Solution for Records Retention
  • Best Compliance as a Service Solution
  • Best AI Solution for Regulatory Compliance
  • Best Regulatory Alert Management System
  • Best Regulatory Reporting Solution
  • Best Innovative Technology for Regulatory Compliance

Soteria™, already used by 10 of the top 12 global Tier 1 banks, captures and recalls any type of corporate multimedia communication in a single global view and then overlays proactive monitoring and AI services to enhance the data’s value to the organisation, all in real-time.

More information on Soteria can be found at www.edge-edge.co.uk/soteria

Contact: Steve Dourdil, DoubleEdge Professional Services Ltd, 30 Artillery Lane, London E1 7LS. Tel: +44 (0)20 3869 2442.

London, UK – 25th July 2018

Compliant voice, e-communications and cognitive services disruptor, Insightful Technology, has agreed a new partnership with agile IT and unified communications provider, DoubleEdge, as part of their growing activity in the Financial Technology marketplace. The new alliance has already been celebrated with an early customer acquisition, for deployment in August.

Insightful’s Soteria™ platform is already used by 9 of the top 12 global banks and now enables DoubleEdge to bridge compliance and efficiency gaps for businesses within the regulated business sectors. Soteria captures and recalls any type of corporate multimedia communication in a single global view and then overlays proactive monitoring and AI services to enhance the data’s value to the organisation.

All in real-time and without data leaving jurisdiction, case reconstructions can be compiled in a matter of minutes with the aid of advanced keyword search algorithms and Microsoft voice-to-text transcription software. This empowers businesses to respond proactively to regulatory requests and allows regulators to remotely access a containerised view of the case file.

Steve Garrood, CCO of Insightful Technology commented: “We strive to ensure we have the best-in-class partners who share the same ethos of encouraging real business efficiency change, while solving the customers’ immediate pain points around unified communications and/or compliance. DoubleEdge takes a similar approach and has established a solid reputation for delivering exceptional levels of customer service and support.

With Soteria™, DoubleEdge now has access to a tier-4, secure and resilient cloud-based SaaS solution that provides much-needed structure to otherwise unstructured data, in one single place. There’s no need for middleware or multiple disparate data silos and, given Soteria’s open API design, DoubleEdge can deliver a complimentary and non-architecturally disruptive solution that ingests data from any existing or legacy estate, be that hardware or software.”

Steve Burges, DoubleEdge Managing Director, added: “We work with some of the biggest players in the financial, legal and professional services sectors, providing advanced communications and collaboration solutions, plus the essential support required to meet changing requirements.

Over the past 20 years, we’ve witnessed growing regulatory demands across an increasingly wide range of communications. Compliance managers need a solution that is simple to deploy, quick to respond to requests from the authorities and accurate in the data supplied. Insightful Technology delivers all this with the flexibility and scalability offered by a cloud-based SaaS solution. They’re way ahead of everything else out there and that’s why we value this important partnership.”

 

About Insightful Technology

Through our SaaS platform Soteria™, Insightful Technology provides organisations around the world with the ability to securely capture, analyse and store business communications in real-time, regardless of the source. With an accompanying A.I. and B.I. analytics and proactive alerting suite, and the functionality to create case reconstructions immediately, as well as pre-populate CRM systems or Best Execution forms with accurate voice-to-text transcriptions, we not only drive compliance on a global scale but also impact on enterprise agility.

Our mobile voice recording solution is currently used by 9 of the top 12 tier 1 global banks, and over 170 other financial organisations, and can also be implemented by government agencies, legal institutions and pharmaceutical companies all around the world.

To find out more about Soteria™ and Insightful Technology, visit our websites http://www.soteriasoftware.co.uk/ and http://www.insightfultechnology.com/