New Technology to Address Compliance-by-Policy Inadequacies
In recent years, the evolutionary pace of communications technology increased rapidly. Video conferencing, which historically required specialised equipment, is now commonplace and available to all, providing an alternative to face-to-face meetings. As the necessity for all employees to work in a single location has decreased, global working practices are evolving. In sync with this cultural shift, EU and UK law makers are ensuring that blanket bans on flexible working are no longer legal or appropriate in their jurisdictions and mandating that there must be a strong – and defensible – business justification to refuse an employee’s request to adopt flexible working. However, the developing ‘work-anywhere’ culture is raising issues with communications surveillance teams in financial services organisations, as they struggle to adapt to the newfound freedoms of the staff they monitor.
By: GreySpark Senior Specialist, Jennie Brotherston
The months following the global COVID-19 pandemic outbreak necessitated remote working by all financial services staff as individuals were banished from their office environment, and financial services firms were forced to quickly find solutions to enable business to continue ‘as usual’ through the crisis. This turn of events forced banks and other financial services firms to rethink the practicalities and economics of entrenched policies that were created to protect their organisations. Consequently, the residual mistrust of widespread flexible working practices has almost entirely evaporated, even as companies plan a safe and measured return to the office. Whilst there is a prevailing view that the majority of front-office personnel will continue to work in a traditional office-based environment in the future, that is not necessarily the case for middle- and back-office staff, compliance officers and those working in other support functions with whom trading staff converse and interact regularly. The scales may tip further as firms review the shifting ratio of business performance against the practical and economic advantage of reducing expensive office space. Financial News London reports that several bank executives have already begun to publicly discuss downsizing their real estate in the wake of the pandemic.
In the financial services, a geographically dispersed workforce is essential to facilitate global business, and staff based in offices across the world regularly interact via traditional voice and virtual face-to-face communications technology, but the extension of this dispersal into the domestic setting creates new challenges. The use of previously unauthorised communications media in non-office settings by those even tangentially involved in trading – tolerated as workarounds through the pandemic – presents an urgent need for banks to look at solutions that will allow them to meet their regulatory obligations, as well as to provide the best possible service for stakeholders and clients.
Surveillance Issues Arising in Contemporary Working Culture
Quite apart from the fact that banks must monitor employees’ activities for the purposes of unauthorised trading and fraud avoidance as well as to detect market abuse, compliance officers must also consider the legal requirements of a host of regulations such as MiFID II and Dodd Frank, requiring them to capture and record all data needed for a detailed trade reconstruction. In the past, it was common to address surveillance issues in part ‘by policy’, such as mandating that only desk phones are used for trading and related activities, leading to a ban on taking mobile phones onto the trading floor. Direct observation of staff – whereby human compliance officers interacted with and observed staff directly – was another tool in the policy-led compliance approach. However, this is no longer a practicable approach as staff relocate to non-office locations. Applying security policies designed specifically for the office environment to domestic and other settings is clearly both impractical and inappropriate, and a policy-led compliance approach is ultimately unenforceable.
Until March 2020, there was limited call for surveillance in the domestic setting, and so many financial institutions now find themselves without processes to monitor professional activity at home. Yet, whilst some regulators may unofficially allow the industry breathing space in the short term due to the extenuating circumstances caused by the global pandemic, others have stated that there is to be no relaxation of the rules. There are several key issues that financial institutions need to consider as they struggle with the question of what can be done to ensure continued compliance, both immediately and in the longer term.
Figure 1: Changes in Business Practices Requiring Surveillance Technology Evolution
Source: GreySpark analysis
As the industry experienced the various lockdowns and face-to-face meetings became impossible, tools that were previously not authorised, including personal mobile phones and other personally-owned equipment, a large number of different video and audio conferencing platforms, messaging apps, such as WhatsApp or WeChat, as well as social media, began to be more widely used. These largely un-monitored platforms, routinely used in the private lives of most of the workforce, plugged the gap left by the informal face-to-face interactions of financial services staff, and changed the dynamic in terms of the way people communicated.
It is already well known in surveillance circles that behaviour is contingent on setting and location. For instance, the way a person communicates in a formal environment differs – sometimes significantly – from their communication style in less formal settings in terms of phrasing, intonation and sometimes language. As staff spend more time away from the office, less formal behavioural patterns are likely to become more prevalent. The concept of surveillance of staff in a domestic setting itself is fraught with privacy concerns, and it may be that employees will have to limit themselves to working an area of their home or non-office location where surveillance would not infringe the privacy of anyone. The degree to which surveillance solutions can discern professional from private communication will certainly be more of a priority to address going forward.
That said, if these issues could be resolved, compliance teams would be better equipped to investigate malfeasance by staff than they are today, as far more communication channels would be monitorable. Solutions that can capture the widest spectrum of electronic communication will provide the compliance teams that use them with the best tool to protect their firms.
The Shift from Compliance-by-Policy to a Technology-Led Approach
Inadequacies in current policy-led surveillance and monitoring practices that could be addressed by technology fall into two main categories: the monitoring and recording of diverse communication channels and the ability to distinguish between professional and private communication.
End-to-end conversations, today, typically involve the use of multiple tools. To allow the comprehensive tracking of conversations for compliance and security purposes, a communications surveillance platform should be able to monitor all channels. Innovative solutions are being developed to facilitate multi-channel monitoring. Encouraging steps are being taken on this front. VoxSmart, for instance, provides a unified platform which not only captures, monitors and records every channel used on a mobile phone, including incoming and outgoing calls, voicemail, SMS, voice notes and image attachments, as well as other communications apps, such as WeChat or WhatsApp, but also integrates the mobile capture capabilities with a voice and e-comms surveillance system. The identification of switches between communication channels during a single conversation – and the ability to capture and record the fragments – is an important technique in the fight against fraud and insider training. The future holds the potential for expansion of this type of communications surveillance that can capture and aggregate communications across not only multiple channels but also across multiple devices.
The recording of voice data in a non-office setting throws up issues that could be addressed using a technology-led approach rather than a policy-led approach. The recording and storing of data on communications where at least one party is in a domestic environment is contentious unless the stored data relates solely to professional interactions. As the blurring of professional and private settings intensifies, one such approach to ensuring compliance could be to introduce a surveillance platform which could confidently distinguish the personal from the professional. A pre-requisite for this type of analysis is an accurate transcription capability.
After struggling through a long infancy, and with their widespread use in consumer technology already well established, transcription capabilities have come into their own. Utilising the same technology, natural language processing (NLP), many surveillance platforms now incorporate a ‘voice to text’ transcription capability. The degree of success with which this is executed differs from platform to platform, however. Accurate transcription is an extremely complex operation, and to be effective transcription solutions must not only recognise financial language, but also evolving terminology and jargon, and be able to identify, transcribe and translate many different languages and dialects in real time. All this is increasingly important given the global and multilingual workforce, within which conversations can shift seamlessly between languages and styles.
Using machine learning tools, the accuracy of transcription in communications surveillance systems will improve over time as these platforms iterate towards increasing accuracy. An overlay of analytics could facilitate the identification of behavioural patterns in conversations – to distinguish professional communication from the rest – and the use of geotags could provide an overlay of regional data protection detail and so ensure local and global compliance.
With this range of capabilities incorporated into their communications surveillance platform, financial institutions may find that many of the compliance headaches they feel currently would evaporate, enabling them to step confidently into a post-pandemic world that accepts flexible working practices as the norm. It is probably not fair to say that flexible working has deflated the efficacy of a compliance-by-policy approach to surveillance; cultural and behavioural policies and working practices remain important for many reasons, whether working in the office, at home or elsewhere. However, it is certain that we no longer work in a world where compliance-by-policy can form the backbone of financial institutions’ surveillance policy and that a new technology-led approach must be embraced by the industry.
 Clarke, Paul. 2020. JPMorgan mulls shrinking office due to coronavirus crisis. Financial News London, [online] 7 May. Available at: <https://www.fnlondon.com/articles/jpmorgan-mulls-shrinking-office-due-to-coronavirus-crisis-20200507?mod=article_inline> [Accessed 30 June 2020]