Our regular roundtable focussed on how evolving technologies are influencing monitoring. A host of issues were addressed that we have been covering on GRIP for the past year.
The FCA is strongly endorsing a lexicon-based system but attendees agreed there was no enterprise-wide solution to the issue of outdated lexicons. The question of whether they should be dropped entirely was mooted, on the grounds they are archaic.
While organizations receive training every couple of years, this was deemed not enough to keep up with the pace of change. Modern innovations like emojis complicate the issue further, with Chip Jones, EVP Compliance, GlobaL Relay, telling The Wall Street Journal: “Third-party vendors that provide technology for firms to capture and supervise electronic communications have been looking into this issue. It is ultimately up to firms [themselves] to decide what kind of emojis might be flagged.”
Data and AI
Presented with an overabundance of data, compliance experts said a solution was needed, positing AI as the answer. Machine learning can aid interaction with lexicons. Chatroom admin is still an issue, with chaperoning needed and a stronger oversight around participant identity and numbers.
The regulators’ focus has switched to eComms, with the question of embedding Voice coverage into eComms coming to the fore. Vendor choice and lack of attention given to the implementation, configuration, calibration, and testing of systems were all identified as issues that can land firms in trouble. There are issues around data completeness and data not being fed into tools effectively.
Voice coverage is now seen as a requirement where sufficient risks persist. A fine of £4.7m ($6m) issued under Market Abuse Regulations on three brokers last December led to Voice being considered a full requirement as opposed to just best efforts. Voice is still considered a challenge both for accurate technology (transcription) to identify risk and for resourcing reviews. It was felt that there needed to be more regulatory focus on communications generally (previously trade surveillance), with a wider scope of risks than trade.
These cases are starting to look run of the mill, simply a cost of business, while firms continue to bring systems in. But once the systems are in place, who tests whether they are working? Firms will continue to be exposed in this area for some time to come. There could be some competitive advantage to identifying and self-reporting first.
Compliant communication
The WhatsApp fines mean everything now needs to be covered. In our Compliant Communication 2023 survey Eran Erman, Global Head of Compliance Technology at TP ICAP, said: “A trader can and will always have the option to use unrecorded applications to conduct business in violation of company policy, so providing a solution (even if not used frequently) to record WhatsApp in a compliant way should not be a ‘nice to have’ but a ‘must have’, even if you are not a regulated investment firm.”
BYOD bank sims were a WhatsApp loophole, and the use of WeChat as a way around monitoring was being accepted in the commodities world.
Attendees asked, if firms are able to self-identify and report, does this help them receive lenient outcomes? It turns out self-reporting this issue reduced the size of the fine.
To redress these issues, companies have taken various measures. According to our compliant communication survey, 59% of firms have banned WhatsApp and WeChat, while 52% opt for BYOD over corporate devices. But companies are still underutilising data analytics in the compliance and surveillance context and 62% said getting employees to comply with rules around electronic comms was the biggest challenge
Some prescient general questions popped up. Why did the Crispin Odey case take two years? Is the FCA fit for purpose to supervise wholesale markets? Attendees thought it was good to see more enforcement, not just regulation.
