Oversight of voice and video communications monitoring was the focus of a recent online conference held by XLOD, and the views given by the compliance surveillance leaders present contained some surprises.
The event was regulated by the National Futures Association (NFA) and panels featured senior global compliance and surveillance practitioners from investment and securities houses including Bank of America, NatWest, SocGen, Deutsche, Wells Fargo, BNY Mellon, RBC, State Street, Lloyds, SMBC and Nomura.
A number of broad themes emerged from the discussions.
- Voice monitoring, in particular, has now definitely moved up the priority list in 2023.
- The recent recordkeeping fines for personal device use, which focused on WhatsApp written messages but also have a call functionality, has influenced this.
- Generally, firms are moving towards corporate-issued devices for those in the front line of the business, and away from BYOD.
- Video coverage also requires some consideration.
- Where a material market abuse risk persists, commensurate controls are required. For many, oversight of voice coverage is now a regulatory expectation.
Opening the event, the NFA did not bring anyone any comfort that regulatory intensity is on the wane. The mood in the metaroom was that regulators are expecting more from firms now that they should be emerging from their pandemic-induced slumber. There is growing alarm at a ‘tick the box’ approach to compliance that is easy for supervisors to see through. Recordkeeping rules have not changed but the channels that firms are using have. That does not mean they do not create records that must be kept.
Voice is where there is most interest in terms of coverage requirements and risk oversight. Banks and brokers are certainly looking for an uptick in previously offered technology solutions to provide a voice monitoring tool which is sufficiently effective to be a genuine risk control.
The broad conclusion from industry is that we have now got to that point where transcription accuracy rates are good enough. In essence, where there is an assessed risk, then coverage is a regulatory expectation – and that includes voice coverage. Defining video as just another communication channel means that this should also be captured for recordkeeping and monitoring purposes.
Identifying risk
Challenges certainly persist and they include multi-language usage with detection models which cannot be literally translated to identify risk effectively. This requires even more careful consideration than similar challenges faced when monitoring eComms, utilising lexicon and model coverage.
Initial language identification needs to be sharp, and coverage should ideally include switching between different spoken languages. Accurate levels of transcription mean that meaningful surveillance can certainly be performed (at least in the more popular languages).
There is considerable potential benefit in separating business from non-business communication to help reduce the coverage and monitoring burden, but defining this separation and trusting that the technology can distinguish the difference accurately requires a leap of faith.
Retention has become an issue as some firms question if there is a need to only keep transcriptions or the native record for the full retention period.
Recordkeeping and surveillance
The balance between servicing all the communication channels which front office colleagues require, and ensuring recordkeeping and surveillance requirements are complete, is a delicate one. Challenges around the number of channels, the clarity of the audio including background noise, “turret” open line calls and hoots, aligning the respective data formats and meta-data, and identifying and attributing who said what, were mentioned as some of the present difficulties being experienced.
Deployment of an effective solution will be another different challenge for many who have limited or sample coverage only across voice presently. The review and escalation governance may be familiar, but the risk models and lexicons to effectively identify suspicions of risk will need to be purpose built or significantly enhanced.
However, the requirement for appropriate voice monitoring has been brought into sharp focus through a recent enforcement action by UK regulator the FCA, which stated that systems at a UK broker-dealer were “not currently fully fit for purpose … to provide adequate monitoring “ and the resulting fine ran to £6.2m ($7.8m) before discount.
Culture a concern
One surveillance leader suggested that on the employee Conduct Risk side, issues such as bullying, harassment and prejudice were a growing area of concern for all organizations which employ large numbers. They also advised that their firm was finding more conduct-related issues than market abuse concerns, but generally they viewed voice coverage to be as important as eComms surveillance.
It was also suggested that where employees are well aware of eComms coverage, the same cannot be said for voice coverage. So a steady pipeline of escalations were being flagged.
Video is another area which is troubling surveillance executives. De facto, it is just another channel for communication and so is required to be monitored. However, the associated cost and complexity required to cover it, identification of who is speaking through meta data, as well as the data storage issues, mean that the voice component of video calls is presently being prioritised, though with a view for more extensive inclusion at a later date.