XLoD London 2023: Tackling the complexities of modern communication compliance

This in-depth session at the foremost compliance surveillance conference featured Ian Blair from UB, Rob Hammond from BNP Paribas, and John Lydon from TP ICAP.

An audience survey staged at the start of proceedings asked ‘How confident are you that all forms of communication (text; video; voice) of your target population for regulated activity are being captured and surveilled? The response broke down as;

  • certain – 3%;
  • reasonably confident – 55%;
  • not very confident – 35%; and
  • very uncertain – 7%.

The panel discussion, staged under Chatham House rule, started by discussing recordkeeping enforcement and its impact. All agreed it has had significant impact, especially for the broker community where the dialogue venue is driven by the client. WhatsApp has been a recordkeeping challenge for 10 years now. Regular engagement with the front office is essential and Compliance has taken on more responsibility for this duty from IT who used to own it.

Dedicated surveillance teams now wrestle with everyday challenges that include the increasing volume of comms (voice and text especially) and the related inevitable rise in false positives (one true positive to 10,000 false was quoted, with the rider that AI is probably now at an inflection point in being ready to help reduce that over time).

Technology and budget challenges

The discussion moved to the benefits of technology and the inherent budget challenges where there is considerable fatigue right now. The panel agreed on a need to focus on basics and adopt simples rules that are easy to communicate.

A list of approved channels that can and should be used should be distributed appropriately. The quality of any voice recording should be analysed and any non-stereo records are not fit for purpose. The rules must be clear, especially when people will migrate to whatever they need. The channels that are being recorded should be abundantly clear and there needs to be a process after that for miscreants to follow openly – cause and effect must be transparent.

Any process has to be integrated into a broader control framework of the firm. Attestations should be quarterly or at least annually. Training is a key supplement and needs to be recorded, with regular links to policy to reinforce this. A close collaboration with HR and the conduct risk team will ensure any disciplinary process is efficient and followed.

Rules must be clear, especially when people will migrate to whatever they need.

The panel discussed how to best stitch comms together. Comms are comms whatever format is used to pass them from one party to another. There was praise for the benefits of using metadata to unearth clues that might indicate channel hopping or an abrupt end to a dialogue where it is obvious more needed to be discussed.

The next audience survey question was about misconduct and it asked ‘What percentage of misconduct would Surveillance identify in the target population?’ The answers were;

  • all – 0%;
  • majority – 34%;
  • 50/50 – 40%;
  • minority – 26%;
  • none – 0%.

The introduction of ChatGPT and LLMs was touched on. Their influence will inevitably grow but the panel added that there is more focus than ever now on behavior (while remaining compliant with privacy etc).

One of the banks has an Insider Threat Committee that does not operate in isolation of Surveillance but includes representatives from HR, Risk, Security and Legal to focus on conduct surveillance insights. The body works to bring together data attributes from each of these functions even if the final analysis is very manual when interpreting these signals. This helps to prove its value to senior management as a process. It is a question of time before the AI advent automates this.

Another bank looks closely at: client/broker concentration; P&L excess and paucity; policy breach data; disciplinary data. This is all thrown in the pot’ Deep-dive reviews are conducted on anomalous activity.

Conduct and surveillance

Conduct and Surveillance have been rolled together at one bank. The teams are using AI to chew through this cumulative data to better effect. There is an inflection point where the use of biometrics, NLP and AI result in less false positive production and higher quality surveillance.

The panel moved on to the optimal model for the surveillance team. The ideal surveillance robot will be made up of

  • trader;
  • lawyer;
  • data analyst;
  • compliance;
  • technologist;
  • risk manager!

Until Mr Musk can produce this model, the approach is to have good people with these backgrounds that work collaboratively in the team.

One of the panel said that they find it crucial to get as much time as possible with revenue generators as they understand that the Surveillance team is just trying to mitigate the risk to them. In the first line it is much easier to discuss the pay-off tension between successful investment and the non-compliance risk. This is much harder to picture in the same way in the second line.

Multi-disciplinary approach

One of the panel discussed the sheer volume of alerts to be covered and the need for multi-disciplinary people to analyse them. One of the panel said that they had adopted a nearshoring model and had a lot of success hiring smart graduates who they pair with experienced ex-trader surveillance people to work through the review queues. The line between normal market practice and abuse is so subtle that the ex trader experience is vital.

The panel concluded with the daunting reveal that the taxonomy of risk is vast and increasing – 70% of the majority of liability is related to true fraud. An insider threat lens is needed to create the right focus. Surveillance is very expensive when a firm gets it wrong, so it is paramount that enough is invested in it to make sure that is not the outcome. Better safe than sorry. Does anyone remember LIBOR?

Please note that this article is not a comprehensive reproduction of all that was said in this session and is an interpretation of comments made by the regulatory journalist – it has not been officially approved by the speakers or conference organizers.