The great work-from-home experiment forced traders from the office and digital surveillance teams into overdrive. RegTech can provide a path forward through serious legal obstacles that stand in the way of effective oversight. However, good compliance is not just about the tech and we need collaborative action to make surveillance RegTech fit for purpose.
The 2022 surveillance policy
‘Trust but verify’ is the motto of many surveillance professionals. Employees should be given the parameters of good behaviour and an organisation’s culture should promote ‘what good looks like’ while applying effective controls to identify outliers.
Compliance is being asked to monitor much broader and deeper digital footprints. This means RegTech has been called upon to spot risks within the firms’ communications firewall, and increasingly, across external platforms.
There are scores of new communication channels which could fall into scope. However, the ask is not solely to increase the quantum of data. New video analytics and natural language processing capabilities are required to detect anomalies in the information and correlate them to market activity.
RegTech surveillance solutions
The days of checking every alert are a distant memory. Even if one could get through all the false positives, it is unlikely that the risks will have been spotted.
Surveillance requires more data of more types to be fed through ever growing machine-driven controls to spot outliers. Technology can become intrusive, pervasive and predictive or predictable, defensible, risk based and efficient. The devil, as ever, is in the detail and lives across a complex supply chain of technology and data.
New semantic techniques for spotting errant conversations, trades and market interactions are possible and some suggest that over the next few years, they will become the norm.
But is a digitally surveyed financial institution really the future? The answer is far from certain.
The catch
Getting more data and better RegTech sounds simple enough, but in parallel, politicians and regulators have produced thousands of pages of new conduct, culture, AI policy and third party risk management guidelines to control digital behaviour.
Firms are rethinking the breadth and depth of their surveillance programmes and wrestling with thorny ethical and privacy issues. This means working through business, legal, privacy and audit objectives and control statements.
In JWG’s most recent trade surveillance working group meeting, it was generally felt that utilisation of data within surveillance models is half the level that most firms would like it to be.
The urgency
A $4 million fine to Mass Mutual in September 2021 for failure to spot their ‘kitty’ roaring via 250 hours of YouTube has raised serious questions about Compliance’s ability to move to predicted and integrated capabilities.
In December, JP Morgan has been landed with a $125 million penalty for failure to preserve written communications, on text messages, WhatsApp, and their own email accounts which discussed securities-related business matters.
According to Politico, police forces across Europe have been keen to adopt AI-powered technologies to profile people and neighborhoods, assess risks and predict crime before it happens. However, a group of 41 digital and civil rights groups, led by EDRi and Fair Trials, are calling for European lawmakers to ban predictive policing systems in the EU’s Artificial Intelligence Act. Negotiations on the AI act are well underway and we are expecting a draft report in April. There could well implications for surveillance of employees… stay tuned.
Path forwards
Given the fast-moving state of surveillance affairs we ask: why can’t we have a model certification body to oversee finance surveillance standards?
A body like a pharmaceutical agency could regulate new technology and compare performance to baseline and control sample (e.g., placebo). The group could help with bridging perspectives between different regulators, developing guidance, defining industry-specific standards, testing new releases and other practical matters.
Make sense? Want to get involved?
JWG will shortly be announcing a seminar series on this and other compliance topics. Contact Corrina.stokes@jwg-it.eu.