Published on November 27, 2019 by Mahima Sahney
Communication Surveillance is gaining ground as financial crimes and fraud are on the rise, along with advancements in technology and talk of machine learning and artificial intelligence. Financial services firms, therefore, are now known more by the benchmarks/systems they set in place to implement regulatory policies and mitigate risks
Supervision of electronic communications is a crucial part of the compliance function of a financial services firm, and the efficiency of the supervision plays a major role in deciding the effectiveness of a compliance programme designed for risk management. Hence, it is essential that firms employ a review method that satisfies the following criteria:
Method should be able to cover all channels of communication
Written communication is the most basic form of communication. This is why it is important for all organisations not only to monitor emails, IMs, chat rooms and forums but also to keep an eye on the business’s social media forums. They also need to identify other modes of communication that could easily lead to a privacy breach of its data and information. A good example of this would be an employee, such as a broker, an advisor or one with a client-facing job, subscribing to a voicemail service other than the one used by the firm. Most often, the employee is unaware they are breaching the firm’s policies by recording sensitive business information in the form of a voicemail on the servers of external parties. Similarly, the use of Facebook and Twitter for today’s business needs has also increased the risk of fraud. The use of text messages or other communication platforms such as WhatsApp are other means through which information is dispersed quickly and under the radar. Therefore, monitoring all possible methods of communication is critical.
Samples should be a combination of random samples and lexicons
Gone are the days when hitting the archives and experimenting with samples were the only means to get results. Focusing on and extracting the right keywords/lexicons is the need of the time. A firm needs to learn how to correctly identify the lexicons, very often coded in basic language, as the aim is to link a fraudster’s intent with the right keywords to derive the desired result.
Random sampling is also important when collecting samples. It helps break the standard patterns of samples and ensures that the firm covers areas it would not have thought of.
Machine learning should be a part of the communication surveillance programme
Machine learning, in terms of designing a tool that can automatically differentiate between relevant and irrelevant items, would be useful when trying to select an accurate sample for review. Adding functionalities such as intelligence review and auto clean-up would minimise manual intervention, reduce sample size and maximise output.
Method used should exclude false positives
Eliminating false positives is a challenge for compliance managers and auditors. Using methodologies such as intelligence review, fan-off and pick and choose could help a firm eliminate unproductive, non-risky and junk electronic communication from the sample.
Programme should use focused or targeted search methods or have investigation capabilities
Relying only on samples is not enough to reduce risk. When time is of the essence in making decisions over an escalation, a process designed to delve into the archives and vaults needs to be in place. Client complaints, identifying email trails related to materially non-public information (MNPI), insider dealings, suspicious trade activities, cancelling of trades, trade-settlement issues, and looking into employees who carry high risk to the firm are some instances where further research is required. Hence, devising a method of further investigation should also be part of the surveillance programme.
Additionally, an investigation of communications before and after a suspicious email would help senior management save time and follow-up effort.
Method used should have an escalation-reporting mechanism
The programme should also have a platform in place that enables the compliance manager to track its progress and review what has already been captured by the system. The mechanism should be able to pull reports in the form of dashboards and presentations, and notify the registered principal of the flags raised by the analyst and actions taken on the escalations by the registered principal. This would ensure continuous learning on the part of the compliance analyst and save time in tracking progress and documenting outcomes. Having a well-documented process in place would also make it easier for the firm, ensuring a proper regulatory audit.
Using technology to enhance compliance procedures could thus enable proficient data governance and information and email surveillance. Analysts need to think smart and logically to detect risks and fraud. We believe the above strategy will ensure smooth flow of a compliance programme and achieve the end objective of risk management. Moreover, compliance costs continue to rise, making it imperative that firms spend wisely and make the effort to build a strong culture of compliance.
Acuity Knowledge Partners is an influential player in the global market, offering compliance expertise and a wide array of other services We leverage our research pedigree to manage high-time high-volume judgment based email monitoring activities. Our pool of email surveillance experts over the years have created a detailed checklist based on the client's monitoring policies to enhance the lexicon and improve system’s filtering capability.
What's your view?
About the Author
Mahima Sahney has over 9+ years of experience in compliance and Investment banking having worked for firms including Ameriprise Financial. Her expertise spans across compliance and risk sector, focusing on compliance reviews of Electronic Communication. At Acuity Knowledge Partners she is part of the central compliance team and specializes in Electronic Communication review. Mahima is a post graduate (Masters of commerce) and hold a degree from Bundelkhand University Jhansi.
Like the way we think?
Next time we post something new, we'll send it to your inbox