Surveillance Blog

Time to say no to the regulators on data?

Simon Brady — Mon, 09 Dec 2024 14:22:06 GMT

As many of the sessions at XLoD Global - London made clear, solving the data problems faced by trade surveillance teams is bigger than anything surveillance teams can fix by themselves. The issues in the data, in-venue visibility and in-vendor connectivity are part of a much more fundamental problem of enterprise-wide data and technology fragmentation. That’s not news. What’s changed though is that regulators now also understand that they cannot continue to focus on critiquing trade surveillance calibration or other surveillance minutiae. They too need to focus on the wider data issues that impact both financial and non-financial risk management, regulatory reporting and business resilience.

Holistic surveillance – finally here?

Simon Brady — Thu, 28 Nov 2024 10:52:00 GMT

At this year’s XLoD Global – the largest event of its kind ever – one of the most interesting developments was a resurgence of the idea of holistic or integrated surveillance. This is the previously much-hyped idea that trade, e-comms and voice surveillance would be integrated into, effectively, one system in which trade alerts would be supplemented in real-time by the emails, messages and voice calls associated with the relevant trade data to give analysts an easier and more data-rich alert.

Have US firms had enough of surveillance?

Simon Brady — Wed, 18 Sep 2024 10:36:13 GMT

We are used to hearing that European privacy laws are a stumbling block to the surveillance of broader populations outside strictly regulated personnel or to more detailed trader profiling. In the US, in general, surveillance teams have fewer problems.

How does Model Risk Management affect buy-build choices in surveillance?

Simon Brady — Tue, 20 Aug 2024 14:00:00 GMT

Model risk management (MRM) teams were deeply involved in validating surveillance models (deterministic and stochastic) even before the Prudential Regulation Authority (PRA) brought out SS23/1 (model risk management principles for banks) earlier this year. That supervisory statement makes clear the regulators’ view that MRM should be applied much more broadly than before, all but guaranteeing the inclusion of surveillance in it.

What to do about data completeness

Simon Brady — Tue, 23 Jul 2024 09:54:18 GMT

Does anyone still care about market abuse? It’s a slightly tongue in cheek question, but it’s being asked by surveillance heads in the wake of the regulatory enforcements around WhatsApp and then missing venues. What these surveillance leaders mean is, in the quest for channel and data completeness, have we lost sight of the idea of a risk-based approach to surveillance? And where does the drive for completeness end?

Will AI really reduce surveillance costs?

Simon Brady — Wed, 26 Jun 2024 16:00:52 GMT

A cynic might argue that the cost of surveillance is essentially the cost of generating and dispositioning noise. It is a cliché of traditional surveillance methods and technologies that false positives – or, more properly, a combination of alerts that identify anomalies too small to matter plus actual false positives which are alerts that should never have been triggered in the first place – represent up to 99% and beyond of alerts generated. Dealing with this alert ‘firehose’ is, in essence, surveillance.

Surveillance budgets under pressure?

Simon Brady — Fri, 14 Jun 2024 15:00:12 GMT

Surveillance teams have arguably never been under more pressure. Huge enforcements in communications surveillance have been followed by an unprecedented fine relating to trade data. In between, banks – and exchanges – have been fined for failures around calibration and other flaws in the implementation of their surveillance programmes.

DIY voice surveillance: why one bank chose build over buy

Simon Brady — Fri, 31 May 2024 12:43:26 GMT

One of the key areas in which the hype around artificial intelligence (AI) may not be exaggerated is in the analysis of the human voice and language. The technology of transcription and translation has advanced so rapidly that real time analysis of almost all of the languages used by banks’ regulated employees is now feasible.

Trade surveillance back in the spotlight: regulators too

Simon Brady — Thu, 09 May 2024 10:57:24 GMT

My recent blog on how some banks were dealing with investigations into data completeness around venues was unusually prescient. Soon after it was published, JP Morgan was fined $348.2 million for failures in capturing data from around 30 venues. Under the new OCC order, the bank must overhaul and improve its trade surveillance program and conduct a 3^rd party review of its policies. It must clear any new trading venues with regulators under the new order – which seems particularly bureaucratic and unnecessary.

The challenge of the missing venues

Simon Brady — Mon, 11 Mar 2024 16:38:22 GMT

We spend a lot of time talking about how new technology will transform surveillance, but unless surveillance processes capture all regulated activity, technology is not a whole lot of use. Obviously banks are always looking at coverage, in the sense of ‘the right people to include in surveillance programmes’, either with a view to increasing the number of people surveilled beyond regulatory minima to get a better handle on abuse, others taking the opposite approach to minimise costs.

Surveillance in the Cloud? Who pays?

Simon Brady — Mon, 05 Feb 2024 11:17:29 GMT

Despite the high-profile acceptance of Cloud by any number of financial institutions, when it comes to the surveillance use case, things become a little more challenging.

Surveillance tech for 'normal' banks: a tough crowd

Simon Brady — Mon, 05 Feb 2024 11:12:51 GMT

It’s easy, but unhelpful, to discuss surveillance and compliance technology in terms of ‘financial institutions’, as though that term defined a homogenous group of organisations. In fact of course, banks, asset managers, insurance companies and fintechs are all very different, from each other, and each of those terms itself hides a multitude of different types and size of organisation.

Why are so many banks so hesitant on trader profiling?

Simon Brady — Tue, 30 Jan 2024 09:25:50 GMT

Over many 1LoD events there are repeating themes – and one is that banks feel that the regulators are too conservative in their acceptance of new techniques and technologies, while the regulators disagree and say that they are happy to accept innovation as long as it works. This is true in all areas of compliance and certainly in surveillance.

The myth of risk-based surveillance in voice and video

Simon Brady — Thu, 06 Apr 2023 12:25:12 GMT

Regulators and banks themselves are keen on the idea of ‘risk-based’ surveillance – the idea that surveillance should be applied most rigorously to those businesses, channels and individuals that are ‘the most risky’, and that it should be reduced or even stopped for ‘lower risk’ populations.

Surveillance, conduct and culture: lessons from Credit Suisse

Simon Brady — Mon, 20 Mar 2023 16:10:36 GMT

It might not seem as though the sad demise of Credit Suisse has much to teach surveillance professionals, but look harder and it exposes many of the issues 1LoD has highlighted over the past half decade.

Who owns the surveillance risk assessment?

Simon Brady — Thu, 16 Mar 2023 15:00:00 GMT

More than 30 of the most senior surveillance professionals in London came together at a 1LoD Surveillance Leaders' Network to talk about challenges around the risk assessment process. In a fascinating discussion, it became clear that there is an almost complete lack of standardisation of the SRA process; that banks struggle with determining the level of granularity required for effective SRAs, and that there is no common approach to linking SRAs, CRAs and RCSAs.

What’s really under the hood of your surveillance software?

Simon Brady — Wed, 22 Feb 2023 15:59:58 GMT

If everyone uses the same underlying data management and search engines, then what is the value-add of external surveillance software? This question arises because most external software vendors who need a these capabilities in their products, whether in surveillance or not, default to open-source software based on Apache Lucene plus one of a number of extensions to Lucene, the most popular of which is Elasticsearch.

Plenty of prescriptions from the regulators

Simon Brady — Tue, 14 Feb 2023 12:00:00 GMT

As physical FCA visits restart, it’s a good time to remember that while regulators are often criticised for not being prescriptive enough, their enforcement notices actually contain very detailed prescriptions for the kinds of policies, procedures and technology they expect in particular types of firm.

Getting model governance wrong?

Simon Brady — Tue, 07 Feb 2023 12:00:00 GMT

Models set up to monitor credit risk or trade FX have a direct impact on a bank’s P&L and potentially its viability. Alteration to those models’ parameters, whether malicious or not, therefore need to some kind of external validation – hence model governance teams.

Fine them or fire them?

Simon Brady — Thu, 02 Feb 2023 09:44:03 GMT

The recent news that Morgan Stanley was fining bankers up to $1 million for breaching compliance rules around WhatsApp and other messaging platforms to communicate official business has raised eyebrows in the surveillance community.

Surveillance at smaller firms must shape up say regulators

Simon Brady — Thu, 12 Jan 2023 12:00:00 GMT

Anyone who has been to any of our events over the past few years cannot fail to have noticed the widening gap between the surveillance (and broader compliance) efforts of the very largest firms and everyone else. There are obvious reasons for this: large firms usually have more resources; they likely operate in a broader range of asset classes and markets and so are subject to correspondingly more regulation; and, perhaps most relevant of all, they are the biggest targets in the regulators’ sights. Most have been in one form of remediation or other in at least one major jurisdiction for much of the last decade.

Where do you stand on voice?

Simon Brady — Mon, 28 Nov 2022 10:49:14 GMT

At our recent XLoD event – I hope you were one of the 650 or so attendees – there was an enormous amount of off-stage debate about the true role of comms surveillance in general and voice in particular. I’ll return another time to the question of whether comms surveillance is just a secondary investigative tool and what that view means for integrated surveillance another time. But there were also lots of interesting insights into why people still struggle so much with voice and why even those who want to incorporate voice into more integrated surveillance programmes may be focusing on the wrong things.

Hiding behind your lawyers?

Simon Brady — Mon, 07 Nov 2022 12:24:42 GMT

In a recent conversation around the US enforcement actions on message channel capture, 1LoD was told in no uncertain terms by a senior Global Markets Compliance Surveillance professional at a major German bank that, according to its lawyers, ‘in Germany we are not allowed to do e-Comms surveillance’. This bank surveils the e-comms of all of its global operations except Germany. It is by no means alone.

Is compliance a priority for Europe’s regulators?

Simon Brady — Thu, 20 Oct 2022 13:00:00 GMT

While in the US regulators are clamping down on the basics, in Europe it’s still unclear who is compliant with what. In a recent conversation around the US enforcement actions on message channel capture, 1LoD was told in no uncertain terms by a senior Global Markets Compliance Surveillance professional at a major German bank that ‘in Germany we are not allowed to do e-Comms surveillance’.

Capture is hard, surveillance is easy

Simon Brady — Wed, 19 Oct 2022 13:00:00 GMT

It seems pretty clear that the size of the fines levied by US regulators for comms capture failures reflects frustration at the scale of the failure, the seniority of the staff using uncaptured channels and also the fact that banks had policies in place to prohibit much of this communication but the policies were not enforced.

U-turn on FCA / PRA merger?

Simon Brady — Wed, 19 Oct 2022 12:36:08 GMT

After the government’s reversal of its plan to lower the top rate of tax, and rumours of further backtracking on index-linked benefits, is it too much to hope that another Liz Truss suggestion bites the dust?

Getting crypto under control

Simon Brady — Fri, 30 Sep 2022 13:00:00 GMT

In April this year, the OCC issued its first-ever consent order involving a cryptoasset bank for anti-money laundering (AML) control deficiencies. The consent order required Anchorage Digital to develop and implement a comprehensive AML training program for relevant compliance staff. More significantly, the order also requires Anchorage to remediate its transaction monitoring program to be able to cope with the intricacies of crypto. All this barely a year after the bank had received its national trust bank charter.

No technology, no sympathy

Simon Brady — Tue, 20 Sep 2022 13:00:00 GMT

Participants in the energy trading markets face an increasingly difficult surveillance challenge. Regulators complain that they receive far fewer reports of suspicious activity from market participants than they would expect, and so believe that there is a problem with detection. The energy markets have become more complex, especially with the evolution of algorithmic trading, and so more difficult to surveil. And technology is not keeping up.

Crime and punishment

Simon Brady — Mon, 22 Aug 2022 13:00:00 GMT

Surely there’s something wrong with a regulatory environment in which it takes four years to fine a bank for not implementing important new regulations around market abuse? What about giving the bank a 30% discount for agreeing to be sanctioned – should regulators model themselves on COSTCO? What about that amount – £12,553,800? It’s weirdly specific. Personally, I prefer the US approach, which mimics the way plumbers charge in the UK. They see a breach. There’s a sharp intake of breath and then, “That’ll be $200 million.”

Surveillance spends to rise as regulators clamp down

Simon Brady — Tue, 02 Aug 2022 13:00:00 GMT

The need for better capture, the drive for surveillance of broader populations and the need to apply more sophisticated technologies to existing datasets to improve surveillance effectiveness all imply increased spending on surveillance over the next few years.

The risks of risk-based surveillance

Simon Brady — Tue, 02 Aug 2022 13:00:00 GMT

Ask surveillance professionals at banks whether surveillance should move away from its current (and failing) rules-based paradigm and move to a risk-based approach and they are overwhelmingly in favour. Instead of defining surveillance around regulated and unregulated populations, base coverage on the risk that employees may present in terms of their internal and external interactions. Are they client facing? Do they have the ability to execute a trade? What relationships do they have? Are they in a position to be involved in bribery, gifts and entertainment? Do they have the ability to compromise the reputation of the firm?

What’s the problem with WhatsApp?

Simon Brady — Mon, 01 Aug 2022 13:00:00 GMT

So far three big US banks have been hit with $200 million fines for, basically, not capturing conversations on messaging apps, notably WhatsApp. Other fines will follow. This doesn’t make a lot of sense. The technology for capturing WhatsApp messaging has been around for at least two years, with solutions for both the business and personal apps available. And the fines are not for a failure to surveil these communications sufficiently, they are for a lack of basic record keeping. So why is this happening?

Ethics versus the regulators – the surveillance challenge

Simon Brady — Mon, 01 Aug 2022 13:00:00 GMT

While Amazon and others have come under fire for high-tech monitoring of employees, surveillance and compliance heads at banks have generally pushed back against intrusive techniques on ethical grounds. That approach will not survive the current regulatory push.