It’s easy, but unhelpful, to discuss surveillance and compliance technology in terms of ‘financial institutions’, as though that term defined a homogenous group of organisations. In fact of course, banks, asset managers, insurance companies and fintechs are all very different, from each other, and each of those terms itself hides a multitude of different types and size of organisation.
Much of the discussion around surveillance technology revolves around best practice and the kinds of solutions used by the very largest and most sophisticated organisations. But what about the majority who have to make do and mend, and whose response to rising costs is not to increase budgets but to look at reducing scope? These are some takeaways from chats with a small group of surveillance leaders outside the GSIBs.
For these organisations, in trade surveillance, among mid-sized organisations, there seems to be resistance to upgrades. Many organisations have chosen industry standard applications and, while they fully understand their limitations, they see no great benefit to moving to newer providers, and some, with smaller trading footprints, are even sticking with in-house tools.
“We looked at the third-party products,” says one head of EMEA surveillance, “And we've run proof of concept a number. But ultimately, the results were not sufficiently compelling to demonstrate that the improvements in output were worth the associated risks from the point of view of loss of control and governance and dependency.”
Banks like this fully understand the benefits of better calibration algorithms, the use of AI in creating scenarios (and in controls themselves), and the use of AI post-alert to add additional data to the alert pool to better prioritize high-risk alerts and ID false positives. But there has to be a compelling ROI benefit to offset the costs and inconvenience of a new implementation.
As one UK-based surveillance head explains, “We were quoted numbers of a million dollars to upgrade in trade. That are not an insignificant cost. And for us it was cheaper to build in-house and at the same have complete control over what exactly is being built and how it's being implemented.”
In e-comms surveillance, the journey from fully lexicon-based systems to newer solutions that leverage NLP and / or machine learning is, in the words of one surveillance head, “a tortuous process, if I’m being frank”. One big issue has been both the governance and security issues of moving to the Cloud. But also the costs and the allocation battles that follow (see my other blog on ‘Surveillance in the Cloud’).
In voice surveillance, the most likely journey for mid-sized organisations is from insufficient coverage to the required minimum. This is not so much about efficiency or new technology, it’s about ensuring compliance at the lowest cost. The quest for better integration across trade, voice and e-comms is seen as somewhat pie-in-the-sky.
“Even if you think through to the use of metadata and pattern analysis and joining up the comms side to the trade side, they do largely remain two very separate disciplines with different skill sets: ex-traders largely doing the trade surveillance and lawyers and HMRC investigators and that kind of staff on the comms side. Now, yes, there are many vendors who claim that they can do impressive things but we're yet to see someone that can join up all the comms alerts and metadata with similar trading activity overlays to provide a fully integrated solution,” explains one surveillance chief.
Even sceptics like these accept that the gap between the two can be bridged, but they believe that the first steps are as likely to be around workflow as they are around alert enrichment and genuinely improved detection of prohibited behaviours. For example, the escalation process can be triggered by an unusual alert in, say, comms, that obviously needs to be reviewed by an experienced trade analysts. Given that very basic form of cross-over, it’s clear in the future that machine learning and artificial intelligence will work to make that relationship stronger.
And this surveillance head is manually building that bridge by having the analysts in the comms space to shadow the trade analysts to get more knowledge and understanding and vice versa.
The future? “I could envisage a point in time where you would have an end-to-end, integrated surveillance solution that could then by divided by asset class. So, you might have a rates team, and within the rates team you will have your trade analysts, and you might have a couple of comms analysts, and all they concentrate on is the rates asset class. And therefore you get kind of interaction and engagement between trade and comms within the asset class discipline.”
At the end of the day though, Tier 2 and Tier 3 organisations have to be persuaded that the cost of not acting today exceeds the costs of waiting. It’s hard enough to answer that just in terms of the compliance risks and operating costs of legacy tech. But the pace of technological change, especially around AI, makes that an even more difficult calculus. Why embark on a two-to-three-year project now when the next big thing could be just around the corner?