Why are so many banks so hesitant on trader profiling?

Over many 1LoD events there are repeating themes – and one is that banks feel that the regulators are too conservative in their acceptance of new techniques and technologies, while the regulators disagree and say that they are happy to accept innovation as long as it works. This is true in all areas of compliance and certainly in surveillance.

The arguments go back and forth and both sides deserve some sympathy. The regulators have to work with imperfect legislation which they cannot change. If there is a perceived regulatory lapse – such as the acceptance of an imperfect new technology – then it’s all downside for them. It’s the classic asymmetry of compliance: if things are going well no-one says thank you; if there is the slightest error the sky falls in.

And regulators ARE using new technology themselves – better data analytics, some machine learning and so on.

But there is also truth on the banks side. What regulators say and what they do does seem to be different. There are too many stories of banks being asked to run parallel systems; too many times where a regulator has been concerned that the output of a new system does not match the output of the old one as though that is in some way a problem – the old systems were generating useless noise so why the concern?

But there are also lots of examples of conservatism and frictions within the banks and one we’ve noticed is over trade profiling.

But the other, which is interesting, is how hesitant some banks are on trader profiling – which, done well, could surely transform the efficiency and effectiveness of surveillance is in trader profiling.

This term means different things to different banks. For some, it is using a focused analysis of traders’ mandates, what they trade, who they trade with, in what sizes, P&L movements and other data closely related to trading, such as analysis of communications patterms, to build a ‘normal’ avatar for each trader. This avatar or digital twin of each trader is then used as the baseline against which to measure the ongoing behaviour of the human trader.

Depending on how the divergences are used, this could be viewed as a new class of ‘behavioural’ surveillance, which generates its own standalone alerts which need to be reviewed. Or the outlier data can be used as an additional input into a traditional TS engine. Or it can be used as additional context in the escalation and investigation process. As data on divergent behaviours builds up, and the significance of those behaviours is investigated, it would be possible to use it to assign risk scores or ‘employee risk ratings’ to traders. But this is not an initial objective of these kinds of programme.

The other way banks think about trader profiling involves taking data from broader conduct programs, HR data, compliance training data, and more, as well as trade-related data. Programmes run like this are much more likely to be used to explicitly assign risk scores to individuals – scores that persist beyond, say, just the one-time gathering of behavioural context into an investigation initially triggered by traditional TS.

More than a third of the participants revealed that they did use some form of trader profiling. Most used narrow trade-related versions, and even then only for particular risk types. For example, communications network analysis was used in some banks’ insider dealing surveillance. But the majority were uncomfortable with explicit employee risk rankings, whether narrow or broad, again for reasons that seem to boil down to internal conservatism and assumptions about regulatory blowback.

The internal conservatism largely concerned ethical and HR issues. A number of attendees felt that explicit trader risk ranking would cause division between compliance functions and the business and would be difficult to justify in the absence of specific regulatory demands. Others pointed to specific issues in Europe around GDPR and workers’ councils – though crime prevention trumps these concerns in the major jurisdictions. And others worried that as soon as banks put a system of any kind in place, it becomes a matter for regulatory scrutiny and criticism.

“The regulator is going to want to see everything that you are doing in terms of that process and they will want to see that it is airtight,” said one US surveillance head. “Particularly if you close out an alert around a particular trader based on that risk score then, because you are now targeting the trader and not the trade, then you’re potentially running regulatory risk.”

This fear is based on the argument that using trader profiling as an input into the TS alerting process creates an additional step in the model that then falls under both regulatory and internal scrutiny. Banks who take this approach also argue that explicit trader profiling and risk scoring don’t add significantly to the surveillance process anyway. In their view, because you can bring all of the trader-related context into the escalation process, there is little to be gained from creating an entirely new surveillance type with its attendant issues.

I’m not sure we’ll ever get to the bottom of whether it is regulatory caution or bank conservatism that is most to blame for slow progress in some areas of compliance, including surveillance, but there is certainly more banks could be doing to push reform internally, as long as senior management and the business are willing to fund it. But that’s another blog so keep an eye on this page for more of those.