For compliance functions tasked with monitoring employees, the move to a work-from-anywhere economy has provided new challenges. From being footsteps away, monitored workers may now be scattered hundreds, sometimes thousands, of miles apart—and using video conferencing and other communication tools outside of regulated avenues to preserve business continuity.
Yesterday’s primary form of supervision—observing an employee and gauging their behavior—is no longer an option. The onus is now on technology and controls to fill the gap, but legacy surveillance systems have failed with lexicon-based detection tools and limited voice capabilities. Pandemic turbulence sent suspicious alerts soaring; in some cases more than five times the usual daily levels were generated.
Operating models are undergoing their most comprehensive change since the introduction of electronic trading, and it’s become clear the technology that carried firms through the post-LIBOR scandal years has reached the end of its cycle.
A more proactive form of surveillance is emerging, underpinned with machine learning and predictive analytics designed to spot potential wrongdoing before it escalates.
Unfortunately, compliance staff are unlikely to have the time to learn an entirely new operating system with lots of bells and whistles. To simplify this learning curve, let’s take a look at some of the must-have features in a modern communications surveillance platform.
#1: Multi-channel coverage
Back when email was the only form of electronic communication, it was much simpler to design a solution that could legitimately claim to handle all your eComms needs. But today, chat channels like WhatsApp, Microsoft Teams, and Zoom are some of the most wanted data sets requiring connectivity with surveillance apps—which legacy platforms can’t accommodate.
Modern solutions must have the adaptability to continually add new data sources as they emerge.
#2: Machine learning and predictive analytics
Older communication surveillance solutions are almost entirely keyword- and lexicon-based. Given the scope of coverage required today, they are often bloated with pre-defined trigger words and phrases that can be difficult to adjust and often generate tens of thousands of alerts per month.
Modern solutions are moving past the lexicon model, instead relying on predictive data analytics. This enables them to identify patterns of behavior exhibited by monitored individuals, potentially heading off a breach before it occurs.
A compliance team at a blue-chip conglomerate may be faced with 40 or 50 million content points on any given day, which would take humans hundreds of hours to pore over using outdated technology. AI algorithms, however, can be applied to that set of content instead to would filter for relevant information far faster.
#3: Machine learning applied to risk
Advanced surveillance solutions use machine learning algorithms to build more accurate risk models through the identification of complex, nonlinear patterns within large data sets.
From traders using personal email addresses or communicating at strange times, to the latency of their responses, risk detection has progressed from outdated, qualitative, manual controls to data-driven, real-time monitoring.
The accuracy of an algorithm’s predictions also grows over time when exposed to more data, and when applied to enterprise data—everything flowing through the firm—the tools can help transform management of risks across multiple business lines.
Compliance professionals with access to modern, intelligent surveillance tools can now use their time to proactively stop business threats before they crystallize into regulatory breaches, rather than the sticking-plaster approach of trying to fix something broken.
#4: Security requirements
While a recent study by GreySpark found that 94 percent of compliance professionals have a positive view of cloud-based surveillance services, internal battles over the merits of cloud-based versus on-premises solutions remain fairly common.
In truth, the cloud allows SaaS tools to be developed and implemented much faster than any internal build, and partnering with experts provides access to technological services and security protections far beyond most firms’ in-house capabilities.
As risk-averse as your business may be, leaders need to know that the SaaS vendors and cloud infrastructure providers they partner with are just as committed to security as they are. Explore whether your potential providers meet compliance standards such as ISO 27001, SOC: Type 1 & 2, HIPAA, and FedRAMP. Also, look for flexible and robust surveillance systems that allow users to set up unique rules around what data is protected and which customer-controlled keys encrypt that data.
#5: Native format chat
Email monitoring may have been straightforward 10 years ago, but with conversations often bouncing between several different apps in today’s business environment, context can easily get lost. Analysts need to see both the nuance in conversations, and the wider situations in which they take place, to evaluate their riskiness.
Today’s leading systems are built on the understanding that people communicate differently now: written conversations may go on for weeks or months, using emojis, slang, nicknames, and stickers.
Native chat formats are the visual presentation of data in its original form, which reveal how a complete conversation played out—emojis and all. Your surveillance platform of choice should offer it.
#6: Email threading
Viewing email threads is crucial for connecting messages that may not appear to occur together in a document review interface. Sometimes messages in email threads are not sequential, are duplicated, or involve individuals who are not monitored (think lunch invitations or events).
Intelligent email threading significantly reduces the time and complexity of poring over all the responses by pulling together all forwards, replies, and reply-all messages, and extracting and standardizing the relevant metadata for the reviewer.
The software should be able to identify the email in a chain that contains the entire conversation, rather than forcing the reviewer to pick through each email individually. Similarly, it should be advanced enough to remove clutter such as headers, footers, signatures, and content not produced by the author when presenting the information. Email threading also reduces incorrect or inconsistent tagging and categorization, and is a great example of what machine learning can deliver.
#7: Out-of-the-box policies
Out-of-the-box compliance policies are a staple of any robust surveillance tool. This functionality, direct from the vendor, usually contains built-in workflow tools, templates, and/or best practices. You will be able to immediately uncover breaches of regulations like market abuse, insider trading, or misconduct—as well as your own company policies, which can be programmed into the platform and updated as needed in the future.
The most advanced surveillance solutions build policies that pull together metadata, multiple communication channels, relationship mapping, and sentiment analysis via machine learning algorithms that continue to improve with use. As the system is trained to look for behavioral patterns, analysts can root out potential wrongdoing before it escalates, and the algorithm will learn and become more accurate over time—ultimately reducing the number of false positives generated.
#8: Workflow configuration
Prior to the evolution of more connected technology, compliance teams generally worked from their own gated systems. Investigations requiring escalation would be handed over to legal departments, who had their own tools to assess the incident from scratch. As both teams operated in siloes despite sharing overlapping objectives, this transfer process frequently resulted in lost information, time, and sunk costs.
Workflows have evolved to allow compliance, legal, HR, risk, and IT teams to plug into the same data storage systems, overseen by a global control room. A modern surveillance solution would sit on top of this data archive, sorting and analyzing information as it’s added. This allows compliance to hand over escalations to legal without any loss of information. Notes, additional information, or individual access to the case can all be modified as needed, without introducing inefficiencies or vulnerabilities.
Automated workflow configuration is also instrumental in reconstructing trades, as it provides direct access to the historic data required to map out a trade and the communications that led to its execution.
#9: Multi-language coverage
For multinationals in highly regulated sectors, a large global footprint means a diverse workforce that communicates in any number of languages. It has become increasingly important for surveillance teams to have search experts with a knowledge of local languages and syntax to help construct the algorithms that will look for potential breaches. That expert can craft filters and search terms to run across multilingual communications. Some surveillance solutions will then translate the communications into whatever language the compliance team requires.
Languages are complex, and doubly so when colloquialisms, shorthand, nicknames, chat speak, or internet acronyms are also used by speakers. Multi-language capabilities are essential for representations in cross-border litigation and regulatory compliance across geographies.
#10: Voice surveillance
Not so long ago, voice surveillance emerged as one of the great frontiers of building a complete compliance function. Monitoring calls has been historically one of the toughest elements of a compliance officer’s role.
The first waves of recording equipment were built for retail banking operations, with scripted and predictable conversations carried out in call center environments. By comparison, trading floor chats tend to be more free-flowing, unpredictable, busier, and surrounded by the noise and chatter of a busy room. Recordings were often of poor quality, further hampered by the compression necessary for storage in on-premise systems, and triggered high numbers of false positives.
Remote working has moved conversations into homes, which carries a new element of risk regulators have been quick to pick up on. It also led to a boom in video conferencing and other audio tools from Zoom to Microsoft Teams, on top of Google Hangouts and voice capabilities in Slack and WhatsApp.
Capturing diverse audio/voice data in a digestible way is a vital part of modern surveillance offerings. You’ll want to vet a potential platform for how ingestion takes place, as well as transcriptions and redactions. For example, not all surveillance systems can ingest data from Microsoft Teams and Zoom, and others require you to leave their platform to do so—which could lead to further costs.
Additionally, high-end surveillance solutions can convert audio or video files into a native format, delivering an accurate, transcribed index that is fully searchable for reviewers.
In part 2 of this series, we’ll share tips for making a business case to leadership for acquiring the right communications surveillance platform.