The regulatory burden is on organizations to take proactive action on employee misconduct, whether that involves fraud, bribery, corruption, or other wrongdoing.
It’s increasingly clear that organizations need to be able to monitor communications to detect bad behavior as it happens and before it escalates. In fact, the Justice Department announced last year that it would consider whether companies accused of wrongdoing had effective compliance programs in place at the time of the misconduct.
At Relativity Fest in October 2019, Relativity Senior Account Executive Mark Sekulich moderated a panel discussion with industry experts—Wendy King and Brian Stuart, senior managing directors at FTI Consulting; and Terry Bock, managing director at Deloitte—about Relativity Trace and the need for compliance monitoring.
The discussion hit on numerous topics, including why their teams took on compliance monitoring, types of behaviors that require monitoring, privacy concerns, challenges they’ve faced, and more. Read a recap below, and watch a recorded webinar with the panelists to learn more about proactive compliance strategies and how to implement them in your organization.
Tackling Communication Surveillance
Mark opened the discussion by asking the panel what made their teams decide to build a surveillance and compliance monitoring offering for their clients.
“We got into this about four or five years ago,” Brian said. “Some of the banks were asking us to look back at data and the correlation between activities, and then link up those patterns back to the behavior of traders in organizations. We used lots of tools and techniques for the ‘look back,’ mainly Relativity.”
But as regulations, such as Europe’s Market Abuse Regulation, become more specific, many financial institutions are required to have a compliance monitoring program in place that generates alerts, and they’re required to show evidence that they are acting on these alerts. Requirements aside, many organizations already have a reactive program in place, like e-discovery, and because surveillance requires similar skills and technologies, building a proactive compliance monitoring offering is almost a no-brainer.
“So, what started out as a look back then became, ‘Can we help them with ongoing monitoring?’ And again, Relativity was our tool of choice to help us,” Brian added.
Moving Beyond Financial Services
When Mark asked the panel what percentage of the companies they’re speaking with have a proactive compliance program in place, or have it on their roadmap for 2020, they were quick to answer with a whopping 90 to 100 percent.
“Proactive monitoring has been around financial advisory for a long time,” Wendy explained. “As Brian said, it started as a ‘look back,’ but bad actors aren’t only happening in financial services anymore, and the need for a proactive monitoring program is only increasing.”
Mark then asked the panel what other industries are showing an interest in proactive communication surveillance. The three started to bounce answers off each other, including fraud in supply chains, improper FDA labeling and pharmaceutical sales, off-contract agreements with suppliers in retail, and anti-money laundering (AML) activities in gaming companies.
Relativity recently announced that Trace will now include out-of-the-box policies that will help businesses across industries start monitoring for these behaviors faster. These new surveillance policies start generating and reviewing alerts right away, with no manual rule setup required.
Balancing Risk and Privacy
Monitoring employees within any organization brings some data privacy questions into play. The panel discussed some of the bigger obstacles and challenges they have faced from a compliance monitoring workflow perspective.
“The level of maturity in monitoring e-communications has been highest in financial services firms primarily, not only because of the business case for stopping bad things from happening as early as possible, but because of the regulatory requirements many financial services firms must comply with, including the ongoing proactive supervision of email and other e-communications,” Terry said. “This will likely serve to shorten the adoption curve for other industries.”
The panel agreed that the challenges vary from firm to firm and that the US is much more comfortable monitoring emails and phone conversations than Europe.
“The rules and regulations around data privacy are quite clear, but are also open to wide interpretation,” Brian said. In Europe, for example, employees have the right to private communication, which can make it difficult to monitor electronic and audio communications. Compliance monitoring technology, like Relativity Trace, can make it easier to adhere to those regulations by limiting who has access to the underlying communications and focusing review efforts on the highest-risk alerts.
Next Steps for Other Organizations
Implementing proactive communication surveillance in an organization is about understanding the client’s business, why they need to monitor, and what they want to do with that data.
Compliance monitoring is most common in financial institutions, but as the impact of regulatory failings increase year over year, companies need to be able to effectively monitor communications. With so many behaviors to monitor, it’s not always easy to know exactly what you should be looking for. But technology like Relativity Trace takes some of the guesswork out of that.
So, if companies want to keep themselves off the ever-growing list of regulatory fines, the panelists were in agreement: Be proactive.