Why Financial Firms Need to Start Taking Communications Surveillance Seriously

2023 a record year for regulatory penalties

The use of illicit communications platforms is plaguing financial institutions across the globe.

In September 2023, Goldman Sachs fired its head of transaction banking for breaking communication rules. A month earlier, nine Wall Street firms paid a total of $555mn in fines to US regulators for using unmonitored messaging apps such as WhatsApp and failing to keep records of employee communications.

In fact, penalties from the SEC and CFTC totalled $9.2bn in 2023, including 32 fines for insider trading alone. The $4.3 billion in penalties handed out by the CFTC was its highest ever return in a year.

Under Dodd-Frank legislation in the US and Markets in Financial Instruments Directive (MiFID) rules in Europe, all electronic communications resulting in a transaction must be recorded by banks. Most banks and trading floors use a variety of communications tools across text, voice and visual media applications, which must be compliant.

The clear rise in communication wrongdoings among financial firms can largely be put down to a combination of uncertainty and carelessness. An increasingly digitised and interconnected post-COVID capital markets industry has seemingly blurred the lines between personal and business communication, with more business workflows being moved off-premise, leading to some employees unknowingly violating the rules.

However, only around half of financial institutions are monitoring employee communications over WhatsApp. This is because financial firms are finding themselves in something of a Catch-22 situation, where the tighter monitoring of one channel leads to employees moving to the next unmonitored channel. Implementing policy bans of a particular channel does not necessarily provide full coverage of employee communications because they can start using another inconspicuous chat channel. Instilling a culture of compliance and imposing individual penalties on those that are non-compliant are feasible ways to help to combat this problem.

Now, more than ever before, banks require effective surveillance monitoring tools to track employee communications activities and appease regulators given the current clampdown. GreySpark’s opinion is that financial firms should deploy a holistic surveillance solution, that brings together trade, voice and e-comms monitoring in one unified platform. In particular, AI-based surveillance solutions that are capable of monitoring the increasing volume and complexity of communications data within a firm while maintaining integrity and reducing the need for human intervention are advisable.

Source: GreySpark analysis

As the figure above shows, to deal with the high volume and diversity of communications data, a best in-class communications surveillance platform must include tools, such as:

1. Spam Filtering - Spam refers to content that is irrelevant for surveillance purposes, and includes internal newsletters, blog posts, marketing and other mass messaging. A good filter will rank content according to the likelihood that it is spam and automatically remove it according to a specified ranking threshold.

2. Auto-generated Content - There is also the question of system-generated content such as email headers or signatures, disclaimers or confidentiality statements. On the face of it, it would be desirable and straightforward to automatically remove this type of content from the dataset. However, as with all static rule-based surveillance, this is potentially a risky strategy, as it is easy to conceal messages in the guise of an email signature, for example, and so a more dynamic approach is needed.

3. Deduplication & Email Threading - Communication datasets can contain a large amount of duplicate content. In particular, email communications often include duplicates of the entire historical conversation in each new email message. Using a process known as ‘email threading’, emails can be grouped together in a conversation so that the end of the conversation can be identified and an alert only sent on the final email that contains the entire conversation.

4. Voice Transcription - High quality voice and audio transcription is a crucial part of an intelligent communications surveillance platform. Achieving this accurately, when a variety of jargon, acronyms, slang terms, languages and codes are used is not simple.

5. Video & Image Recognition - The platform must be capable of identifying and extracting text or other patterns that appear within videos, images and screenshots. Text is frequently embedded within imagery and a best-in-class solution must be able to capture the information.

After this data is collected and normalised, the data must be analysed and reviewed to ensure that any behaviour that puts the firm at risk is detected. Many of the alerts generated by surveillance systems are innocent. An effective surveillance system should be able to identify interactions which are risky and only those interactions, so that the human reviewer is able to quickly hone in on only the truly problematic communications:

6. Intelligent Risk Ranking - Ranking is part of the approach typically taken to evaluate the riskiness of remaining data. An effective surveillance solution should rate each data item (or group of items) according to a risk scale, to enable review of relevant items and flagging of false positives.

7. Conversation Identification - Most conversations take place over more than one medium, in financial services. A typical conversation may begin with an instant message, for example, continue via a phone call and finish up over email.

8. Conceptual Search - Analysis of communications data by concept using unstructured AI categorisation capabilities, in addition to simpler searches for pre-defined words and phrases, can allow conversations to be sorted into groups of documents based on the concepts and topics discussed in the text. This categorisation will assist the user in identifying topics that are unusual or out of place.

9. Pattern Identification - In addition to the conceptual search, AI techniques can be used to identify other patterns in the dataset, including behavioural trends such as who interacts with whom, how, when, how often or whether interactions between certain groups of people are regularly ‘taken offline.’

10. Advanced Phrase Searches - The use of lexicon search-based approaches to surveillance can be effective – AI analysis tools can assist the user in keeping lexicons and associated rules up to date, by using identified patterns to determine relevant key words, code words, phrases and behaviours.

11. Other Metadata Analysis - It is not just the text and content of communications that can be used to highlight risky communications. Extracted metadata such as send time and number of conversation participants, enriched metadata like directionality and language identification, and people metadata including department and geography can also be analysed to identify unusual or suspicious behaviour.

Given the spate of regulatory fines issued to financial firms over the past year or so, it is vital that financial firms have adequate communications surveillance monitoring systems in place.