Other parts of this series:
Welcome Back! Last time we covered some of the background relating to surveillance.
Surveillance, which in its simplest definition may mean to keep a close watch on someone or something, has become synonymous with the process of identifying outliers in a body of data, or identifying things that occur outside the ordinary course of business. The execution of that seemingly simple task has become increasingly complex as a result of a virtuous feedback cycle.
Positive results from early forms of surveillance have been accompanied by increased regulatory scrutiny and greater transparency to the general public. This has led to more facets or elements being included in surveillance. We have also seen ongoing and continued improvement in the strategies as well as the technologies used to perform the activity.
Surveillance is evolving into a practice in which machines are increasingly necessary to identify the outliers. But people are still going to be needed to understand whether something bad has actually happened. (At least for now!)
A recent survey surmised that poor conduct has resulted in over $1 trillion in profit being eliminated from the financial services industry in the past decade. That number is massive and includes such things as the more than $1 billion in fines paid by just one institution.1
In short, the stakes are higher and the technologies have evolved. That makes us think differently about surveillance programs today.
What we want to see in a surveillance program is a holistic view of activity that can be presented at different levels – individual, desk, line of business, geography, and/or trading functions. This is not a regulatory imperative and therefore may be difficult to achieve in terms of budget. That is to say, getting the money to develop such a system. But this is what is required, not only to meet regulatory expectations but also for pro-active risk mitigation, brand management and reputational impact. We still need to spend money on surveillance, but that spending should be as “smart” as it can be.
The ability to leverage data has become another key characteristic of a mature, effective surveillance program. The surveillance function of the future should be able to process and factor in data sets that include what I refer to as “non-traditional” surveillance aspects such as training, office seat location and building access, expense reporting, paid time off and absences, personal trading, third-party engagement, web-browsing and any others that emerge as leading, or lagging, indicators.
The aggregation of these data components can provide the Chief Executive Officer, Chief Compliance Officer, and the supervisory team with an exponentially clearer overview of their organization. It can also facilitate regulatory interactions and serve to demonstrate a firm’s focus on a meaningful culture and conduct of compliance.
Surveillance programs were historically relatively simple and distinct because there were fewer technology solutions available to process the data in a meaningful way. As a result, the regulatory guidance that there be “a reasonable program” allowed for a good amount of flexibility. Today there are solutions to ingest, integrate, parse and analyze virtually any activity. The use of this data challenges the existing constructs of many organizations but is necessary to empower surveillance so that it may attain its necessary evolution.
Creativity remains paramount in this function. Unless we challenge the existing paradigm and push solutions to be more effective and efficient, evolution should slow. We should all look beyond financial services to see what is being done in areas such as healthcare and technology where solutions have been deployed for similar, albeit not regulatory, surveillance purposes. For example, Facebook, Inc. recently confirmed that it has a process to review communications sent via messenger. The process includes face scanning technology to identify potential child exploitation imagery. Items that the system believes are abusive or suspicious are flagged for moderation.2
I wonder how many firms have implemented something similar for their e-comms programs to target images, non-readable pdfs or other documents?
Outside of the financial services industry the drivers of surveillance are corporate responsibility, conduct and ethics. These are different from regulatory drivers and result in different conversations with senior management.
A conversation about improving the common wellbeing, “doing the right thing,” or protecting the franchise from a potentially highly visible and reputationally damaging situation is often more effective than one about regulatory obligations.
The people that write the checks tend to be more receptive to notions they can understand – like the next viral tweet rather than a complex piece of regulatory legislation. But the outcome is the same – money needs to be spent on surveillance programs to keep them effective and provide value to the organization. Tune in next time to learn about another area where surveillance is evolving.
- “Compliance Training Failing to Deliver Meaningful Outcomes,” Regulation Asia, September 4, 2019. Access at: https://www.regulationasia.com/compliance-training-failing-to-deliver-meaningful-outcomes-report/.
- “Facebook Says It Scans Messenger Conversations for ‘Community Standards’ Violations,” The Wrap, April 4, 2018. Access at: https://www.thewrap.com/facebook-says-it-scans-messenger-conversations/.