Navigating the intricate and ever-changing landscape of regulations in the finance sector can feel akin to attempting to play tennis in a hurricane for many financial firms.
In February and April 2024, LeapXpert and SteelEye joined forces to host roundtable discussions in New York and London, delving into the realm of communication compliance in financial services. Attended by leaders in compliance and surveillance, these sessions sparked engaging conversations on various topics, including off-channel communications, regulatory perspectives, the role of AI, and more.
In this blog post, we share key insights from these discussions, shedding light on the challenges faced by participants and outlining priorities for 2024.
The evolving landscape of communication channels presents a persistent challenge for firms striving to uphold compliance standards and thwart off-channel communications, which has resulted in billions of dollars worth of fines for financial services firms over the last few years.
This challenge is compounded by privacy concerns, with ethical questions around the extent to which firms should intervene in their employees’ private interactions. While inadequate monitoring can inadvertently lead to regulatory breaches, firms need to balance compliance needs with respecting privacy, and this is prompting firms to reassess their surveillance protocols. For example, LinkedIn's dual role as a professional networking tool and personal platform introduces unique complexities, which has prompted a reassessment of which channels should be monitored by compliance. Despite instances where the absence of monitoring on LinkedIn resulted in regulatory breaches, some firms remain hesitant to enforce stringent oversight due to privacy considerations.
Bring Your Own Device (BYOD) policies further complicate matters, with some firms considering a return to corporate devices to mitigate risks. Yet, this shift doesn't eliminate the threat of malicious activities on personal devices. To address this, best practices recommend monitoring for communications hopping, where individuals switch channels mid-conversation. This can be done by, for example, triggering alerts when a trader shares their personal number as part of a conversation or uses language such as “I will message you on WhatsApp”.
Another challenge is linguistic switching, where bad actors evade surveillance by switching languages. Traditional surveillance tools limited to specific languages, such as English, are inadequate in detecting such tactics, highlighting the need for multilingual capabilities.
The demand for streamlining compliance tasks has led to increased interest in AI and machine learning technologies, and there is a recognition in the industry that these technologies can go a long way to alleviate some of the persistent challenges that plague the communications surveillance space. In fact, nearly 2-in-3 firms have already implemented some form of AI for compliance.
However, understandably, concerns persist regarding regulatory acceptance and ethical implications of these technologies and many firms are proceeding with caution.
In the United States, the regulatory landscape is marked by rigorous enforcement measures and hefty fines for non-compliance. Regulators take a no-nonsense approach, stressing the importance of self-reporting and cooperation from firms. Numerous financial institutions have been subject to regulatory audits and enforcement actions, particularly in relation to off-channel communications.
Although US regulators recognize the challenges financial firms are facing, they expect and demand proactive involvement and assert that they have allowed ample time for firms to align their policies with current guidance. As such, they are now holding firms that fall short accountable, which is evident in the hefty fines exceeding $3 billion imposed for record-keeping failures in recent years.
On the other side of the pond, the UK is perceived as presenting a more favorable landscape for interactions with regulators concerning off-channel communications. Regulators in the UK are seen as more receptive to dialogue and collaboration compared to their US counterparts, who are often perceived as less empathetic and more inclined towards punitive measures. For example, the Financial Conduct Authority (FCA) has taken proactive steps to engage with firms and discuss their strategies for monitoring off-channel communications. This sentiment is echoed in SteelEye's 2024 compliance health check report, which indicates that firms find it more challenging to engage with US regulators (FINRA and SEC) compared to their UK counterparts.
Irrespective of the location, initiating proactive engagement with regulators frequently results in productive discussions and mutually advantageous outcomes. In fact, regulators encourage self-reporting, cooperation, and remedial actions, stating that this can help mitigate penalties. This highlights the significance of nurturing collaborative relationships with regulatory bodies.
Effective compliance hinges on a thorough grasp of vendor technology and capabilities. Collaboration between in-house compliance teams and external technology providers is pivotal in navigating the complexities of financial regulation. Firms must prioritize collaboration with their technology vendors to craft tailored solutions that address specific compliance needs. Moreover, it's imperative to have a comprehensive understanding of how these technologies are implemented and function, as regulators expect firms to be well-versed in the technologies they employ.
The roundtable discussions highlighted the following areas as key focal points for the year ahead:
Reevaluation of BYOD Policies: Many firms are reassessing their Bring Your Own Device (BYOD) policies and contemplating a return to providing corporate devices to manage off-channel communications proactively.
Monitoring for Communications Hopping: Many firms are looking to implement alerts that flag indications of communication hopping. This can involve setting up triggers for phrases such as “I’ll WhatsApp you” or “I’ll text you,” or detecting instances where personal phone numbers are shared during conversations.
Surveillance of Emerging Communication Channels: Given the proliferation of new communication platforms like gaming channels and LinkedIn, firms strive to regularly review and adapt their monitoring practices to encompass these new channels.
Enforcement of Policies and Employee Compliance: Increasingly, firms recognize that merely establishing policies is insufficient and must actively enforce them and address any loopholes or ethical gray areas.
Learning from Regulatory Fines: Firms are more regularly analyzing regulatory enforcement releases to grasp regulatory expectations and prevent similar shortcomings.
Emphasis on Language Compliance: Firms increasingly focus on multi-linguistic surveillance capabilities, including understanding employees' language abilities and monitoring multilingual communications.
Integration of AI: The adoption of AI is viewed as inevitable in compliance, and many firms have either implemented AI or are preparing to incorporate it into surveillance systems.
Vendor Technology: Firms increasingly recognize that technology needs to be implemented with care, customized, and well-understood. This is a regulatory expectation, and off-the-shelf implementations are not well regarded by regulators.
The challenges posed by off-channel communications in the financial sector underscore the critical importance of robust compliance strategies.
There is a delicate balance firms need to strike between monitoring communications and respecting employee privacy, especially when considering platforms that straddle the personal and professional, such as WhatsApp and LinkedIn.
The prevalence of BYOD policies and the complexities surrounding communications hopping and linguistic switching underscore the urgency for vigilant surveillance and proactive measures. While AI presents a promising solution, its implementation demands careful consideration and understanding.
Ultimately, the foundation of robust compliance lies in a profound comprehension of technology and collaborative partnerships between in-house compliance teams and external technology providers. Moreover, nurturing collaborative relationships with regulatory bodies is essential for ensuring effective compliance practices.
The necessity for a comprehensive communications solution is becoming increasingly evident—one that not only tackles present compliance challenges but also foresees future regulatory demands and technological advancements.
The LeapXpert Communications Platform ensures compliance across all channels, providing real-time monitoring capabilities to mitigate risks effectively. With LeapXpert, firms can bring off-channel communications into the regulatory fold, making sure they are carefully monitored.
SteelEye's fully integrated communication and trade surveillance platform empowers financial firms to manage their compliance obligations proactively, leveraging AI/ML technologies to detect anomalies, automating surveillance tasks, and staying ahead of regulatory changes. By harnessing the power of SteelEye's comprehensive solution, firms can strengthen their compliance posture, minimize regulatory exposure, and drive business growth.
The LeapXpert and SteelEye partnership provides a comprehensive approach to communications compliance and allows financial firms to benefit seamlessly from both cutting-edge solutions. By providing a unified solution, firms are empowered to navigate the complexities of regulatory compliance with confidence and resilience.
Joint solution by LeapXpert and SteelEye ensures seamless & compliant use of messaging channels