Compliance

10:00 AM
Julio Gómez
Julio Gómez
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Next-Generation E-Communications Surveillance Starts Now

Monitoring every single email, voice call, text, or chat for compliance is a daunting challenge, but analytics technology is improving.

You have to read every single policy. You have to read every single email that comes in and goes out of your business. You have to follow every single chat session that every single employee opens. And you have to correlate them all to find patterns that indicate risks and violations.

Now, that’s a regulatory burden for you. Oh, and the new rules go into effect December 1.

Whether you are the head of a desk and carry supervisory responsibilities, the CCO that needs to make sure that compliance happens across the entire firm, or the IT executive who has to build a smart way to deal with this problem, the task at hand seems an impossible one. The fact is that firms are doing what they can to appear to comply, and regulators are doing what they can to help guide firms. But the complete solution is going to require advanced analytic technology that can handle words, sentiment, entities, relationships, and multisource behavioral profiling. Cave-man tools won’t fix this space-age problem.

There are three levels of e-communications surveillance that firms are going to deploy over the next year. Only one of them is both strategic and future-proof. Executives have a rare opportunity to reduce cost and complexity, while increasing visibility and accountability. How? By leveraging advanced text analytics that can look across information sources and types. Let’s look at the three stages of building a next-generation e-communications surveillance solution.

Level 1: Lexicon-based reviews
Most firms today have rudimentary systems that will do simple character matching against bodies of text found in emails and chat transcripts, looking for indicators of violations, such as words (“call me later”) or phrases (“heat tickets”). In the 1960’s Regular Expressions System became popular and is still used today to do “character matching,” but that really should be “Level 0” surveillance.

These systems are helping with compliance, and many firms rely on them considerably today. This is because back in 2007, when FINRA issued its guidance on surveillance compliance, advanced text analytics was only used in the realm of computer science academia. What firms are using now is essentially a cluster-bomb way to catch everything that is suspect. In other words, it identifies a bunch of text that shouldn’t be suspect (creating false positives), in the same way a cluster bomb damages everything it comes near. The problem is there is a vast amount of benign communication being caught in the net, along with the potentially problematic ones. That’s where it gets expensive. That’s where Level 2 surveillance comes in.

Level 2: Advanced text analytics
Level 2 of a next-generation e-communications surveillance solution requires intelligence to be added to the screening process with the goal of reducing “false positives.” The system needs to do more than match characters. To gain a higher confidence rating on matches, the system must be capable of understanding that certain concepts communicated between two certain individuals within a certain geographical area are significant.  That means the system must have advanced text analytics capabilities that support entity extraction (people, places, organizations), key phrase extraction, and neural net for sentiment detection. This is easy to map out but difficult to execute at a high level.

The Level 2 system must also be aware of the context of entities and phrases in relation to each other. The system must have an elegant language to succinctly express and build intelligent and dynamic linguistic traps. This kind of optimization of language analysis is a meaningful increase in the value of the system and will significantly reduce costly manual intervention required to investigate the false positives generated by systems of yesterday. Better, yes -- but good enough? Not by a long shot. The next-generation e-communications solution must support statistical approaches to analyzing the text characteristics that matter most.

Level 3: Statistical analysis
The 250 largest financial firms in the Americas are the ones that truly need to craft a Level 3 system. They have the same requirement as smaller firms: Monitor every single communication and check for policy violations. But the larger firms have such a high volume and complexity of communications and communications platforms that only the most robust technology solution will deliver the desired combination of compliance confidence and cost effectiveness. Some examples of the kinds of statistical approaches supported by the next-generation e-communications solution:

  • Concentration – What are the statistically significant occurrences of communications with regard to counterparties?
  • Volume – Are there significant deviations from the normal volume of communications? Are there new risky linguistic concepts?
  • Profiles – How do the communications vary relative to “peers”?
  • Network – Are new counterparties exposing new risks based on the social network of those counterparties?
  • Predictive analytics – Over 60 percent of fraud is done in collusion. How to find colluding perpetrators with a “more like this” style of behavior analysis?

All this amounts to a high-tech way to evolve surveillance from rudimentary character-matching to screening that is intelligent and risk-aware. Now, if you can connect to a variety of sources (Sharepoint for policies, chat logs from multiple vendors, exchange or other email systems) and give operators the flexibility to create and change parameters, while supporting real-time feed to any system, report, or dashboard, then you have it: the next-generation e-communications surveillance solution. 

And it is in development at several firms today.

Julio Gómez is General Manager, Financial Services for Attivio, where leads efforts to help global financial services enterprises solve their most difficult data problems to power game-changing solutions. Julio is widely known as the founder and CEO of Gomez, Inc., ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
5/31/2014 | 10:55:30 AM
Can small firms tackle surveillance demands?
Very interesting article, Julio, laying out the three levels of surveillance and anlytics needed to examine all levels of communications for policy violations.  While you say the 250 largest financial firms need to implement this type of analysis, how can smaller firms (with the same compliance/risk requirements)  be expected to conduct lexicon or language based analytics? This seems to be a skill set that will be in demand or rather, firms will seek external advisers and consultants to bring the expertise.
Becca L
50%
50%
Becca L,
User Rank: Author
5/30/2014 | 3:54:17 PM
Re: Is there any other way?
Great article, Julio. Excellent points about the tiers of surveillance and what that can mean in detecting risk.

The level 3 communications seem critical to catching the majority of security breaches, let alone internal compliance. Often times someone's "profile" is hacked to send unusually high "volume" of sensitive data out of the "network" - it's important these departments - security and compliance, work closely together to detect unusual behaviors

Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
5/30/2014 | 7:26:17 AM
Is there any other way?
I guess financial firms could continue to use existing surveillance processes, but with all of the different types of communications now, that will be quickly become overwhelming.

in addition to the compliance application you outlined, can firms simultaneously use the surveillance technology for analytics on other things? The surveillance technology is collecting so much data and "connecting the dots" between the different forms of communications. Can a firm apply additional analytics to the data to determine other things, such as a trader's performance, best practices, or other things?
More Commentary
Cost to Trade: Hey, Banks, It’s Time to Face the Music
Why is calculating the cost to trade so difficult for banks? The answer is as complex as the calculations themselves.
M&A Activity Will Continue to Grow in 2015
Data shows that the M&A market continues to improve, and forecasts indicate deal making will be healthy in 2015.
Chief Data Officers: Organization Strategy & Cultural Change
Chief data officers are new to the financial services C-suite, but they are facing a number of challenges, including the need for new data governance and execution strategies, staffing, and new organizational structures to enable cultural change.
New York FinTech Innovation Lab Calls for New Entrepreneurial Applicants
Wells Fargo joins 14 other major financial institutions providing mentoring and guidance to the six chosen startups.
Micro Data Challenges in an Era of Macroprudential Regulation
Research and statistical analysis experts at central banks are tasked with developing sophisticated forecasts and models to identify systemic risk. Yet they are spending most of their time acting as data entry clerks, rather than developing these models.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
Stressed Out by Compliance, Reputational Damage & Fines?
Stressed Out by Compliance, Reputational Damage & Fines?
Financial services executives are living in a "regulatory pressure cooker." Here's how executives are preparing for the new compliance requirements.