In this post I look at how evolutionary development of a monitoring, surveillance and analysis tool was the guide for a template of a good holistic user interface. I began writing this post with small – medium sized firms in mind, primarily since they were the genesis of these ideas for me, and it works well for where all compliance responsibilities are centralised in one team, but many of these concepts are equally applicable to larger firms where the first line of defence may only need to see certain elements - as explained further below.
Looking back to 2006 when I first began automating monitoring and surveillance (at a small – mid cap broker) it became clear that development followed an evolutionary path, firstly through a need for efficiencies (BAU) progressing through to wanting to carry out enhanced and specific surveillance.
The route looked a little like this:
Step 5 taught me that the flexibility of ad-hoc surveillance was quite powerful and the need for not just fixed surveillance tests, but also to be able to proactively or reactively interrogate data, sometimes on a hunch. This was useful in keeping on top of what the business is doing, but more for me and my early days in the City, it was a great learning how such a firm operates.
This approach allowed me to understand the business and where the risk and revenue was. Sure there were some proxies along the way (e.g. change in share price multiplied by volume as opposed to pure PnL). From a pure compliance perspective it was like having the answers laid bare for you. I can recall a pitch for a new corporate client which was promptly entered into the system. A day later three buy PA deal requests came in and the conflict was there in black and white.
In another example, a useful insight was to be able to paint a picture that cut across all business areas by issuer which began to yield insights into data flows throughout the firm – both expected and unexpected. Had I not left that company, next would have been to integrate PA deals and subsequently wall crossings. If budget was there, then a feed from Bloomberg and/ or Reuters for all RNS to test trading against non-indigenous announcements would have been worked in there, which could address the need for the FCA’s current desire to monitor client behaviour.
Throughout this evolution, two things occurred to me:
1) When you start collecting data with the enquiry “I want to know what is going on” and; 2) You start to get creative with identifying patterns, correlations etc..
You quickly start to realise that you are not building your surveillance in response to the next regulatory initiative (i.e. reactionary) - but rather the chances are you will have already found that you have or are investigating that specific concern by virtue of wanting to know what is going on. You already have a vast pool of data which is separate from the static and fluid tools used to learn your business activities.
I will write more about this in a later post, but here I want to focus on the insights you can yield from true cross business area surveillance
What am I proposing here..
While publishing transcripts from communication between FX traders and separately money market rate submitters has rightly created an interest in communication surveillance, this is of course not new and the FCA had long before been requesting information on calls and other communications as part of their investigations.
Long before the FCA makes any request for data (or any regulator for that matter), compliance needs to decide to take data seriously and as its main currency or commodity.
With that in mind, a repository which will grow over time with trades, orders, client data and data relating to business and employee activities should be a goal with a clear mandate to build surveillance and interrogative tools on top. The top of this stack should be dominated by a user interface which pulls all of the data together and makes it clear where things are going wrong.
What could this look like?
A design I proposed to a control room a few years back was to stack business activities on a time line. Start with your pipeline (deals) and add to that wall crossings, PA deals and trade data. If budget allows, add a news feed. This should be an expandable model such that communication surveillance and new business items can be incorporated at later stages. For small – medium sized banks where one compliance does it all, this platform provides an all in one place to view all business activities and observe ‘interesting’ coincidences or patterns.
An example of this screen could look like:
Alerts and Events: Something I will write more about in upcoming posts. In the current climate of unmanageable false positives, I propose moving away from alerts and adopting a thinking of suspect trades linked to an event (e.g. a client order or a take over).
Rules Engine: A key fundamental to the above layout is the rules engine. I have always been of the view that a system should be malleable around how a firm operates. I would expect variance between firms for the red flags.
A layout like this could take away the need for having to join the dots at a fundamental level. This can grow over time as new business, colleague activities are added.
For larger groups, the proposed platform can be chopped up to keep in mind restrictions around sharing inside information (i.e. same platform for all, different data stacked per team).
There is of course a bigger game being played out here and that is the evolution of compliance system design, i.e. RegTech responding to FinTech and implementation of RegTech that is based on current trading platforms and processes. I was recently reading about the adoption of the blockchain for shareholder registers and it leads one to question how long it is before current platforms for trading and settlement are displaced. While compliance tools are needed in the interim and now, it could pay to adopt an approach married to principles and not platforms. This level of transparency could make client monitoring (AML and trade surveillance) easier and more insightful. More on this in upcoming posts.