FOREWORD: We’ve only just begun
Compliance is not enough – regulators are demanding controls that work. And so the pressure is on the surveillance function to push through current challenges and offer true effectiveness. What’s your plan?
Surveillance has come a long way from its beginnings as an undervalued compliance function. It has been pushed to the top of senior management’s ‘must-do’ list, thanks to a proliferation of regulations, from the European Market Abuse Directive (MAD II) to the Markets in Financial Instruments Directive (MiFID II), the European Securities and Markets Authority (ESMA) Guidelines, the Dodd Frank Act Title VII, regulations on market manipulation from the UK FCA and US CFTC, and misconduct regimes globally, along with a series of ever more punitive actions against financial institutions for non-compliance. Safeguarding their institutions against abusive and manipulative conduct is recognised as a critical part of overall risk management.
However, while most firms have invested heavily across trade, e-communications, voice and employee surveillance, the challenges of data quality, aggregation and analysis, of alert overload and of how to structure the surveillance effort have only increased. It has become increasingly clear that the initial implementation phase is just the beginning of a much longer and more difficult journey towards comprehensive and effective oversight, a journey that must cope with an evolving regulatory, business and technology landscape in which effectiveness and true misconduct risk mitigation are increasingly being demanded.
Although fines may appear to have peaked two or three years ago, there has been a steady stream of enforcement actions that keep surveillance very much top of mind for management. Regulators are increasingly aggressive with firms who can be shown to know about and permit misconduct, as well as those who have policies in place to prohibit misconduct and the procedures to monitor them, but fail to implement them. Regulators are moving from penalising firms for not having controls in place, to fining them for not having effective controls, or not acting on the information highlighted by the monitoring tools.
In addition to the regulatory pressures driving banks to improve their current surveillance efforts, there is also a trend towards applying surveillance to an ever-broader array of asset classes, trading venues, regulatory risks and institutions.
We asked you
So how can firms create surveillance systems that deliver compliance AND true risk mitigation within a strong governance framework? Is integrated surveillance the answer and if so, is it achievable? And how long will senior management continue to invest in an alerts-factory model that finds so few instances of real wrongdoing?
These are some of the questions the 1LoD Surveillance Report sets out to answer. At its heart is a survey of the largest and most influential banks and their surveillance teams. Around this data, a series of on and off the record interviews with key practitioners and regulators provide in-depth context and comment on the key issues.
These comments paint a picture of a function at a crossroads, to some extent waiting for the regulators and senior management to make some big decisions. In the meantime though, more than half of those surveyed expect continued growth in team sizes, though with a shift towards data scientists as technology advances. Significant spending is expected on the move to integrated surveillance, with, surprisingly, little emphasis placed on personal device and other ‘alternative’ surveillance.
Technology is taking up more of people’s time and resources, but in recognition of the key roles that fundamental data quality and recording play in enabling more automation and better risk management, data standardisation is one of the highest technology priorities for survey respondents, along with the AI and machine learning tools that require that data.
As for buy versus build, everyone agrees it’s Hobson’s choice but buying third-party solutions is still seen as the most practical option in most situations, despite the integration and data challenges.
Real battle yet to come
The regulators still feature high on surveillance chiefs’ ever-growing list of priorities. Firms have seen an increase in regulatory visits in the last five years and most expect the volume of regulatory requirements to grow over the medium term.
Surveillance is a challenge for even the largest and best-resourced institutions. However, the biggest challenges around the transition from the current model to a clean data, high-tech, integrated risk management surveillance function are still to come.