2.4: Surveillance tools: Between a rock and a hard place: Buy vs build?

Good news for vendors of third-party surveillance tools. Despite the challenges with buying out of the box, most surveillance chiefs are taking a hybrid approach and purchasing core surveillance technology to enhance their in-house solutions.

Like a number of industry challenges these days, the largest surveillance challenges are often related to technology. And because banks are essentially technology companies, with extensive in-house IT expertise, they have a genuine choice between buying external solutions or developing their own. Either path is fraught with problems. 

Ask a consultant, and they will focus on the more straightforward evaluation criteria that you would expect when determining which approach to take: if the technology is a key source of competitive advantage and contains critical intellectual property, then building may be the only solution. If you do build a solution then do you have the resources to document it and maintain it, and do those costs stack up against the ‘buy’ option? And only build if all external ‘buy’ options have been evaluated and dismissed for valid reasons. 

Similarly, when considering a third-party solution, it is reasonably obvious to look at the marketplace and ask: how many solutions exist with the required functionality? The fewer the solutions, the more immature the market, and the more risk there may be relying on an external provider. More importantly, how long will the request for proposal (RFP), proof of concept (POC) and evaluation phases be? What are the implementation risks? How easy will integration with existing systems be? And what about testing, transitioning from existing solutions and user training?

All of these questions apply when determining the appropriate approach to implementing surveillance systems, but they are just the beginning, because the surveillance function is not a normal IT problem. Surveillance systems in banks are there to detect potential market abuse in extremely complex and specific trading environments, potentially by human participants who are trying to hide their actions. So, anyone designing such a system needs not only to understand every intricacy of those markets and the interdependencies across different trading venues and instruments, but also the ways in which skilled traders could circumvent controls. 

Where to start?
Most third-party vendors do not start from this point. First, understandably, they build alert systems around the regulators’ definitions of market abuse and they use parameters on which they know the regulators focus. This inevitably skews systems towards the types of market abuse the regulators have encountered in the past, rather than trying to build detection mechanisms able to discern new types of problematic behaviour.

As one surveillance head points out: “Most vendors have only recently begun to hire sufficiently senior traders or ex-traders who can provide the kind of insights necessary to build the correct alert and calibration tools to detect the types of real-world misconduct that human traders get up to.” Normal people are notoriously bad at thinking like criminals – it’s why we’re so easy to scam. 

In addition, many of the newer suppliers of surveillance solutions are smaller fintech firms. This raises the question of whether they are robust enough to be trustworthy partners of systemically important institutions and whether they are resourced to cope with the demands of global enterprise implementation, maintenance and cybersecurity. 

“Relying on a vendor poses all sorts of risks, not least that releases and updates do not happen frequently enough; it takes ages to get new functionality or new asset classes added and tested properly,” says one bank buyer of third-party solutions. “And even though most of the banks rely on vendors, currently the industry is not willing to share best practices and solutions. Sure, there are forums to discuss issues and share our concerns, but no real commitment to share solutions openly and create a data-related issues community.”

Tailored to fit
Then there is the question of fit: can any third-party solution be sufficiently customised to suit the individual business model, trading operations and client base of any individual bank?  

Banks are certainly exploring new possibilities. At Citi, head of electronic trading risk and controls Anton Rajanayagam is excited by the possibilities created by a recently completed POC for an in-house pattern recognition system for detecting market abuse implemented in the 1st line of defence. 

“There are several challenges with third-party vendor solutions,” he says. “First, there are no third-party solutions for some asset classes, such as fixed income. Then there is the issue of data – ensuring that you have all the relevant trade and market data in the correct form and cleaned and timestamped. Then there is the calibration of the tool. So we have built a pattern recognition tool and have validated its output and we are very encouraged by the results so far. This could be a tool we could roll out over several asset classes with better results than current third-party solutions.”

So just build? Not quite
These challenges might seem to make ‘build’ a more obvious solution, but there are problems here, too. Some argue that building in-house requires more effort, involves the expense and difficulty of recruiting additional data scientists and engineers, and takes longer than buying a third-party solution. It also exposes banks to the risk of “expensive and volatile IT staff”.

According to one global surveillance head at a tier 1 bank: “The biggest issue we’ve had on the build side is people. Keeping people in IT is really difficult and so you’ll find that the guy who’s been leading the build has done 80% of the job and then gets whisked off to a fintech start-up. So now we’re asking, ‘hang on, how are we going to get this over the line?’.” 

In other words, given the existence of established vendors, buying the industry standard tools avoids in-house development risks, fulfils core regulatory requirements via out-of-the-box models and provides a satisfactory platform for more advanced calibration and customisation.

It also leaves banks the option to use off-the-shelf solutions for industry-standard surveillance tasks and build in-house for the channels unique to the business, a picture borne out by the 1LoD survey. This shows that ‘build’ is really only favoured in employee surveillance and in integrated surveillance, both tasks requiring a high-degree of bespoke internal data aggregation and analytics. ‘Hybrid’ is also popular here for the same reasons. In more ‘standard’ applications, those where automation is favoured, ‘buy’ is the overwhelming choice. 

All change?
That is largely the picture today, but it may not be for long because both the buy and build options are changing fast, making the choice perhaps even more difficult.

On the one hand, as technology becomes available that enables banks and even individuals to build surveillance functionality quickly and easily, and as banks continue to develop more accurate and complete data feeds for surveillance tools, the build option may become more attractive. But on the other hand, the next generation of intelligent surveillance tools led by dedicated surveillance technology firms utilising AI/ML and other sophisticated technologies, will provide a huge leap in functionality and effectiveness. 

Based on an international benchmarking survey collecting the views of industry leading experts from 15 of the largest financial institutions globally, the 2020 Surveillance Benchmark Report provides a unique insight into the maturity and development of surveillance functions over the last 12 months, as well as predictions for the future. Including in-depth commentary from regulators, practitioners, consultants and technology experts, it is the only report for professionals in the industry.

Lead sponsor


Partner sponsors



Eventus Systems logo 1


Researched and published by