While innovative data aggregation, surveillance and analytics tools claim to have cracked real-time and ‘holistic’ surveillance, internally banks are moving more cautiously towards ‘integrated’ surveillance monitoring.
At 1LoD’s recent New York Surveillance Summit, the attendees were asked whether they expected their firm to be operating a holistic surveillance model within the next three years. Just over half said yes; just under half said no. And in the survey conducted for this report, none of the participants indicated that they had a fully integrated surveillance capability where all controls are linked – with 75% confirming that some of their controls are linked and 25% that they had not yet started on this journey and therefore none of their controls are linked. This mixed picture of progress towards integrated surveillance reflects the practical difficulties of integrating controls and data sets, different firms’ capabilities and aspirations and their chosen operating model.
The use of the word ‘integrated’ itself, rather than ‘holistic’ represents a downgrading of ambition. The former is about the amalgamation of certain existing surveillance channels into a single, analysable dataset. The latter implies surveillance across all existing channels plus the inclusion in surveillance of non-traditional data. So, for example, as more banks look to add a behavioural component to surveillance, they need to add new data points to existing collection processes. But what about data from calendars? Are particular staff seeing the same clients or colleagues more frequently? What about data from phygital systems such as door swipes?
Fools rush in
The most obvious way to measure banks’ progress may seem to be how far they are down the road of new technology. However, many have not got to that point yet. The journey towards an integrated surveillance framework starts with definitions and objectives: is integration e-comms surveillance combined with trade surveillance? Is it the ability to look across multiple databases and create an aggregated exception report within a few days or in real time? Is it about better monitoring of actual misconduct or better regulatory reporting? Or is it at least partly to use as a tool to review the effectiveness of compliance itself?
The definition is organisation-specific and vital: without a clear vision, what is already a complex project will go awry. As one consultant puts it: “I think a lot of people are rushing to say: ‘I want a system that gives me all my voice, my e-comms and my trading surveillance in one place’, and I take a step back and ask: ‘What exactly do you want to achieve with that?’.”
At that point, banks need to look at what level of integration fits with their business model; they need to understand the cost and business implications of having to upend their core data technology architecture; and they need to understand potential changes to the governance model. “It’s one thing to manage one of these [surveillance] capabilities, but when you start to integrate them, there are a lot of additional dimensions that you need to think about, including ownership and governance,” says one banker. “Also, think about how you’re going to support that capability.”
They also need to look at the state of maturity of each of their current surveillance channels. “The first thing is that organisations have to be really honest with themselves on where their capabilities are currently,” says one head of surveillance at a large global bank.
“You might have a fledgling e-comms program combined with a very mature trade surveillance program. Different programmes may have different levels of automation versus manual processing. Integrating different types of surveillance with those kinds of differences is difficult. Adding different types of deficiencies together will not give you a positive outcome. A lot of firms just jump on the idea of holistic surveillance without really thinking it through but there’s invariably going to be an evolution of requirements that need to be met. There’s going to be new data sources, different quality of data, all sorts of things.”
Data, data, everywhere
In fact, once projects start, most integration timelines are dictated by data. Banks who have invested in the latest aggregation and analytics technology have often found progress slow because of historic underinvestment in the basic processes of data recording and storage, rendering monitoring algorithms that can make normalisation and amalgamation of different data silos difficult or pointless. “To build a fully integrated surveillance process we need to put together data from almost 150 data sources,” says one banker. “So normalising the data into one data schema is very, very important and our biggest challenge when it comes to developing integrated surveillance.”
Indeed, according to the 1LoD Surveillance Survey, 69% rated data cleaning and validation as high priority, compared to 31% who rated integrating alternative surveillance channels as high priority.
Beyond the foundational necessities, using the aggregated data brings its own challenges. One problem often overlooked is that: “It is very challenging to educate the users of the surveillance that sometimes you have to sacrifice on the accuracy and optimality of the surveillance in order to make it generic,” says one surveillance chief. “Everybody wants the best for their own needs, but when you develop integrated surveillance, you actually have to look at all your users and you have to optimise for all of them.”
Banks also need an audit trail for every number thrown up by an integrated system. This banker continues: “You have ingested all these data sources and identified an anomaly. But you need to know that the anomaly is not an artefact of the data mix – are you applying weightings across the data but the data itself is of variable quality so you end up overweighting one source and, potentially, applying that to an individual incorrectly? So at the very least, you need very explicit traceability for how we arrived at any particular number and be able to definitively answer the question: ‘What does this number mean?’.”
Checks and balances
This kind of debate highlights the changes that need to be made in other functions, especially audit, in an integrated surveillance framework. Automated data collection and distribution is a work in progress and audit is a key check. In September 2019, the SEC announced that Stifel, Nicolaus & Co., Inc. agreed to pay $2.7 million and BMO Capital Markets Corp. to pay $1.95 million to settle charges for providing incomplete and inaccurate securities trading information to the SEC “largely due to undetected coding errors”. Checks and balances are needed to prevent such errors feeding into both regulatory reporting and surveillance domains.
One surveillance chief, pushing back against claims made for new technology, sees this as a key stumbling block: “Let’s just say that some of them can give us holistic capture. But we also need the auditory reporting to protect our people and to prove that the aggregation and normalisation processes are giving us accurate business intelligence.”
Few banks have satisfactorily solved the data challenges and so it is not surprising that at 1LoD’s New York Surveillance Summit, a majority of attendees (59%) rejected the assertion that real-time surveillance is the most important future strategic aim for the function. That said, the technology providers believe that it is an achievable goal, but one that requires a strategic decision early in the transition: should banks go on-premises or cloud? To what extent does real-time surveillance impose real-time requirements on other parts of the firm that are not running in that mode currently? Is the technology that has to be employed a good cultural fit with the firm?
Vendors claim that the data aggregation and the reporting piece of the jigsaw is solved. They also believe that with advances in machine learning and AI, they have also sufficiently conquered the challenges of monitoring across data silos and core anomaly detection to make the next steps achievable. Key issues remain though: real-time data processing runs the risk of streaming errors into the alerts system; the sheer volume of data is still hard to process in real-time especially when streamed to the cloud; and, more prosaically, banks are businesses and surveillance is a cost.
“Right now, I think it’s a case of diminishing returns,” says one surveillance head. “Investment in technology is a business decision. So management wants to know the return on investment. How quickly can they recover the costs in terms of avoiding potentially being fined by a regulator? The bigger the cost and disruption of a decision, the more difficult it is to answer that question.”
We’ll be hosting a Panel Discussion: Integrated Surveillance at the Surveillance Summit, March 18th, London. Participating in the debate are:
Robert Hammond, Global Head of Surveillance, Global Banking and Markets, HSBC
Michael Jones, Managing Director, Global Head of Independent Review Group, Deutsche Bank
David Percival, Director, Global Head of Market Surveillance Operation and Advisory, Barclays
Christian Alibert, Managing Director, Global Markets Supervision, Royal Bank of Canada