The surveillance function has seen unprecedented growth in recent years, with market shocks, scandals and sharpened regulatory teeth transforming it into an essential tool in compliance. But more changes are ahead.
Surveillance is taking the spotlight, as a slew of new regulations has flagged the function as an absolute requirement for institutions and called on firms to monitor specific behaviours in more rigorous ways. This has made the function an easier sell at board level, helping it to attract a bigger budget and as a result it is now commanding more investment in both headcount and technology at many banks.
But as efforts towards automation and leveraging big data progress, the skillsets needed in surveillance are evolving. And while growth in the function continues for now, a surge in demand for a smaller number of expensive data scientists will gradually be offset by a reduced reliance on lower-cost offshore workers, meaning investment will likely plateau while total headcount falls.
For now, growth in the size of banks’ surveillance function appears to still be accelerating at many banks, with nearly 70% of those polled in 1LoD’s Surveillance Benchmarking Survey saying they expect a small or significant increase in headcount in the next 12 months, compared with 44% who reported a small or significant increase in the previous 12 months.
Avoiding regulators’ bite
The surveillance function’s increasing size and significance at many banks has been primarily driven by regulation, according to Steven Schluter, head of compliance monitoring strategy at Morgan Stanley. “This was the catalyst for firms to get on the ball when it came to surveillance controls for compliance risks.”
Over less than a decade, the EU’s Market Abuse Directive (MAD) and the UK’s Market Abuse Regulation (MAR) have detailed more clearly than ever the banking sector’s surveillance responsibilities. At the same time, the Dodd-Frank Act and supervisory rules in the US, plus the UK’s Senior Managers & Certification Regime (SM&CR), assigned personal liability to senior managers for negligence and other failings in the compliance process, Schluter notes.
Banks were also hit with fines of an unprecedented size in connection with FX rate fixing and Libor manipulation scandals, demonstrating that regulators not only had teeth but were prepared to use them.
Prudential regulators have meanwhile been looking at surveillance from a market conduct risk perspective, largely stemming from the financial crisis in 2008, as well as more recent FX scandals. They view surveillance, in both the 1stand 2nd line, as absolutely essential to a robust market conduct framework, and approach in a much more horizontal way, asking how banks are ensuring they have risks properly assessed in every jurisdiction in which they do business, rather than simply the jurisdiction in which that prudential regulator sits, practitioners say.
They also demand that banks have appropriate 1st and 2nd line controls that can prevent, detect and deter misconduct across their global network. At the same time, regulatory visits to banks and other firms they oversee have become both more detailed and frequent.
If not, why not?
All this has helped drive a marked increase in senior managers’ involvement in individual escalations as well as investment in 1st line risk units to oversee surveillance, practitioners report.
FX fines in particular demonstrated to institutions and regulators how big the impacts of surveillance failures could be and triggered an attitude shift on both sides of the fence, according to Peter Gibbinson, head of front line monitoring at Standard Chartered Bank. The UK’s Financial Conduct Authority (FCA) has, for example, since made it clear that it also expects institutions to adhere to recognised industry codes, such as the FX Global Code.
“I don’t think it’s just regulation that’s driving the surveillance function. I think it’s also these codes and the consequences for institutions if they get it wrong,” Gibbinson says.
One of the biggest changes in recent decades has been the shift from regulators’ ‘best effort’ requirements in the late 1990s to much higher expectations now that the 1st and 2nd line of defence will catch absolutely all market abuse and violations, notes a senior surveillance practitioner at a tier 1 bank. As part of their regular enquiries with banks, the US Financial Industry Regulatory Authority (FINRA) and the UK’s FCA will now, for example, ask whether specific incidents were caught.
“Inherent in that is an expectation that we did,” Gibbinson says. “And if we didn’t, the question is ‘why?’ and ‘is there an issue with your supervisory process?’”
Better board buy-in
More stringent regulatory requirements have meanwhile helped get the message up to board level at banks that having a robust surveillance programme is vital in order to protect the institution – and senior managers themselves.
While the c-suites at many firms have long known that surveillance was required as part of an overall control framework, not all were exactly sure what the function did. This is partly because regulatory expectations were less clear, practitioners suggest. Now, however, with criminal prosecutions in the US underscoring that personal liability and the loss of civil liberties has become a potential reality, surveillance has finally grabbed their attention.
An ongoing technical revolution is also driving the continued growth and visibility of the surveillance function in banks. Senior management are starting to appreciate new capabilities that were unheard of 10 years ago, and which will eventually be able to not only better protect the firm but do so with fewer people.
An explosion in regtech innovations is seeing vendors rolling out new solutions to help regulators and market participants like banks pull together disparate silos of data and sift through them to spot connections and outliers that were previously near-invisible.
Systems based on natural language processing, artificial intelligence and machine learning promise to help the surveillance function ease growing pain points, such as processing the ballooning volumes of data that spring from communications surveillance, while improving the accuracy of alerts to reduce the huge number of false positives that staff must manually close.
Bigger recruitment spend
Regulations and technology have both been major drivers of surveillance recruitment and overall spend in recent years. Regulatory pressure, for example, was cited by 56% of respondents to 1LoD’s Surveillance Benchmarking Survey as having a high impact on headcount at their surveillance function, while another 38% said it has a medium impact. Technology automation came third down the list in terms of factors having a high impact on surveillance team size, with 44% of respondents agreeing with that statement. Another 31% said technology automation was having a medium impact on headcount.
Surveillance heads, however, question whether the days of heavy recruitment will continue. Many firms have already staffed up over the past decade to address the fact that they produce a lot of output that has to be reviewed; they have either outsourced or offshored the initial triage of alerts to lower-cost locations. Their overall headcount has therefore broadly grown.
But as banks develop more sophisticated technology, and assuming firms continue to invest in it, the number of false positives and overall alert count should decrease, eroding that offshoring model, they say.
All hail the data scientist
The surveillance divisions of tomorrow will likely have lower overall headcount, but more highly skilled workers, with roles such as data scientists particularly in demand, practitioners say.
This chimes with the results of 1LoD’s Surveillance Benchmarking Survey, with 41% of respondents saying they would have ‘significant’ requirements for data scientists when hiring over the next three years, compared with 20% for front office sales and trading, and 14% for technology developers.
The function is going through a process of professionalisation, similar to that seen in compliance more generally in the 1980s and 90s, when it evolved into a true profession, with higher standards and expectations. This has triggered an upgrade of talent in surveillance, with practitioners now needing a complement of skills, including the ability to understand trading and data, to analyse and communicate findings, and to get those findings to the appropriate persons within a firm when an issue is identified, so it can move to resolution.
As markets have become more highly automated, practitioners in surveillance also need to be able to understand technology, data and trading systems, and be able to talk to technology colleagues in various departments to describe what they need to look for.
Demand for professionals with more complex skillsets – including those able to design and build sophisticated tools and those able to assess surveillance output without it first having to be triaged – is likely to grow, practitioners say. But these people are not cheap and technology spending will also likely rise in line with increasing regulatory demands. So while surveillance headcount may indeed decline, investment in the function looks set to grow further, albeit at a more modest pace.