Surveillance may be an essential tool, but current systems have their flaws. Could AI and machine learning help create the holistic solution control professionals dream of?
Greater use of technology is at the forefront of plans for every front office control function over the next year or two, but more effective surveillance systems are at the forefront of that forefront. They are seen as hugely important by everyone in non-financial risk management, and getting a more thorough, more comprehensive surveillance system that can better watch what needs to be watched is probably close to the top of every senior control officer’s wish list.
Surveillance comes in many shapes and sizes. There is trade surveillance, e-communications surveillance, voice surveillance, chat room surveillance, SMS surveillance, behavioural surveillance (accessing the office out of hours, for example) and the ultimate pot of gold at the end of the rainbow – the holistic surveillance solution.
To comply with regulations, banks have realised that surveillance systems are an indispensable tool. A supervisor of a business in the UK faced with the Senior Managers and Certification Regime (SM&CR), for example, wants to be as sure as possible that nothing is slipping through the net. The consequences under the SM&CR if anything is missed could be dire.
“Simple trade surveillance is not mandated by regulators, but banks are aware that if they don’t monitor, it could be the difference between being fined $10m and not being fined $10m,” says Russell Dinnage, head of the capital markets intelligence practice at consultancy GreySpark Partners in London.
Conflicts of interest?
Trade surveillance may sit in the 1st line of defence, but it is very likely to sit in the 2nd line of defence as well. Where these different forms of surveillance reside exactly varies from bank to bank, and there are differing philosophies about what should go where.
On the one hand, according to the now widely held belief that the business should own the risk, trade and market abuse surveillance should sit in the 1st line; on the other, this can create a conflict of interest.
Chat room monitoring with HSBC
Perhaps mindful of the events that preceded the recent Libor fixing and foreign exchange front-running scandals, some banks have set up specific units to monitor chat room activity. James Tyrie, who is head of front office surveillance at HSBC in London, manages a group whose sole responsibility is looking at chat rooms. He reports to Kevin Sawle, who is chief control officer for the global markets business.
It has been in operation for two years, with a three-person team in London and a four-person team in Bangalore. The beauty of Tyrie’s group is that it operates as a scalpel rather than a broadsword. If a trading desk has any concerns, it can ask the unit to target specific desks, times, trades, people and words, and results are produced on a T+0 basis.
Tyrie explains: “A desk will come to us and say, ‘We want you to look at this trade or this client. We think these words will highlight any issue.’ We can create a lexicon that could go in very quickly and see if there are any red flags. Our guys are not looking at thousands of conversations.” In this way, false positives are reduced.
The cross-asset unit also conducts random checks at various times. The bank has, of course, strict rules around chat room use. Multi-firm chat rooms are strictly forbidden, brokers are not allowed to join, traders below director level are obliged to invite a director to join the chat room after a certain designated time period has elapsed. ‘Inappropriate language’ is prohibited.
At the moment, only English and French are covered, but more languages are due to be included in the near future. For a bank that is in as many countries as HSBC, this is an important next step. Spanish, French, Portuguese, Mandarin and Arabic are next on the docket.
Todd Sullivan, head of risk management, fixed income, Americas at Morgan Stanley, explains the conundrum: “Surveillance sits in either the 2nd line or the 1st line according to proportion and type. It doesn’t sit in the 3rd line, but clearly the 3rd line is testing and validating what the 1st and 2nd lines are doing. There is also a view that market abuse surveillance needs more independent validation than specific trade level compliance surveillance. Simpler things like timely trade clearing are easier to do in the 1st line without perception of conflict.”
In what appears to be the most common structure in banks, compliance will shoulder the biggest burden of surveillance and it is never left out of the picture, but some slices of the pie might be handed over to the 1st line as well.
Too many false positives
Having made these decisions, the problems for a bank are far from over. All those connected with the function say that whatever type of surveillance you’re looking at, the current systems throw up far too many red flags, all of which have to be investigated manually at the cost of far too many man hours. And the great majority of these red flags turn out to be entirely innocent.
“Surveillance introduces false positives,” says Dinnage. “They are generated by what looks like misconduct or bad behaviour, but generally isn’t. Compliance spends as much time, headcount and budget responding to these alerts as they do on buying the solution in the first place. It’s a state of affairs no one is prepared to carry on with.”
This is echoed time and time again by consultants who see these problems up close when they deal with tier one banks. Jonathan Frieder, compliance technology lead for Accenture’s North American regulatory compliance group, adds: “There are too many alerts. These alerts are based on rules and data or trade attributes, and they all trigger alerts to a supervisor’s dashboard.”
Yet front office control functions cannot ignore this tidal wave of data for fear of missing the real red flags – the undetected spoofing, manipulation, front-running or any of the myriad types of market abuse that have come to light in recent years.
Bring in the AI
Banks hope that in the near future trade and communications surveillance systems will move from rigid rules-based systems to ones based on artificial intelligence (AI) and machine learning, so that systems will learn the difference between what looks like a suspicious trade and what is, in fact, a suspicious trade.
Konstantinos Rizakos, global head of compliance and regulatory systems at Citigroup in New York, tells 1LoD: “With rules-based systems, there is always some sort of bias derived from the recent experience or expectations of the designers. With AI and machine learning approaches, that bias is removed, because real data is informing the logic.”
Jeff Rosen, global markets chief operating officer for the Americas at Société Générale in New York, echoes these sentiments. “From a 1st line perspective, we want to move to surveillance that is less structured and more based on big data. That is where I would like to go, and I think that is becoming more common across the Street.”
But the industry isn’t there yet. Indeed, most surveillance vendors initially built their systems for security services like the UK’s MI6 and the CIA in the US, say consultants, so they’re not even ideally adapted for banking solutions.
What the future holds
A completely holistic surveillance solution – one that will perform all functions, with sophisticated machine learning, and even produce reports for regulators to demonstrate the extent to which misconduct was observed and redressed, is just a distant dot on the horizon at the moment. The technology is undergoing a generational shift in sophistication, but this type of solution is at least three years away from fruition, if not closer to five, say most consultants.
“We’ve a long way to go in terms of AI and machine learning sophistication,” concludes Dinnage. “It’s being tested in the trade surveillance space today, and they’re experimenting with what machine learning can do. But it will be years before we see a truly holistic solution.”