Surveillance success: tackling the challenges in communications monitoring
A collaborative article by Chartis and NICE Actimize
Context: growing in importance
Financial institutions employ communications monitoring tools to safeguard against internal fraud and regulatory violations. These solutions record, analyze and track employee communications, gathering data from a wide range of channels, both within and outside an institution’s traditional IT infrastructure (including emails, phone calls, instant messages and video conferences). By meticulously scrutinizing these communications, firms can identify and address potential risks before they escalate into significant issues.
Market dynamics
The importance and vitality of communications monitoring have grown in recent years, driven by several key dynamics in the market:
- The rise of remote working. The COVID-19 pandemic led to a huge increase in the number of employees working remotely. Monitoring employee communications has since become a bigger challenge for financial institutions. Lines of communication (including online video-call platforms) have proliferated within remote working environments, and the risk of data breaches and other security incidents has increased.
- Heightened regulatory scrutiny. When regulators conduct reviews or investigations, electronic communications constitute a large part of the material they request from financial institutions. Regulations can have a profound impact on how organizations approach communications monitoring, and how they balance the need for compliance, security and risk mitigation with ethical considerations such as the need to protect employees’ privacy. Regulators have issued fines to institutions that do not periodically test the effectiveness of their surveillance solutions, and to firms with an insufficient number of staff dedicated to electronic review. In 2021, JP Morgan Securities LLC (JPMS), a broker dealer subsidiary of JPMorgan Chase & Co., was fined $125 million by the SEC for failing to maintain and preserve electronic records, and for failing to provide adequate supervision to detect and prevent those failures. Similarly, in 2023, Wells Fargo Securities, LLC, together with Wells Fargo Clearing Services, LLC and Wells Fargo Advisors Financial Network, LLC, were fined $125 million by the SEC for failing to maintain and preserve electronic records related to unauthorized messaging platforms. The SEC made similar notes during both instances, stating that ‘procedures for identifying, documenting and addressing potential violations of its communications policy were inadequate’, and that the ‘testing of its recordkeeping systems was inadequate and did not identify or address material weaknesses.’
- The need for data storage. Regulators require financial institutions to store all communications data from recordings unedited. This data is typically provided on ‘write once, read many’ (WORM) storage capabilities on physical media. As new communication channels are introduced, the volume and complexity of data increase exponentially.
- The growing influence of artificial intelligence (AI). AI is transforming the field of communications monitoring by introducing advanced capabilities for data analysis, pattern recognition and risk assessment. AI-powered communications monitoring tools are equipped with sophisticated algorithms, including natural language processing (NLP), which can process vast amounts of communication data from various channels. These tools can extract key insights, identify potential risks and provide actionable intelligence to organizations in real time.
Communications monitoring: a presence across sectors
Increasingly, financial institutions have been adopting communications monitoring solutions to ensure they comply with regulatory requirements, and to mitigate risks. This trend is particularly evident in the buy-side and wealth management sectors, where the use of electronic communications channels has become more significant.
As regulatory requirements around communications monitoring become ever more complex and nuanced, their application is extending beyond the traditional financial landscape. Affected institutions now encompass a wider range of firms, which are seeking to leverage the potential of enhanced surveillance capabilities. These newcomers face the challenge of navigating the evolving regulatory landscape while simultaneously building their monitoring and surveillance infrastructure. This dynamic environment underscores the need for ongoing adaptation and collaboration, both within individual firms and across the industry, to ensure compliance and maximize the benefits of robust communications monitoring practices.
Communications monitoring in buy-side firms
Buy-side firms, such as hedge funds and asset managers, have traditionally operated with less regulatory scrutiny than their sell-side counterparts, and have required less stringent communications monitoring capabilities. The landscape is shifting, however. The rise of remote working, coupled with the growing pressure to demonstrate integrity to investors through a robust communications culture, has renewed the focus on monitoring technologies. Moreover, the general push for technological modernization, fueled in part by the remote working environment, has further accelerated this trend. As a result, buy-side firms are increasingly embracing communications monitoring solutions to ensure compliance, optimize workflows and build trust with investors.
Communications monitoring in wealth management
Wealth management firms typically have many high-net-worth clients who can be targets of scams and fraud, such as investment fraud, romance scams, cybercrime and art and collectibles fraud. Wealth management firms are subject to several regulatory requirements, including:
- Verifying the identity of their clients.
- Monitoring transactions for suspicious activity.
- Protecting clients’ personal information.
- Maintaining adequate cybersecurity measures to prevent data breaches and unauthorized access.
- Keeping records of client communications.
Communications monitoring solutions can also help wealth management firms comply with the requirements of specific regulations, including:
- The Markets in Financial Instruments Directive II (MiFID II).
- The General Data Protection Regulation (GDPR).
- The Dodd-Frank Wall Street Reform and Consumer Protection Act.
- Securities and Exchange Commission (SEC) Rule 17a-4.
- Financial Industry Regulatory Authority (FINRA) Rule 2210.
- The California Privacy Rights Act (CPRA).
Communications monitoring: the challenges
The proliferation of diverse communication platforms and methods poses a significant challenge for comprehensive communications surveillance. The sheer volume and variety of channels make it difficult to monitor all forms of interaction effectively, both within and outside an organization.
The key challenges associated with monitoring multiple communication channels via one platform can include:
- Data siloing. Different communication platforms often have independent data silos for diverse data types, such as user profiles, messages and call logs, content shared within the platform and metadata associated with communications. This can make holistically aggregating and analyzing data a challenge. Such fragmentation hinders firms’ ability to gain a comprehensive view of communication patterns and identify potential risks or compliance issues.
- Technical complexity. As technology continues to advance at a rapid pace, new communication platforms and methods are being continuously introduced (such as WhatsApp, Slack, Teams and Zoom). The integration and monitoring of these new platforms is creating an ongoing challenge that requires expertise in various communication protocols and data integration techniques. For firms, this complexity can increase costs and operational overheads.
- Privacy concerns. Monitoring employee communications raises significant privacy concerns, as it involves collecting and analyzing personal data. Organizations must carefully balance the need for surveillance with employees’ expectations of privacy, and comply with relevant data protection regulations such as GDPR, the California Consumer Privacy Act (CCPA), the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Communications Act (FCA).
Navigating this increasingly complex landscape requires a nuanced approach, one that is about much more than delivering regulatory compliance, and which acknowledges the unique needs of each institution, prioritizing transparency, accountability and a commitment to ethical data usage. Only then can the true potential of communications monitoring be realized, empowering institutions to make informed decisions, mitigate risk, identify fraud, adhere to regulatory requirements and foster a culture of responsible communication.
NICE Actimize – a communications monitoring category leader
NICE Actimize’s SURVEIL-X Communication is a built-for-purpose solution designed to help institutions comply with regulatory requirements, identify and mitigate risks, and improve overall corporate conduct. The solution provides strong surveillance coverage for all asset classes and modes of communication, including email, phone calls, instant messaging, video conferences and social media. Alongside expansive communications coverage for 45 different languages within a single cloud-ready platform, SURVEIL-X Communication also provides in-depth analysis tools, such as natural language understanding (NLU) and NLP, to enable firms to accurately analyze and review 100% of regulated employee communications. Built-in transcriptions can easily convert speech to text for ease of review, and contextual querying can allow firms to search for specific keywords and/or phrases within the context of a conversation.
Integrated case management and interactive dashboarding capabilities are particularly strong in SURVEIL-X Communication. Via its integrated case management functionality, all compliance and risk investigations are located and managed from a centralized location. Key functionality includes:
- Case creation and tracking.
- Documentation management.
- Collaboration between investigators.
- Reporting and analytics.
The solution’s dashboarding capabilities can provide real-time insights for all of an organization’s communication activities. Interactive charts and graphs can be used to visualize data in a variety of formats, to identify trends in communication activity over time and highlight emerging risks or areas for improvement.
Ultimately, SURVEIL-X Communication offers a robust approach to managing employee communications, combining advanced analytics and monitoring capabilities with integrated case management and interactive dashboards to help organizations improve compliance, mitigate risk and enhance conduct.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@chartis-research.com to find out more.
You are currently unable to copy this content. Please contact info@chartis-research.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@chartis-research.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@chartis-research.com