Having recently participated as a panellist at NICE Actimize’s annual ENGAGE financial crime conference in London, Capco’s Charit Arora shares his key takeaways from the event, which drew over 400 attendees from leading banks and financial institutions, regulators, consultancies, and public sector bodies.

‘AI in Action’ was the theme of this year’s ENGAGE conference, and one of the key predictions was that AI will outperform humans in all tasks by 2047 – just last year technologists had predicted this would not occur until 2060. This bold claim, alongside the AI demos on show during the conference – including Disney quality movies, AI generated human assistants with uncannily realistic voices and mannerisms, and the rapid maturing of optical character recognition technologies – all point to a pace of transformation that can no longer be ignored. 

Breakout sessions covering fraud, AML, case management, trade surveillance and comms surveillance were supplemented by three keynote speakers – Tom Burgis, investigative journalist and author of Kleptopia; David Rowan, former chief editor at Wired magazine; and ex-BBC journalist John Sweeney – who focused on the topics of ‘dirty money’, AI, and the intersection between politics, business and corruption. 

My own panel on ‘Surveillance Monitoring and Controls’ and other Surveillance breakout sessions covered a range of industry issues and imperatives, which are summarised below.


AI USE CASES

A variety of use cases were outlined beyond the standard focus on alert prioritisation, supporting with alert calibration, and NLP. These included:

• Case summaries (‘telling a story’ to better explain to case analysts the cause and circumstances surrounding an alert) 
  
• Voice call / email chain summaries 
  
• Identifying and deleting duplicate alerts
  
• Translating voice calls and emails into English for monitoring
  
• Data cleansing 
  
• Identifying gaps between regulations and an FI’s policies/procedures
  
• Identifying shadow trading
  
• Identifying suspected manipulative orders/trades and presenting a warning before such trades/orders are completed (similar to the “fraud” warnings banks present with online bank transfers)
  
• Cross-product and cross-market manipulation.
  

In all these instances, AI should be welcomed as an adjunct to, rather than a replacement for, human compliance officers.


MODEL RISK MANAGEMENT (MRM)

Model risk is an increasing area of focus for regulators and banks, and accordingly featured prominently. The discussion here focused on:

• The challenges associated with maintaining model risk documentation given regular changes in alert calibration, and the ‘explainability’ of AI/NLP models compared to lexicon-based approaches.
• Vendors are increasingly expected – and are indeed willing – to provide MRM packs during sourcing discussions and explain how their models work (i.e. vendor systems are much less of a ‘black box’ than before).
  
• While the PRA’s Consultation Paper 6/22 proposes firms adopt five principles to establish an effective MRM framework, challenges persist as regulatory guidance is designed around liquidity and risk models, with very little adaptation for surveillance models.

VOICE SURVEILLANCE

Voice continues to garner attention as an area where surveillance functions can significantly raise their game. One panellist noted their organisation had recently moved from a sampling approach to implementing a system with 80-85% transcription accuracy. Other key points covered included:

• Ensuring flexibility in systems when selecting which conversations to record – for instance, a CEO’s conversations or sensitive regulatory discussions may not be appropriate for automatic recording.
  
• The differing approaches to multi-language environments: enforcing rules on speaking approved languages; sample monitoring in other languages and recruiting additional compliance staff fluent in such languages; and utilising AI to translate into English.
  
• Facilitating a cultural shift to ensure traders and employees are comfortable with being recorded, to address potential concerns that discussions about managers or personal matters will be escalated. 

EFFECTIVENESS VS EFFICIENCY  

There was a debate on what financial institutions should prioritise, such as alert volumes, false positive levels, STOR levels, or cost considerations. The consensus was surveillance departments should prioritise effectiveness – that is, identifying all risks – rather than cost efficiency. A knock-on impact is that further investment in technology and people may be required to provide more comprehensive coverage, which in turn results in increased alert volumes. 

Similarly, the question was asked whether an increase in STOR levels imply compliance is better at identifying risks, or it is evidence of more risky behaviours. There are no simple answers, and individual financial institutions will need to determine the right KPIs to track.

Regarding the broader effectiveness question, panellists from Natixis, Nordea and Northern Trust argued for an evolutionary rather than revolutionary approach – a 1% improvement each day can deliver a transformational change over the course of a year. In this spirit, it is important to have realistic timelines when implementing new surveillance systems or enhancing existing ones.


DATA COMPLETENESS

Industry chatter has focused on the USD450 million fine recently levied by US regulators in response to an institution’s surveillance failures relating to its trading venues. Key points noted included:

• The size of the fine reflected not just the surveillance failure itself but also the length of time that the breach persisted.
  
• Issues relating to data completeness can extend to other areas of surveillance, including voice surveillance – this is why it is important to have regular dashboard reporting, evidencing data feed completeness across all relevant data sources (trade data and communications channels).
  
• The importance of Business Continuity Processes to ensure surveillance can continue when systems go down.

OFF CHANNEL COMMS

With banks having overhauled their technology and procedures over the past year, financial institutions are much more confident about addressing potential regulatory concerns. In addition to upgrades to lexicons to detect switching conversations off-venue, comms campaigns, and internal disciplinary actions, the following issues were covered by the panel:

• Is a trader’s volume of phone calls, emails, chats less on days they’re in the office compared to when they work from home?
  
• Is a particular trade lacking an associated chat conversation?
  
• Opportunities for self-disclosure – for instance, where a trader had to use a non-monitored device when their work phone ran out of battery or a client called them on their personal device.

GLOBAL VS LOCAL PROGRAMS 

The ideal is a surveillance program that is truly a global program. However, panellists acknowledged this is not always possible given regulatory divergences, citing the following examples:

• In Denmark wash trades are not reportable unless there is a price improvement.
  
• In Finland there are significant privacy considerations (over and above the GDPR); this mirrors the restrictions on monitoring personal communications, seen in France and Germany.

HOLISTIC SURVEILLANCE 

Holistic (or integrated) surveillance continues to be a ‘holy grail’. While the term remains open to interpretation – does it refer to audio and electronic communications (aComms/eComms); trade and comms; or trade, comms and other financial crime typologies? – in essence it is about eliminating traditional silos to bring diverse datasets for holistic analysis with a view to enhancing risk detection.

The Nordea panellist highlighted the integration of the bank’s PAD (Personal Account Dealing) and control room monitoring with surveillance. Their counterpart at Northern Trust flagged how non-financial misconduct (such as breaches in gifts and entertainment, use of bad language) can be indicators of an elevated proclivity to commit market abuses.

In addition to recognised challenges – ‘putting all of one’s eggs in one basket’, the broad and differing scope of individual vendors product coverage/capabilities – another key hurdle in moving to a holistic single vendor approach is the logistics of separating from a multiplicity of vendors whose contracts will almost certainly come up for renewal at different times. 


REGULATORY FOCUS 

While there was no consensus on the likelihood of major new regulations, panellists did expect a continuing refinement of technical standards. The disparity in the level of fines between the US and UK – USD4.5bn+ of US market abuse fines compared to the UK’s USD23 million during 2020-2022 –was noted, with the 12% reduction in FCA STOR levels between 2017 and 2023 flagged as a further indication of maturing surveillance programmes.

The main focus areas right now for regulators appears to be cross-product/cross-market surveillance (e.g. bonds and CDS, FX and IRDS), calibration/tuning, and data completeness. It was also noted that regulators can be expected to continue to act as brake on widespread AI usage, ensuring risks are effectively managed and guardrails put in place.

If you are interested in discussing with Capco your surveillance needs, from selecting or implementing new systems through to risk assessments and data completeness reviews, please contact our Surveillance team via the form below.