The Trends Set to Define Compliance in 2022
In 2021, financial institutions turned to technology to help them adapt to their newfound distributed working environments, this year they must embrace cutting-edge solutions to help them meet increasingly stringent regulatory requirements.
When the Radar team sat down (via Zoom, of course) in late 2020 to discuss the compliance trends for the upcoming year, we did so in the midst of a pandemic that had seen the world of financial services turned on its head.
Implementing technology to enable the effective monitoring of distributed teams was a prime concern, and one that remains front and center for chief compliance officers who are yet to take the plunge.
However, this year, there is a sense that after a period of unprecedented instability, now is the time for firms to make more considered decisions that will help them to meet regulatory and fiduciary responsibilities for years to come. With regulators once again showing their teeth, following a short era of leniency, the trends set to define compliance in 2022 mostly relate to the regulatory gaps that firms simply can’t afford to ignore any longer.
Enhanced AI-Powered Voice Surveillance
Ever since the introduction of MiFID II and the Dodd-Frank Act, financial firms around the world have been attempting to record their voice communication data with varying degrees of success.
This challenge has been exacerbated in recent years by the increasing volumes of voice data, aided by the rise of flexible working. Over the past year alone, Behavox customers have experienced a 94% increase in the volume of employee voice data.
The idea of monitoring voice data for risk may seem like an insurmountable task for some firms. Legacy compliance solutions struggle to integrate and capture data from the latest voice platforms, let alone analyze the data for risk.
As a result, regulators are increasingly urging firms to overhaul their approach to monitoring voice data. It appears that conducting random samples of voice calls no longer cuts it when it comes to making a concerted effort to locate risk hiding within the data. Instead, regulators want firms to take a proactive approach to monitor voice communications, applying the same level of scrutiny as they would to written communications, such as email and instant messaging. While some firms are waiting to be hit by the regulator before finally overhauling their approach to voice monitoring, the reward of reducing risk on highly susceptible channels is motivating forward-thinking firms to act now.
Huge advancements in AI technology have made proactively finding risk in voice communications a reality.
One of the key motivating factors for firms implementing AI-powered voice monitoring is that employees are more aware than ever that their emails and instant messages are being monitored. And, at a time when in-person meetings are still not as common as they previously were, rogue employees are turning to a major compliance blindspot – voice calls.
Safe in the knowledge that firms are struggling to record calls, let alone effectively monitor them for risk, voice is the rogue employee’s channel of choice.
Firms that believe it is prohibitively expensive to implement an effective voice monitoring program should consider the monetary penalties that have been levied for regulatory breaches in recent years.
Being able to identify instances of market abuse that may have otherwise been missed is a powerful differentiator for the firms that are tempted by the carrot of compliance rather than waiting to be hit with the regulatory stick in a few years’ time.
While monitoring voice is likely to be a top priority for many forward-thinking CCOs by this time next year, there may be an entirely new communication channel or application that needs integrating into their programs.
Take the past year as an example. Microsoft Teams became the platform of choice for thousands of firms to enable their employees to communicate and collaborate while working in a distributed environment.
Identifying the right solution is one thing, ensuring it doesn’t come at the cost of compliance is another. Firms implementing Microsoft Teams are in one of three camps:
- Their compliance monitoring solution integrates with Microsoft Teams and they can capture and analyze its communication data
- Their compliance monitoring solution doesn’t integrate with Microsoft Teams and they can not roll out the platform until it does, or they implement a new monitoring solution that can
- Their compliance monitoring solution doesn’t integrate with Microsoft Teams but they roll out the platform anyway and risk huge regulatory ramifications
Firms wise enough to utilize agile, SaaS-based compliance monitoring solutions are far more likely to be in the first camp. Cloud infrastructure enables such solutions to roll out new integrations within weeks rather than months, or, in the worst case, not at all.
Firms that are easily able to integrate new platforms will have a significant competitive advantage in 2022. Likewise, they can’t risk the wrath of regulators by plowing on without capturing mountains of employee communication data and leaving a gaping compliance gap in their programs.
The Ditching of Random Sampling
Please let 2022 be the year that compliance teams stop the random sampling of communication content. For readers unfamiliar with the term, random sampling is the process by which a percentage of employee communications are randomly selected and reviewed by a compliance team. It’s an extremely primitive approach to identifying non-compliant behavior that should be abandoned for three key reasons.
Firstly, random sampling simply fails to identify risk. A Behavox customer that was manually reviewing 1% of communication data found just a single piece of content worthy of further investigation over the course of an entire year.
Without applying even basic lexicon searches to the data, let alone trained AI-powered algorithms to decide what content is worthy of review, compliance teams are left with a thankless and ultimately useless task of trawling through irrelevant content.
This brings us to the second reason why this approach should be left in 2021. Manually reviewing just 1% of employee communications is extremely time-consuming. For example, for a firm capturing 250,000 pieces of voice content per month, a compliance team will have to manually review 2,500 calls. They simply do not have the time to trawl through hours of randomly selected phone calls in an attempt to find a needle in the haystack.
Finally, with no contextual analysis being applied to the selection process, the content is likely to not only be completely devoid of relevancy, but also full of personal information. More sophisticated solutions will only alert teams to emails, messages, and calls that have a high likelihood of containing non-compliant behavior or proof of misconduct. However, if the content is simply selected at random, compliance teams have to pore through communications that invade employees’ privacy.
In contrast to random sampling, Behavox Voice, an AI-powered solution, will, on average, identify 0.086% of content for review. For a firm capturing 250,000 voice calls per month, just 216 calls are flagged for review. What’s more, the team is provided with context as to why the calls have been identified for review, allowing for a more efficient process that provides real value.
Covering as many communication channels as possible is a great start on the road toward an effective compliance program – but it’s only the first step. If you want to manage compliance on a global scale, you can’t afford to only monitor one language. After all, a multinational firm’s employee base is communicating over those channels in numerous languages. What good is an English-only solution when the majority of employees speak other languages daily? What good is a compliance program – with all the effort that goes into it – if it is incomplete in coverage of both communication channels and various languages within your firm?
On average, the world’s 10 largest banks by revenue have operations in 47 countries. There are tens of thousands of employees, across multiple geographies, all communicating in a number of different languages. That is a huge logistical and technological challenge for any compliance team to monitor effectively. Even if your official business is conducted in English, or French, or Japanese, what about other languages that are used on a daily basis? What languages do your employees, clients, and other stakeholders speak? Analyzing communications in just one language creates a huge blindspot for compliance. Multilingual coverage is a must.
Further Blurring of Financial and Non-Financial Misconduct
For years, firms have been monitoring employee communications as part of their commitment to complying with financial regulations. However, over the past 18 months,
in particular, there’s been a spotlight on non-financial misconduct.
Regulators are starting to crack down on instances of non-financial misconduct in an attempt to improve workplace culture across financial institutions. Toxic working environments are often breeding grounds for serious regulatory breaches and prevent concerned employees from reaching out to their compliance team.
“The FCA in the UK has been quite vocal about non-financial misconduct being equally important as financial misconduct,” explained Kalika Jayasekera, Global Chief Compliance Officer and Board Director at SoftBank Investment Advisers.
“There’s a very significant regulation called the SMCR (the Senior Managers and Certification Regime) that came out first for banks several years ago, as a response to the financial crisis. And it was about making sure that senior management is held responsible for financial actions and issues that happen in companies.”
At the end of 2020, there was a ‘Dear CEO’ letter from the FCA about non-financial misconduct guidance. The letter explained that how firms handle non-financial misconduct in their organization is indicative of their culture. A lack of diversity and inclusion were also cited as key obstacles in creating the right environment where people are comfortable to speak out.
The increasing regulatory scrutiny on how firms address non-financial misconduct isn’t isolated to the UK. Although the U.S. Securities and Exchange Commission (SEC) hasn’t issued any specific guidance relating to misconduct and culture, it is a topic that is gaining momentum with the regulator.
“Every year, the SEC puts out what’s called their national exam priorities,” said Mike Piwowar, Former Acting SEC Commissioner and Executive Director Milken Institute Center for Financial Markets. “And this is a way for the SEC to be transparent with the public in terms of the use of their limited resources and their division of examinations.”
“If you go back to 2018, conduct, misconduct, or culture was mentioned once in the SEC exam national exam priorities. In 2019, it was mentioned twice. In 2020, it was mentioned nine times. And, in the 2021 version, it was mentioned 12 times. So, clearly, the SEC is showing a trend towards more focus from their exam team on softer issues, non-financial misconduct issues.”
Time will tell as to whether the SEC will ever introduce defined regulations in order to tackle non-financial misconduct, but many firms are already utilizing monitoring solutions to proactively identify issues such as racism, sexism, bullying, and other forms of misconduct to protect and improve their corporate culture.
The line between financial and non-financial misconduct continues to blur and compliance teams, HR, and general counsel must work together to root out toxic behavior before it harms workplace culture, firms fall foul of the regulator, and irreparable damage is done.
The Long Road Ahead
In such an ever-changing industry, it’s important to remember that overhauling your compliance program is a marathon, not a sprint.
Regulators don’t expect firms to adopt new technology, policies, and processes overnight. However, they do expect firms to be aware of what’s coming around the corner and have the foresight to plan accordingly. Chief compliance officers armed with a roadmap that aligns to key regulatory trends will not only win in the long run, they’ll also be able to keep regulators onside as they build a program that’s fit for the future.