Reading Between the Lines: Defining, Qualifying and Escalating Issues

Published On January 9, 2020

When does an alert become an “issue”? Radar investigates the potential compliance power that can be harnessed when firms read between the lines of their alerts to predict and prevent abusive behaviour.

Compliance systems – whether tech-based or manually run – will flag instances of risky behavior or potentially non-compliant action. Some of these flags will be accurate and alert the team to issues in need of immediate attention. Some may be false positives. Some tread the middle ground. While the content of the alert is not unimportant, what is essential is how the compliance team manages it. Do they investigate it in the first line? The second? Or should it be moved elsewhere for investigation, perhaps HR or Financial Crime?

Often these alerts can be signifiers of issues to come: by picking them up early and investigating them properly, the compliance team might shape behaviour and nip malpractice in the bud before it becomes actual abuse.

Radar sat down with industry experts working in the first line of defence, on condition of anonymity, to better understand how compliance teams are reading between the lines.

Who do you turn to first? Supervisor or trader, or is that tipping off?

When a compliance officer receives a flag highlighting potentially non-compliant behaviour that requires further information before it gets escalated where is the first stop? Straight to the second line for further investigation? Or are they walking across the trade floor and interacting with traders directly? As one Behavox roundtable attendee highlighted, building relationships across the business opens doors to investigatory channels:

“I’ve built a relationship with the supervisors, rather than traders, because you effectively point out to them that you’re trying to save their behind.”

Strong relationships mean that, when traders conduct themselves in a way that is contrary to good business practice, the first-line staff are able to approach the traders’ supervisor to clarify. This, in turn, could clear up a questionable case before it becomes an issue or an alert.

One surveillance head at a tier-2 firm suggested that their process would first involve speaking to an alternative supervisor to understand the potential rationale behind the actions, “so it would never be the trader himself or his boss that we’d approach.” However, another suggested that they would instead go to the supervisor of the trader, “but we’d never go to the trader directly…the trade supervisor then tends to go to the trader and say ‘tell me what was going on here’.”

As a matter of course, most first line of defence roundtable attendees agreed “we would generally not speak to the trader at all” if they received an alert. For one, to directly approach a trader about potential misconduct would be to ruin the good relationship that they’ve built and would blur the lines. For another, the sensitivity of talking to traders about their communications “is slightly acrimonious, so that’s something that we want to keep as a second line activity because at that point we have to engage with them anyway.”

All our attendees agreed that pro-active, interruptive action at an early stage was vital in shaping behavior and ultimately preventing abuse. Not all our attendees agreed that talking to the trader was inevitably acrimonious, or the breaker of relationships. Some take a more direct approach and tackle the issue head-on. As one head of trade surveillance at a tier-1 bank said:

“We do go straight to the traders from the very beginning. We do our investigations on the day. If we can’t understand or frame something, we’ll ask them.”

He admitted, however, that they wouldn’t give the trader the full picture of their investigation and would instead lay out the fragmented pieces, “we’d show them a screen shot or something and ask them to explain it.” Another agreed that his team would potentially look to directly ask the trader to explain their actions, for instance, “why did you execute in that way?”, but wouldn’t let them know why or the focus of their inquiry. This allows them to fill in the missing pieces of the puzzle, without revealing the full picture.

The approaches taken by the first line are broad and varied. For some, the softly-softly approach allows them to maintain trader relationships and trust, which in turn leads to more effective investigations. For others, the hard-line approach reminds traders that they’re on the radar and that their actions will be noticed – leveraging the fear factor. This direct line of action proved problematic for some, however. The greatest concern is tipping off; if you approach a trader as soon as you receive an alert, will they not quickly be wise to the issue and take steps to cover it up? Alternatively, they might shut down and refuse to engage, potentially hampering an open discussion and leading to a less effective investigation.

For the tier-1 head of surveillance, tipping off is not a concern: “they know that if we’re asking, we’re going to bug them about it, so they might as well tell us”. His firm, he added, sees a high-level of self-reporting activity, and the direct approach “simply feeds into this line of thinking…it’s straightforward”.

When does a flag become an issue for HR?

Throughout the supervisory process, compliance teams will undoubtedly see behaviors that, while not directly in contravention of financial regulations, go against the expected conduct and culture of the company. Historically, these issues may have been swept under the corporate carpet. However, as Radar issue 5 highlighted, conduct and culture is high on the agenda of regulators across the globe, and oversight in this area could ultimately spell trouble for firms. So what happens in these instances? Are the compliance team expected to tackle conduct issues themselves? If they uncover suggestions of harassment or bullying through their ecomms monitoring are they passing it on to the HR department – or do they bury their heads in the sand and overlook it on the basis it is not part of their strict market-compliance remit?

A Behavox roundtable attendee told us that, within his company, conduct issues generally get passed to HR in the first instance, however market conduct issues remain with the compliance division. Another commented that in their previous role at a “major money broking company”, the compliance team had taken a blanket view that:

“If it was conduct related, it went straight to HR as the compliance people just didn’t want to deal with it.”

However, attitudes appear to be changing, perhaps swayed by regulators’ interest in non-financial conduct, as one Radar contributor confessed that he sees his role at a new company to include “supervision in conduct, and trying to get office leaders and supervisors to understand their role in setting the cultural tone”.

It may be the case that the resurgent focus on conduct and culture is forcing compliance and HR to work in tandem on issues that compliance teams may have previously ignored. Some compliance teams appear to be involving HR in disciplinary action from the outset as a means of damage mitigation, ensuring they don’t “do or say something that’s inappropriate”.

Other firms have reported that the compliance team and HR team will come together in some instances and speak in a limited capacity about certain issues or actions they’re seeing: “we have discussions whereby they know we’re talking about some report and they’ll say ‘well that’s interesting… because I’m looking at something similar’. But they won’t say anything more.”

The crossover between compliance and HR continues to be limited however, most probably as a means of preserving confidentiality within the two departments. But also, a lack of training and understanding of how the other side operates limits the effectiveness of collaborative investigations. Roundtable attendees agreed in unison that they are seldom informed of what action HR chooses to take in specific cases. In some instances, the interplay between the two functions is restricted to two layers of investigation; the first informing the latter, while remaining distinct: “we sort of look at everything, excluding HR but including compliance breaches or office breaches, and then HR overlay their stuff on top, but they don’t disclose the outcome to the people from the first half.” Another compliance officer concurred that where they escalate cases to HR:

“HR is like a black box. Once you send it in, it goes to an employee relations person and you never hear anything back. So once it’s gone to HR, you consider it case closed.”

The extent to which conduct issues affect the compliance team remains a grey area, though arguably there is a necessary interplay between functions to create a unified expectation of conduct and culture. Moreover, if compliance teams are picking up the scent of an insider threat from a misconduct perspective, it would be remiss if they failed to flag such an issue within HR. There’s a wider game at play here; an HR issue could be indicative of potential foul play across the board. If a person is willing to contravene the company’s culture, they might be willing to flout rules and regulations in the future. The firms that succeed may be the ones who embrace these “non-issues” and take preventive steps by reason of them.

First and second lines of defence – working in harmony or better apart?

The interplay between the first and second lines of defence can be complicated. There’s no blanket-rule surrounding how the two should interact or handle certain flags or alerts. In the event that the first line is picking up an alert or an instance of risky behavior, how long is it before they engage the second line? Who takes responsibility for what? And at what stage?

As might be expected, in the absence of clear guidance, different firms have formulated their own approaches. A former compliance officer at a large European bank, for instance, told us that the first line was responsible for operational issues “like trade reporting, fails, errors”. Instances of market abuse were left to the second line. A roundtable attendee working in compliance at a multinational bank agreed that, generally speaking, their ops issues were handled by the first line. This was the only similarity, however: “we have a second line, which works with the business – for the business – and they develop their own business surveillance which covers issues like P&L, split analysis and some intermediary compliance stuff. And then there’s a surveillance team who are totally independent, with different reporting lines, who look at trade behaviour and the overlay of data on top of that.”

At another EU bank, the first line are given supervisory responsibilities, ranging from fair-pricing to spread information. However, the firm conducts random-sample quality checking to ensure that those supervisory efforts meet a high standard. The head of surveillance at the EU bank told Radar that they’ve taken steps to formalise the standard lines to make it more efficient:

“You need a central system, otherwise you start to get an inconsistent mess with emails and attachments and different interpretations.”

Inconsistencies don’t just occur from bank to bank, they’re also common within firms themselves. At one multinational bank, for instance, there were inconsistencies running across jurisdictions, as well as across first and second lines. The first line of defence was using one system, the second line another. This then varied from country to country: the American branch, for example, had a decentralised approach whereby an issue could be immediately escalated to senior managers. Ultimately, the firm instructed compliance departments across EMEA to all get on the same system and use it across both first and second lines. Consistency was key.

Radar has heard of situations where most issues are handled by the second line – or escalated to the second line very quickly. First-line employees simply aren’t equipped to deal with more challenging market events, they’re often “college kids with no finance knowledge who are sending stuff through to more experienced people.”

With myriad practices across the width and breadth of firms, it’s difficult to establish an industry standard or best-practice when it comes to handling issues across the first and second lines. In many ways, it seems as though the industry has tangentially been doing their own thing – across banks, jurisdictions and even with the first and second line taking different approaches. Firms are treading their own paths, in the absence of a clear structure.

For some roundtable attendees, this is the result of simply waiting for a dominant voice, regulatory or otherwise: “everyone has their own view and it will remain like that until we all get together and establish best practice.” Another industry expert added, “I think the first regulator that speaks up and states what they feel we should be doing in the first line, in terms of supervision, will get a lot of attention.”

Where’s the value in “reading between the lines”?

The collection of alerts and flags of misconduct events across the business, if stored and analysed effectively, can be used to build an accurate risk profile of each employee. Where, for example, a trader has been flagged for a number of low-profile illicit activities, combined with some HR breaches, or some poor (or very good) trades, the compliance team might begin to paint a picture of that individual. More and more we’re seeing businesses move away from manually risk-profiling their employees and instead letting technology do it for them. Moreover, if a firm is awake to the potential of “non-issues” being indicative of future malpractice, they will be better equipped to encourage good behaviors from an early stage – inevitably preventing market abuse having a chance to blossom.

This breadcrumb trail – financial misconduct alerts, HR alerts, speaking to supervisors and traders – is invaluable. As one roundtable member said, “we put them all into the central breach system; the HR breaches and everything else. They all feed into the central system, which also feeds back into the surveillance system so when you receive an alert you can also see ‘hang on…this person’s had breaches for not doing their training’ or whatever else.” The more data you’ve got in the central piece, the more meaningful it becomes. The greater the insights, the more likely it is that you can predict, anticipate and ultimately prevent breaches from occurring in the first place.

The more a firm reads between the lines, shares information and stores that information in a cohesive, intelligent system – the less likely they’ll be on the sharp end of the regulator, or the press.