The EY Trader Surveillance Team Watching the Watchers

Published On January 28, 2019

Financial crime experts Glenn Perachio, Richard Palmer and Tom Goodman from the EY trader surveillance team join Radar for a fireside chat to talk about their work and the forces shaping the compliance technology market.

Let’s start with an introduction to the EY Trader Surveillance team; who are you, what do you do, and how many members are there in the team?

Glenn Perachio (GP): The team is global, we have partners across the Americas, APAC, EMEA, and more than 1,500 professionals focused on the broader umbrella of financial crime.

Surveillance has a series of functions that have to do with understanding the entire risk framework. This includes people who advise on target operating models, lines of defence, those who advise on risk and controls, or the general governance and training, even the surveillance in its many different variations; there are homegrown technologies, or legacy, some look to regtech, and there are those which are components they have built across a number of providers.

At EY we sit across a pretty complex landscape of internal legacy, regtech capabilities and we try to help our clients navigate through the broad group.

Richard Palmer (RP): Financial crime has been identified in the marketplace as a major area of concern, so consolidation of skills in that area under a global banner is more joined up than it was perhaps two years ago.

Tom Goodman (TG): A great example of the scale of the operation here, and in the industry, is the financial crime Tech Sprint we hosted for the FCA a couple of months ago. We had 400 people from across industry coming to our Canary Wharf office, from the vendor side, client side, banks, professional services, all coming together to try and tackle these problems. It shows the level of focus that industry has on financial crime at the moment.

What are current regulatory expectations as regards to surveillance? Do regulators want firms to do more when it comes to bolstering defences?

GP: I think the regulators understand the inherent difficulty of moving from a low or no-monitoring area, such as in FX, to having a number of different controls against a complex data set.

I believe the UK FCA is pushing organizations to go beyond ‘just adequate’. They want them to move beyond a first generation where you get the trade in place to have more context around all the different signals and aggregates showing what the trader knew, what the trader did etc. In the broader universe, moving beyond unauthorized trading to collusion. Broadening the analytics is asking not just what happened but why, what next, and having the accompanying trending analysis.

We see the FCA asking questions around this, but right now I still feel firms are trying to get the basics right, and their baseline, and that starts with data. The expectation of having a data lake but walking into a data swamp is one we hear very often. The nature of how that data exists needs to be interplayed between multiple systems both legacy and new; it becomes like a game of ‘whack-a-mole’, where you solve one problem but another pops up.

RP: There is a view from our roundtables that the vendors don’t have solutions, which feels like an excuse, legitimate or not.

Clients often feel there is no technology that can solve all of their problems, which can be used as a smokescreen for failure to move. We hear conversations that the FCA came in, and firms said they were looking at newer technologies, but the reality is the FCA wants them to use something the regulator itself is happy with. Unless you can turn off your old solution, there often isn’t a business case for the new one.

TG: We work closely with the FCA’s advanced analytics team who ran the Tech Sprint. They are focussed on helping the industry to use regtech, and helping both industry and regulator use more advanced analytics effectively. The regulator is absolutely committed to supporting industry, and it is a case of the industry, regulators and third parties coming together.

How has your practice evolved? What are the main demands clients ask for now?

GP: Compliance, in general, is under pressure to reduce costs while at the same time maintaining a level of confidence with the regulator’s reporting requirements. In order to use more sophisticated data analytics, there has to be a better understanding of the benefits of how that allows the lines of defence to operate more efficiently.

The advent of regtech providing a challenge to legacy systems is an important development too. I don’t think any bank believes holistic surveillance is going to come tomorrow, and companies that have promised this have fallen into doubt. It is a matter of some pioneering smaller steps. A better understanding of a wash trade, for example, can definitely occur when you look at what people were saying on calls or email at the time. You begin connecting the dots which can surface more material risks.

RP: The conversations have gone from “I have this database to be surveilled” to “I have traders that need to be surveilled”, which are two very different starting axioms, but this is what the market is asking now. There is a willingness to step beyond the traditional vendor solutions and draw out additional insights by fusing all that data together. That opens up opportunities for many of us, as the banks move beyond having ecomms and trade surveillance in different areas.

GP: Helping navigate through a bit of the buzz. Biometrics and voice surveillance can be useful, but in the context of an energy trading desk it is very different from, for example, FX trading desks.

What are the essentials of good surveillance monitoring?

TG: We wrote a white paper last year on the future of trader surveillance and landed on four key cornerstones of a successful surveillance solution; we term them ABCD’s. Accuracy, breadth, culture and data. The difference we see between firms who successfully deploy surveillance systems and those who struggle is the latter; the forerunners get all four of those elements right. Firms we see with difficulties are likely to be falling down in one of those four areas. It may be they get their data and technology right, but culture is a challenge.

RP: We know from the investigatory work which patterns to look for, how to bring things together to reveal those patterns. There are a set of known patterns out there you need to be monitoring for.

TG: The recent FMSB paper went to a good level of detail in describing the long term patterns of behaviour. We often see focus on developing scenarios based on specific recent cases, but with less attention paid to the more general pattern of behaviour that these cases are examples of.

How much of a battle is there in educating the client on the current surveillance technology market?

TG: A lot of what I spend my time doing is joining two areas; identifying a client’s highest risk, which is generally their highest residual risk, and assessing the vendor market to see what capabilities are open and what impact that can have on the business. Bringing those two things together is challenging and requires a mix of skill sets.

What do you make of the rise of the 1.5 line of defence? Is it becoming more widespread?

TG: We have written on this previously as we do get asked questions, and we have definitely seen a growth of the 1.5 line. However, we still see a mix across clients, of those who carry out surveillance more traditionally within compliance, to those who have moved to the 1.5 line where surveillance is performed within front-line controls, with the second line taking an advisory, check and balance role.

GP: A barrier between the first and second line often appears because of the difficulties of interpreting where the business sees risk and how it may surface in an alert or in so many false positives; an example may look like front-running but it’s building up liquidity. Before you go to more fancy techniques, you want fine-tuning of a model.

A 1.5 line has sometimes introduced a greater sophistication through a larger number of quants who can fine-tune the models, but there is a human element that is not necessarily solved by that; the language a quant may speak might not travel well through those lines.

Behavioural analytics is trying to get more human information around not just the trade but what people said and did around it, and I think that will ultimately help move the dial. Whether it is adding that to the 1.5 line, or a front office owning the risk and better monitoring that. Moving structures out of the first line, either into 1.5 or 2.0, is not going to help with that.

When you add in the Senior Managers Regime, there is a lot more onus on the front office to get it right.

RP: From an investigatory and a surveillance perspective we have been working very closely with ex-traders. For a period of time, there was a bit of a blurring between lines 1.0 and 2.0, and everyone knuckled down to fix the problem. Whether it stays or disappears into the old model, we’ll only know over time.

In our line of work we are trying to see if there is information to be extracted out of alerts that have already been generated from the solutions, and putting those alerts together holistically; voice, ecomms, trade. That is one level, the other is getting underneath the data which sits in all of the alerting systems, and seeing if there is a data fusion. There could be an order, a trader position, prevailing tick prices, and if there is value in fusing those together and looking for a pattern with new alerts completely out of the underlying data. These are the two techniques we are using.

Which regulations are having the greatest impact on your clients?

TG: MiFID II is still having the largest impact, but it’s quite positive, to be honest. For surveillance teams, it means the data quality they are receiving through certain reporting exercises has resulted in them being fed information that is fundamentally of a higher quality. Data quality is still one of the largest challenges our clients face, but over the last eight months, there has been a marked uptick in quality.

What is the best or most exciting part of your role?

TG: For me, the changing role of the surveillance analyst as they are given more powerful systems to use, more insights into behavioural metrics and indicators. The role is shifting from one that would have once meant a lot of time sifting through large volumes of false positives and working through a large lists of alerts to close down, to a role where more time is spent investigating and drilling through the behaviours of the individuals they are looking at, to really understand what is driving those under surveillance, to identify and understand the unusual activity.

GP: We come from the initial vantage point of investigations, before moving to remediate, prevent and detect. In investigations, we employ a huge variety of tools around behavioural analytical, machine learning and artificial intelligence, review platforms, that have really changed the game. We have gone through the journey with judicial systems around the world to ensure it is a defensible and transparent technology. To have the capability to use that, we are very excited about developments in the compliance space using AI. We see the industry moving more towards insight and investigations, the key thing is getting that technology deployed correctly in a repeatable transparent way that we can help clients explain to regulators.

RP: When you have applied all that and genuinely found something new, that is what I find exciting. When you can reveal something to the client or they find something themselves that they did not know. Better detection is what it is all about.

How is the year ahead looking for you? What will be keeping you busy?

TG: We are two years post-MAR, and I think most of our clients have brought themselves to a level where they are largely comfortable with their compliance; the focus now is largely shifting to how firms can be more efficient in our application of surveillance controls. We do also continue to see the rollout of more sophisticated surveillance across some of the asset classes with less mature surveillance, for example fixed income markets and OTC products.

And we continue to see regulatory expectations and industry standards evolving. The financial crime guidance consultation from the FCA earlier this year is on a lot of plates. Firms are also now starting to look at surveillance and monitoring of their customers since they have an obligation to ensure they are compliant, and the banks themselves are not unwittingly manipulating the market through following client trading instructions.

RP: More of the same; how to create more confidence, be more effective, make better use of our existing surveillance landscapes by fusing data in creative ways. Hopefully we can continue and expand.