Data silos and legacy compliance monitoring systems – barriers to effective surveillance and comms compliance

Data silos and legacy compliance monitoring systems – barriers to effective surveillance and comms compliance

Steve Burges

Steve Burges

Managing Director, Kerv Collaborate|Kerv Collaborate

Published 31/03/22 under:

Have a question about something here?

Get in touch

Compliance Monitoring Systems – The Need for an Effective, Holistic Surveillance Solution

In a perfect world, compliance monitoring systems would be redundant. Financial regulators would exist solely to define the policies and procedures needed to protect consumers, with compliance departments acting in a purely advisory role to help firms apply these principles according to their own unique requirements and structure.

In this utopia, the process of enforcing these policies would simply be a matter of lending a guiding hand when required. All members of staff, from the most junior clerk to the CEO, would take it upon themselves to adopt and adhere to these principles, working together for the best interests of their clients.

As a result, compliance monitoring systems, surveillance, detection, and investigation of misconduct; abuse; crime; or even just the occasional honest slip-up, would barely be required, if at all. And pigs might fly.

While working towards this ideal culture is undoubtedly commendable, the reality is that the roles played by regulators and compliance, risk, governance, monitoring, surveillance and audit teams are becoming increasingly complex and ever more vital.

Even with the best of intentions, humans make mistakes. People have their own agendas and, with the opportunities and pressures inherent in an industry that focuses specifically on managing the flow of vast sums of wealth, some may be tempted to bend or even break the rules.

Or coerce others to do so on their behalf. Fear and greed can both play a part. Some organisations are ineffectively structured and/or badly managed. Some people just act irresponsibly now and then. 

Digitalisation and globalisation present further challenges. The alarming pace of technological change provides many opportunities for both good…and not so good.

The explosion in the ways that people can now communicate and do business with each other means that strict regulation and enforcement are now more crucial than ever.

With the risk landscape growing more and more complex and new, increasingly granular regulations being continually introduced to keep up, compliance departments must also become more sophisticated in the way they conduct eComms surveillance to monitor and control these risks.

Capital Markets Compliance in the “Golden” Age of Communication

Once upon a time, in the early 1990s, things were simpler. Mobile phones looked like bricks and cost a small fortune.

Telephone calls were all made over copper wires, and email and the internet were strictly the territory of academics.

Meanwhile, Mark Zuckerberg had just started primary school, getting his first lessons in Atari BASIC programming from his Dad.

The closest thing to “Social Media” back then was reading someone else’s newspaper over their shoulder on a crowded train. And the “Cloud” was still just a fluffy white thing in the sky…

Compliance monitoring systems essentially consisted of nothing more than document storage, bulky, expensive tape drives and endless reels of tape, with no easy way to locate specific calls and certainly no way to perform any kind of meaningful analysis.

There was no such thing as ecomms surveillance monitoring because, well…ecomms didn’t really exist.

The mass adoption of email over the following years, along with the explosive growth of the internet into the mainstream – fuelled by huge investment in infrastructure to provide superfast data connectivity – signalled the beginning of a massive transformation.

The commoditisation of mobile phones and rapid expansion of GSM networks revolutionised the way people communicate, to the point where there are now over a billion more mobile connections on the planet than there are people.

With the development of smartphones and the rollout of 3G, 4G and now 5G mobile data services, mobile phones have become indispensable to businesses. Unified Communications and cloud computing allow organisations and their employees to work flexibly, from almost anywhere in the world, with constant access to their corporate network and the systems and tools required to carry out their roles.

Communication with colleagues, clients, partners and other third parties now takes place in countless ways, over numerous forms of media – voice calls over fixed lines, dealer boards and mobiles; SMS; video calls; social media; and an ever-growing list of instant messaging applications, from WhatsApp to Yahoo chat, Skype, Bloomberg chat and everything in between.

Great for staying connected with each other, but a potential minefield for Risk and Compliance departments…how do you control risk and ensure your organisation is compliant when you don’t have proper visibility of what your staff are doing?

The Expanding Scope of Regulatory Requirements for Voice, eComms and Trade Surveillance Tools

With the adoption of new forms of multimedia communication over the years, regulators have had to expand the scope of existing legislation, and introduce new directives, to attempt to mitigate this risk, particularly in the wake of the 2007/8 financial crisis.

The UK Financial Services Authority’s COBS 11.8 directive in 2009, outlining the parameters of a new regime for the recording of voice and electronic communications, included several important exemptions. Most notably, all conversations and communications (except email) over mobile devices were excluded from the recording requirement.

Discretionary Investment Managers were also able to claim exemption for any communications that could reasonably be expected to be recorded on the other end, i.e. by the entities which were carrying out the execution of transactions.

With the increase in mobile usage and the growth in mobile call recording solutions, the mobile phone exemption was eventually removed in November 2011.

The subsequent introduction of MAR and MiFID II across Europe, and Dodd-Frank in the USA, have significantly widened the scope of monitoring, surveillance, recording and reporting requirements and provided a far more detailed breakdown of firms’ obligations and the compliance monitoring systems they are expected to have in place in order to be meet legal requirements.

Certainly in the UK, and no doubt elsewhere, it has become clear that there is a significant disconnect between what many firms have considered to be “reasonable steps” and the expectations of the regulators.

As a result, the extension of the Senior Managers & Certification Regime (SM&CR) in December 2019, to include all FCA-regulated bodies, has caused some considerable concern among many firms.

Industry polls taken in June-July 2019 suggest that an overwhelming majority of firms (84.3%) conduct little or no Voice and eComms surveillance, many (62%) still have “a lot more” or “everything” still to do to implement SM&CR and most (84%) feel that “internal set-up and culture” are a key challenge.

Considering the level of personal accountability being introduced with the regime, it is no surprise then that firms’ trade surveillance technology and communications compliance monitoring tools are now coming under intense scrutiny.

To put it bluntly, when it’s your own head on the block, you want to make sure it doesn’t get chopped.

The Limitations, Costs and Inherent Risks of Data Silos

The underlying issue for many firms originates from the piecemeal way in which new forms of communications media have emerged over time, and the phased expansion in regulatory requirements associated to monitoring, capturing, storing and analysing communications.

Years of having to adopt different systems for new forms of communications data have led to most organisations (both large and small) eventually finding themselves with a fragmented array of disparate vendor, technology and data silos for the surveillance, capture, storage and analysis of various media types.

For example, on one end of the scale, a small, single-site fund manager might have one system to record landline calls, another to capture mobile calls and SMS, another to capture video calls, and a number of others to capture various forms of instant messaging, with some or all of these media types then being stored in separate repositories.

A global investment bank, on the other hand, might have accumulated dozens of recorders over the years, from multiple vendors, spread across numerous countries, just for capturing fixed line calls. These recordings may also be stored locally within each jurisdiction, creating further silos of data.

The dispersal of companies’ communications data across so many disjointed legacy platforms, and the absence of a single, unified view of the data across each of these silos, is the root of many of the problems that businesses face.

Having to work with such a wide range of different systems means firms are not only incurring significant costs (hardware, maintenance, licencing etc.) but are severely limited in their ability to extract any useful information from their data, and are subsequently exposed to very real operational and regulatory risks.

Real-time communications surveillance becomes practically impossible. Any proactive monitoring must be done manually, which is both resource-intensive and ineffective, and leaves firms unable to effectively deal with the volume of false positives often generated by their market surveillance systems. The ability for timely case reconstruction, necessary for Dodd-Frank and MiFID II compliance, is also severely impaired.

If required by regulators to reconstruct a trade within a certain timeframe, many firms would simply be unable to do so. At least, not without spending an arm and a leg on external consultancy fees.

Historically, many might have preferred to just pay the fine – possibly a less attractive option under SM&CR.

The Search for a Holistic Surveillance Solution and The Budgetary Tug-of-War

To address this, most organisations have now recognised the need for a more holistic surveillance solution.

Some of those with deeper pockets are already working with various regulatory compliance software companies to pull together their many systems to form a coherent whole. In general, this has involved deploying a layer of middleware to sit over the top of their myriad legacy systems and provide a central hub.

However, although this does give a more complete view of their data to those firms who can afford it, it is still adding yet another layer of technology and cost, to essentially form a “patchwork of data silos”, as opposed to addressing the root issue itself and breaking down data silos altogether.

In addition, depending on the solution(s) used, firms may still struggle to meet regulatory case reconstruction requirements and deadlines in time; especially if, for example, source data is stored in other countries or is spread across multiple jurisdictions.

For many firms though, budgets and resources are an issue, and taking an expensive and inefficient silo-based approach to compliance monitoring and surveillance is simply not an option.

Even in larger organisations, there is often a tug-of-war between IT and Compliance departments as to whose budget should be used…with the Finance department stuck in the middle.

Using holistic compliance monitoring software for effective market abuse surveillance, however, is now a vital requirement for all firms, and affects all departments.

A solution is required that removes cost as an obstacle. A solution which, by eliminating data silos and replacing them instead with a single, unified platform for monitoring, capturing, normalising, storing and instantly recalling all forms of voice and electronic communications and market data, allows firms to reduce costs rather than add to them.

Such a solution would have far-reaching benefits, solving critical problems faced not only by Chief Compliance and Risk Officers, but also by Heads of Technology, Operations and Finance – as well as, ultimately, Chief Executives.

And of course, most importantly, resulting in a better, safer service for end customers. Which is the whole point…right?

The Holy Grail of Compliance Monitoring Software – “What If…?”

Technology and cultural change will always be around, forcing organisations to adapt. Mankind, by our very nature, will always ask “what if?” – forever pushing the boundaries of possibility, until the “impossible” eventually becomes the norm.

The challenges facing regulated firms will continue to evolve constantly. What may appear almost insurmountable now, will eventually become commonplace.

For now, financial institutions need to undergo a significant shift, moving away from the use of layers of legacy compliance monitoring systems and controls to a single, unified, holistic surveillance solution that allows them to meet the challenges of today and the road ahead.

The question is…what if? What if this solution already exists? See https://edge-edge.co.uk/soteria.

Related Articles

You might also be interested in

From our world to yours

Compliance monitoring under the spotlight

From our world to yours

The rise of business messaging apps and the need to stay on...

From our world to yours

Compliance: important ownership changes while adapting for flexible remote workforces

From our world to yours

What it takes to top the Gartner CCaaS Magic Quadrant

From our world to yours

Why gamification is topping the bill for contact centre agent workforce management...

From our world to yours

8 contact centre trends to future proof your business

From our world to yours

Spotlight on Local Government – Where is CX heading for citizens?

From our world to yours

Think bigger with Microsoft Teams.

From our world to yours

Microsoft Teams is here to stay, what’s the next step?

From our world to yours

At Kerv we want to make customer-first really mean something…

From our world to yours

Different by design

From our world to yours

How Engagement Technology is Transforming the Membership Sector

From our world to yours

A modern CRM system needs a modern data platform

From our world to yours

What is… Microsoft Cloud for NonProfit?

From our world to yours

6 Back-office technologies modern supply chains should already be using

From our world to yours

Re-imagining CX in a golden age of integrations – combining Genesys and...

From our world to yours

Maximising CX value through AI-driven digital engagement

From our world to yours

Experience as a Service: What it is, why it’s important and where...

From our world to yours

Achieving empathy across digital channels

From our world to yours

Redesigning CX from the ground up

From our world to yours

Genesys EMEA Cloud Partner of the Year 2020

From our world to yours

Life at Kerv Digital As A Functional Consultant

From our world to yours

Life @ Kerv Digital as an Apprentice Power Platform Consultant

From our world to yours

How To Increase Efficiency With Dynamics 365 Supply Chain Management

From our world to yours

Supply Chain Control Towers – The Tech That’s Changing Logistics Forever

From our world to yours

Supply Chain Digital Twins – The What, The Who & The Why...

From our world to yours

On-Demand Logistics & The Tech That Makes It Possible

From our world to yours

What Is… Insurtech?

From our world to yours

What Is… Microsoft Cloud For NonProfit?

From our world to yours

16 Times You’ve Been Using Artificial Intelligence Without Realising

From our world to yours

Jack’s Worried – His Website Is Losing Him Dues Paying Members

From our world to yours

From Paper Based To Cutting Edge… With Zero Downtime

From our world to yours

Life at Kerv Digital as a UX Designer

From our world to yours

Sarah is Sad – Her Staff Aren’t Finding New Members Or Engaging...

From our world to yours

How To Squeeze Hidden Value From The Hidden Data You Didn’t Know...

From our world to yours

Reducing Member Churn & Delivering Member Insights With Data Science

From our world to yours

Life @ Kerv Digital As A Dynamics Functional Consultant

From our world to yours

The Effect Fintech Is Having On Our Everyday Lives

From our world to yours

Dealing With Ethical Walls In Tech… Ethically

From our world to yours

Life @ Kerv Digital As A DevSecOps Engineer

From our world to yours

IOT: Dragging The Future Of Healthcare Into Today

From our world to yours

How Will Tech Revolutionise Health Care Over The Next Half Century?

From our world to yours

Empowering Public Transport With Big Data

From our world to yours

Putting Patients First Vs. Cost Concerns

From our world to yours

Life @ Kerv Digital As A Power Platform Solution Architect

From our world to yours

What’s The Best CRM For The Membership Sector?

From our world to yours

How Remote Patient Monitoring Data Can Drive Health Efficiencies

From our world to yours

Is A Career In NonProfit Digital Transformation Rewarding?

From our world to yours

Six Back-Office Functions NonProfits Should Be Using Robotic Process Automation For

From our world to yours

How Data Storage Management Will Change In 2022

From our world to yours

Business Central Vs Sage – Which Does Your Organisation Need?

From our world to yours

How To Debug Something With A Rubber Duck

From our world to yours

Using Design Thinking To Empower Digital Transformations

From our world to yours

How Business Central Can Keep You GDPR Compliant

From our world to yours

What Can Business Central Actually Do?

From our world to yours

Why Data Classification Is Vital To Your Organisation (And How To Easily...

From our world to yours

How To Inspect Items When Using The Execute Pipeline Activity In ADF/Synapse...

From our world to yours

How To Create UI Flow’s In Power Automate

From our world to yours

D365 BC Vs D365 FO: Let’s Settle This Once And For All!

From our world to yours

How To Drive Donor Engagement With Kerv Digital’s Free Powerups

From our world to yours

9 Awesome Benefits To The Microsoft Dataverse

From our world to yours

Canvas Apps Vs Model-Driven Apps

From our world to yours

How To Set Up Field Monitoring In Business Central

From our world to yours

Check Out The Benefits Of The Microsoft Catalyst IDEA Framework…

From our world to yours

Component Led Development, Or… How To Make Your Organisation Instantly More Resilient

From our world to yours

How To Achieve A Single Customer View In 5 Easy Steps

From our world to yours

Best Practice For Creating Cloud Flows With Microsoft Power Automate

From our world to yours

Legacy Estate Reduction… Or When To Get Rid Of Old Tech

From our world to yours

What Is Fintech?

From our world to yours

How To Get Better At: Online Continuous Personal Development (CPD)

From our world to yours

Virtual Exam Proctoring (Or How To Stop People Googling The Answers At...

From our world to yours

How Hyperautomation’s Benefiting PAO’s (Professional Accountancy Organisations)

From our world to yours

Cyber Security For Remote Working… How Everyone Can (And Has To) Pitch...

From our world to yours

What Is An Advanced Persistent Threat (APT’S) Attack?

From our world to yours

Visualising Your Data Differently With Power BI

From our world to yours

Database Marketing – What Is It & How Can You Benefit From...

From our world to yours

Microsoft Dynamics Cloud Licensing Options – What’s Available?

From our world to yours

Privacy By Design – What You Need To Know

From our world to yours

How To Connect To A Named Sandbox Environment

From our world to yours

What Are The Different Types Of Cloud Licensing Agreements?

From our world to yours

How To Export To Text Files From Microsoft’s Business Central SAAS

From our world to yours

Technical Debt – The What, Why, When & How Do I Get...

From our world to yours

Ensuring Business Continuity With The Microsoft Stack

From our world to yours

What’s The Best CRM For The NonProfit Sector?

From our world to yours

Rage Donations – How To Engage Past The ‘Now’

From our world to yours

What Is It & How To Avoid: Vendor Lock-In

From our world to yours

The Bad Guys Don’t Care You’re The Good Guys

From our world to yours

Build The Future Of The NonProfit Sector… Today

From our world to yours

Data Protection & Artificial Intelligence: Best Practice

From our world to yours

Shadow IT – 9 Things To Look Out For & 1 Unexpected...

From our world to yours

Organisational Debt & Why It Makes Digital Transformation Hard

From our world to yours

Discussing All Things RPA… Robotic Process Automation

From our world to yours

Creating A Low Code App Using PowerApps & The Power Platform

From our world to yours

Now’s The Time To Get Excited About Cognitive Search

From our world to yours

If You Don’t Have An Automated Deployment Process… You’re Already Obsolete

From our world to yours

Tips & Tricks To Creating Successful Volunteer Management Systems

From our world to yours

The Five Types Of Cyber Criminals

From our world to yours

Security-By-Design: Or… Better Safe Than Sorry!

From our world to yours

Leading With Technology In The Membership Sector

From our world to yours

What Does IAAS, PAAS & SAAS Stand For?

From our world to yours

What Is Business Architecture?

From our world to yours

What Is Data Gravity? (And How Your Organisation Can Benefit From It)

From our world to yours

How To Fix DateTime Stamps In Microsoft Dynamics 365

From our world to yours

6 Easy Steps For Promoting A Culture Of Cyber Security

From our world to yours

15 Cyber Security ‘Things’ To Safeguard Your Business

From our world to yours

Microsoft Dynamics 365: Settings In solutions

From our world to yours

13 Ways To Save Money When Using Microsoft Azure

From our world to yours

The Problems With Addresses In Microsoft Dynamics 365

From our world to yours

Understanding The Benefits Of Predictive Science In The NonProfit Sector

From our world to yours

Top 6 Digital Impacts On Membership Organisations

From our world to yours

The 7 Stages Of A Successful AI Project

From our world to yours

What’s The Difference Between UI And UX?

From our world to yours

8 Ways Your Business Can Increase Turnover With Big Data

From our world to yours

Dynamics 365 In NonProfits

From our world to yours

Kerv acquires TDS Global Communications Compliance Practice

From our world to yours

What is Microsoft’s Power Automate?

From our world to yours

What is InvestTech?

From our world to yours

Derek Is Stressed – His Purchasing Team Aren’t Coping With Long Winded...

From our world to yours

Life @ Kerv Digital As A Jnr DevSecOps Engineer…

From our world to yours

Life @ Kerv Digital As A Principal Architect

From our world to yours

Life @ Kerv Digital As An Azure DevSecOps Engineer…

From our world to yours

Life @ Kerv Digital As Head Of Client Services, Public Sector

From our world to yours

Life @ Kerv Digital As A Junior DevSecOps Engineer

From our world to yours

Life @ Kerv Digital As A Graphic Designer

From our world to yours

Microsoft Inspire 2022 – Here’s All The Big Announcements!

From our world to yours

The Need for WhatsApp Compliance Recording

From our world to yours

Life @ Kerv Digital As A UX Researcher

From our world to yours

Life @Kerv Digital As A Senior Delivery Manager

From our world to yours

Life @ Kerv Digital As A Senior Delivery Manager

From our world to yours

Data Silos and Legacy Compliance Monitoring Systems – Barriers to Effective Surveillance...

From our world to yours

Kerv and Venari Security Partner to Widen the Lens of Enterprise Encryption

Have a question?

Leave your details and a member of the team will be in touch to help.
Type your first name here
Type your last name here
Type your phone number here
Type the company you represent here
By pressing send, you agree to our Terms and Conditions and Privacy Policy.
This field is for validation purposes and should be left unchanged.