Like many sectors, the investment banking sector has had to find new ways of working away from the trading floor at a mass scale. This involves the use of back-up sites and remote working, bringing an almost overnight change to the traditional set up. There has never been a time when so many front office staff have had to work remotely and unsupervised (in the conventional sense); a concept that was probably alien to most firms even a few months ago.
These different ways of working are bringing different ways of communicating and trading. Both present a challenge for supervisors and surveillance functions to ensure effective monitoring remains intact.
In recent weeks, a number of regulators including the CFTC, ESMA and BaFIN have released updates, which acknowledge the challenges faced by banks, and have temporarily relaxed certain requirements from a record keeping and surveillance review perspective.
While the measures taken by regulators are necessary, surveillance functions will likely be more than aware of the repercussions and the damage to a bank’s reputation if a significant misconduct case is not detected. At a time when preventative controls, such as compliance presence on the trading floor and supervisory oversight cannot operate as effectively due to remote working, extra reliance may fall on detective controls to identify risks. Trade and communications surveillance is at the heart of this.
Arguably, the biggest hurdle for communications surveillance is going to be how banks control for the use of unmonitored channels. Not only have banks no way of knowing about communications that are occurring on unregistered devices such as personal mobiles or home landlines, but data privacy and General Data Protection Regulation (GDPR) restrictions would most likely prevent a bank from obtaining or monitoring these personal channels in any event.
For trade surveillance, there will likely be challenges around the completeness and accuracy of timestamping orders and trades. The use of unregistered channels to communicate may give rise to risks such as the front running of client orders or dealing on insider information, which could go undetected.
Together with the risk of unmonitored communications and misrecorded trades, surveillance teams are also having to contend with a higher volume of alerts for review and, as a result of recent market turmoil, an increase in the number of false positive alerts. This inevitably places logistical constraints on review teams working remotely and make the identification of potential misconduct – and finding the ‘needle in the haystack’ occurrence – even more difficult, in an already testing time.
With social distancing and remote working arrangements (of some form) likely to continue for the foreseeable future, investment banks will likely refocus on the importance of ‘soft controls’, such as ethics, culture and values, with traditional ‘hard controls’ being largely ineffective in managing this new way of working. The relevance to surveillance functions is twofold. Firstly, a greater reliance on their detective capability to enhance the overall control framework, and, secondly, an expectation that they should be detecting a wider range of cultural and conduct issues beyond market abuse, whether through enhanced lexicons, sentiment analysis or integrating other data points into their surveillance monitoring programs to allow for behavioral analysis.
This period of time can in many ways be a true test of how far the banking industry has come, and whether yesterday’s lessons will impact today’s way of working.