The extension of Electronic Communications Surveillance operations at a tier 1 bank

3 min read

Case study: Implementing an electronic communications surveillance operation to cover Europe, Middle East, Africa and Asia Pacific

Background

A tier 1, global full-service bank had very limited communications surveillance covering their Investment Banking and Wholesale Markets division. The surveillance undertaken only covered North America and was performed by the Compliance function in accordance with FINRA Associated Persons Supervision Rules.

In response to their own internal LIBOR investigations, and to meet commitments made to the FRBNY (in an attempt to reverse recent BHC rating downgrades), the bank wanted to improve their electronic communications surveillance capability and extend surveillance operations to cover Europe, Middle East, Africa and Asia Pacific.

Project Brief

  • Set-up an electronic communications operation to cover EMEA, meeting the strict delivery deadline and capability agreed with FRBNY
  • Define and create an enhanced surveillance capability that will address the gaps identified by the internal LIBOR investigations
  • Define and create an enhanced surveillance capability that will address the broader compliance risks, business policy breaches and data loss across all electronic communications channels, including voice communications

Challenges

  • Extremely demanding, fixed regulatory deadline (7 months)
  • Multiple jurisdictions (>25) and languages in scope
  • Varying rules of privacy, banking secrecy and worker council engagement to navigate
  • Software currently used by US has limited functionality, unique data taxonomies and is relatively expensive
  • Advanced software solutions at the time were expensive and un-tried, especially in relation to voice surveillance

Solution

Specific solutions identified included;

  • Identifying a suitable and low cost, nearshore location for the operation (Glasgow), organising facilities including secure access controls, hiring and training the staff (initial 16 FTE) and documenting detailed operating procedures including incident review, breach escalation and performance targets
  • Working with legal counsel, HR representatives and compliance in over 25 countries to determine the legal requirements in each jurisdiction, update employee notifications and policies, arrange workers’ council engagements and set up banking secrecy delegation and training
  • Configuring and commissioning vendor software (including defining and testing hundreds of complex lexicon based surveillance rules etc.) and integrating with internal communications systems and reference data sources, as well as providing high volume on-shore data storage solutions with complex access and retrieval security controls

Result

The project was implemented in three phases as follows;

Phase 1 (meeting the regulatory commitment)

a. the basic operational capability rollout to UK

b. the basic operational capability rolled out to major APAC hubs

c. the basic operational capability rolled out to all remaining regional operations across Europe, APAC, Middle East and Africa

Phase 2 (address the recommendations of the internal LIBOR investigation)

a. an enhanced surveillance framework implemented which introduced thematic and risk based surveillance

b. coverage was extended to include broader business policies such as harassment and bullying, data loss etc. and to cover additional channels of communication, including chat and instant messaging

Phase 3 (strategic vision)

a. Finally, the strategic vision was created consisting of;

i. a fully integrated surveillance capability with additional data sources, such as trade surveillance and control room surveillance

ii. advanced surveillance methodologies including behavioural analytics

iii. advanced technology solutions including voice surveillance and relationship analytics

Knowledge Base