How to overcome the challenges of eComms Surveillance
In 2021, J.P. Morgan was fined $125 million after the SEC found that one of its broker-dealer subsidiaries failed to properly monitor and archive business-related communications. Whatsapp chats and emails were two of the channels highlighted in the legal proceedings, and JP Morgan blamed that fact that they were held on personal devices.
Written by a human
For financial institutions, proper eComms surveillance isn’t a nice-to-have, it’s a necessity.
Learn exactly how to monitor your staff’s digital messages, and how to avoid some of the common pitfalls associated with eComms surveillance, to avoid embarrassing data integrity problems, fraudulent behaviour and regulatory fines.
What is eComm Surveillance?
eComm surveillance refers to the monitoring of electronic communications.
It’s usually conducted in a businesses like financial institutions, in order to prevent and identify misconduct like:
- Insider trading
- Unauthorized access
- Comms duplication within records
Having a record of communications enables companies to regularly audit, and quickly find any suspicious messages. And just knowing that trade surveillance is happening can block some perpetrators from committing market abuse or fraudulent acts.
Challenges of eComms surveillance
In large enterprise companies, it can be difficult to properly capture and monitor all of the electronic communications. Especially when team members use personal devices, have private conversations on social media apps, and deploy tools for ‘disappearing messages’.
Three of the most common challenges include:
- Storage
- Non-compliance
- False positives
Storage
Companies who monitor their communications are collecting huge amounts of data on a daily basis. In fact, one Global Relay client transferred 10 petabytes of data, which is the equivalent to more than 10 million tall filing cabinets!
Thus, organizations need access to bespoke storage options that are not only large enough to store this info, but can protect the integrity of the data and keep it secure. This should improve the quality and integrity of data, without the risk of it becoming corroded over time.
Non-compliance
For many companies, the “why” in e-comms surveillance is for regulatory purposes. Around the world, many regions dictate the collection and processing of electronic comms for regulations like GDPR and the CCPA.
For example, MiFiD II requires financial firms in the EU to properly record and archive all communications that may result in transactions.
Non-compliance with this regulation would not only lead to FCA fines, but also reputational damage. As the company navigates the knock-on effects, expect to face resistance from new contracts, third parties cutting ties and a lack of trust from customers.
Thus, when approaching e-comms surveillance, remember to plan your strategy around existing regulations and ensure you’ll remain in compliance.
False positives
The purpose of e-comms surveillance is about spotting suspicious activity within your employee and customer messages, but it’s not always perfect.
Since it’s large financial companies that must perform e-comms surveillance, teams rely on generative AI algorithms to collect and analyze messages en masse. And while it reduces the risk of human error, algorithms tend to increase the risk of false positives.
Most insightful technology algorithms rely on machine learning that works by searching for specific keywords or patterns of language. By using this method, companies lack the important context within messages and could make the mistake of falsely flagging a communication that is not suspicious.
Context is key, so it’s important for your algorithm to consider the surrounding words and phrases outside of the suspicious text. Moreover, guiding your employees with specific policies should help avoid the flagging of false positives.
How to perform e-Comms surveillance the right way?
There are four steps to a foolproof eComms surveillance process:
- Set it
- Spot it
- Review it
- Prove it
Set it
First things first, decide where to set up your surveillance. We suggest choosing a technology that can monitor across all channels, from written comms to voice data and even trading documents that could present in an unusual format.
Setting the communications compliance policies is also important. Some examples include policies around:
- Fraud such as insider trading
- Gifts
- Misselling
Spot it
Spotting suspicious electronic communication messages requires a range of tools, such as AI and machine learning, lexicons and metadata. You’ll connect every account and device to the system, and let the algorithm do the work to comb through. While it works in real-time, you’ll also benefit from the automatic records of all communications, stored securely.
It’s also important to exclude content that can be deemed ‘low risk’, such as approved marketing material or discussions on the subject that might constitute false positives.
Review it
When a communication triggers a hit on the system, ensure it’s routed to the appropriate individual or team for manual review automatically.
On-demand analytics dashboards can help the reviewer to quickly understand context (why this has been flagged) and identify patterns within the messages. Then, they can choose to either take action by investigating further, move the file to another team member, or document their findings.
Prove it
The prove it stage is useful for two reasons:
- Getting a case together
- Assessing patterns, such as who the most frequent offenders are, and taking action
A real-time log of the communications, review and next steps is useful for external auditors to approve that your team has dealt with these violations in the best possible way. Check for WORM compliance to prove that every action cannot be edited after it is logged – as this will protect the integrity of the system.
Plus, easily generate reports based on the data to bring new ideas to stakeholders, create a case for new policies, and reduce the number of communications policy violations over time.
Get support to monitor your electronic communications
J.P Morgan was not the only bank to violate SEC regulations. In 2020, two senior Morgan Stanley executives were fired from their jobs after allegedly using WeChat to improperly discuss sensitive trading information. It was a good eComms surveillance system that enabled Morgan Stanley to spot the suspicious activity, and deal with it without risking reputational damage or regulatory fines.
Avoid the pitfalls of poor e-comms surveillance by partnering with Global Relay. Our communication surveillance enables you to proactively supervise all corporate comms on one system, including email, IM, voice calls and files. Find the areas of risk before they turn into problems with a demo of Global Relay.
