Billions of dollars in fines and rising
Nearly half a billion dollars in fines announced by the European Commission for trading cartels involving ten global banks is a stark reminder of the challenges firms face in monitoring chat and instant messages to detect misconduct. Communications in chat rooms enabled the sharing of commercially sensitive information to go undetected for several years.
The traders violated EU rules that prevent anticompetitive business practices such as collusion on prices. The traders were in direct competition but knew each other and were in regular contact in chatrooms, where they colluded on trading strategies, exchanged sensitive pricing information and coordinated on prices.
These latest penalties add to the multi-billion dollar fines already levied over the last decade for interest-rate manipulation and price fixing, where ineffective compliance controls enabled traders to share confidential customer information with peers at competitors through chatrooms. Supervisory weaknesses in detecting misconduct led to some banks having no option but to disable chat.
The critical need for compliance oversight
Fast forward a decade and not only is chat integral to workplace communications, it has become more complex to supervise. With GIFS, images, links and files routinely attached along with emojis and reactions, compliance strategies need to address the heightened compliance and security risks. Particularly, given that working from home and the adoption of hybrid work-from-anywhere models has driven the exponential increase in chat usage. Whilst regulators have shown significant flexibility in supporting firms through the pandemic, it’s clear they still expect rigorous controls around communications even when staff work at home. The FCA has reminded firms of the need to continue to comply with recording obligations in SYSC 10A which remain the same whether staff are remote or in the office. Reports that banks are asking individuals to retain messages sent on personal devices reinforces the challenge of providing compliance oversight and meeting record retention requirements.
“It is important for firms to proactively review their recording policies and procedures every time the context and environment they operate in changes. We expect firms to have a rigorous monitoring regime, commensurate to the increased risks, where in-scope activities may be conducted outside the controlled office environment.”
FCA, Market Watch 66, January 2021
With regulators laser-focused on firms’ conduct and culture, coupled with accountability regimes being rolled out around the world designed to hold individuals personally liable for their behaviour, it’s more important than ever for firms to be able to detect and mitigate the risks of misconduct. Even in the case of the recent cartel fines, the banks that identified and proactively self-reported to the Commission were granted immunity from paying any penalties. Senior management must be able to demonstrate to regulators that they have both effective communications controls in place and have learnt the lessons from legacy misconduct and compliance failures within the industry.
What are the challenges in monitoring chat?
The enormous volumes and unique nature of chat features presents complex security and compliance challenges. That’s added to the regulatory requirements to retain electronic communications, from MiFID II requirements to SEC 17a-4, and the need to swiftly access records for regulatory supervision, legal investigations or customer complaints.
How technology is enabling firms to manage the risks
In parallel with the growth in chat usage, developments in technology, artificial intelligence (AI) and machine-learning (ML) techniques are enabling firms to unlock the business value of collaboration platforms. Firms are able to maximize the productivity benefits of using chat in Microsoft Teams, Cisco Webex, RingCentral, Glip, Slack, Zoom and other modern platforms whilst complying with critical regulatory requirements .
Theta Lake’s purpose-built AI-powered risk detection capabilities enable safe and compliant collaboration, reducing the overall cost of compliance and risks of non-compliance. The use of advanced AI, ML and NLP technologies facilitate more efficient and effective compliance, risk and data security management through:
Find out more about how Theta Lake can help identify and reduce the risks of misconduct in what’s spoken, typed, shown or shared by scheduling a live demo.