Is Big Brother really watching

In recent years many investment banks have suffered significant losses due to unauthorised and / or poorly monitored trader activity. High-profile instances such as the USD $6 Billion London ‘Whale’ loss at JP Morgan and the ongoing fallout from the Libor rigging scandal have highlighted the need for the implementation of better controls and policies.

Although historically, the compliance department was primarily responsible for surveillance processes and highlighting breaches, a parallel set of risk and control responsibilities owned by front office supervisors has now emerged. Unfortunately, the level of automation in place to assist supervisors is not sufficient and overwhelmingly report-based, making it necessary to manually wade through swathes of data; a task that is unsustainable, ineffective and prone to error.

An emerging trend of placing the responsibility for surveillance in the front office represents an ideal opportunity for banks to re-evaluate how they perform trader supervision and to improve the user experience of the surveillance workflow with a focus on reducing the time it takes supervisors to review and spot suspect behaviour.

Report-based to exception-based

Simply put, a report-based approach means that far too much data must be analysed to meet regulatory obligations. An alternative, exception-based model allows the bank to map the steps that a supervisor takes in manually evaluating transactions, holdings and risk data to find issues in a ‘defined scenario’. A surveillance system can then extract exceptions that are out of the ordinary and worthy of further investigation, thus automating a previously laborious and manual task.

There are ‘out-of-the-box’ solutions are available from a number of vendors to meet regulatory requirements, but to arrive at a truly effective scenario, a cross-functional team from both ‘business’ and ‘IT’ must collaborate to outline their needs. Other criteria for success include an enterprise wide, integrated approach to supervising transactions and a centralised case management system to provide the ‘glue’ for all control processes.

It will always be difficult to source high quality transaction and reference data, but either clean data, or a surveillance system that can handle ‘imperfect data’ is a prerequisite for moving to exception-based supervision. Accepting that data quality isn’t perfect allows for the design of processes that still product valid alerts and ensure that the metrics that are derived for executive consumption are accurate.

Proactive, not reactive

Even where surveillance systems are robust, they often rely on a ‘reactionary approach’ to the unauthorised behaviour of miscreants, whereas a more sophisticated view of the problem identifies incidents before they materialise, helping to avoid them altogether. The aforementioned ‘rogue traders’ may not begin with bad intentions, but a minority will always try to hide incurred losses and recover them by taking greater and greater risks. This activity must be spotted before it’s too late; by paying attention to what ‘normal’ looks like and monitoring for behaviour that is ‘out of the norm’. One such sophisticated type of surveillance that is emerging is a network analysis approach that maps connections between individuals and correlates this with data about their role within the bank, highlighting possible areas of concern.

It is possible to define a comprehensive surveillance approach but it takes a cross functional team to first determine what behaviour needs to be looked for and if found, how material breaches will be highlighted effectively for investigation.

This blog appeared on Finextra. Click here to see the entry on the Finextra website