This article was written by Tom Fox, renowned author, blogger, columnist, and speaker, also known as the Compliance Evangelist. It was originally published on FCPA Compliance & Ethics Report supporting a special 5-part podcast series originally aired on Compliance Podcast Network. Tom sat down with Phil Fry, VP of Go-to-Market Strategy at Verint, to talk about how Verint is changing the future of financial compliance by challenging accepted wisdom through capture, control, sustainability, and oversight.
Today in Part 2, we continue to talk about the importance of capturing the information necessary to manage risk and compliance in a fast changing world
We began with a consideration of why interaction capture is so important and how it is affected by the latest communication technologies. Fry related that the current regulatory environment for financial services and trading are much more comprehensive and stringent than their predecessors. In their drive to control how businesses and individuals behave, regulators typically require that extremely detailed information is captured and stored about every transaction. In fact, in the case of MiFID II, it is necessary to capture data about interaction that was intended to lead to a transaction – even if the final transaction did not take place. What these regulations have done is catch-up with the plethora of communication channels now available to bankers, traders and customers when they communicate with one another.
This is far beyond calls to land lines, but mobile-to-mobile and voice and video conversations using apps like Skype and Cisco. Moreover, it is not simply paper letters and forms or emails, but also data shared using collaboration tools that allow desktop and file-share, integrated with voice and video. Unified communications or UC tools offer all of these modes within a single integrated environment, which offers customers and bankers alike a lot of convenience and options for how they communicate with one another are only some of the latest innovations. These tools also work on mobile devices, giving the option for a single interaction to range across multiple modes – voice, video and text for instance – whether the parties are in an office or on the move. Of course, regulators in the Foreign Corrupt Practices Act (FCPA) space have spoken forcibly about ephemeral communications.
Regulators are demanding that all relevant electronic communications are captured and stored, financial institutions must equip themselves to capture interactions across all of these communication modes – or else face the possibility that they may be breach of applicable regulations. This means you must do so or avoid using UC and restrict themselves to using only those communication channels that their legacy infrastructure can handle, which is obviously not a business option.
Yet Fry believes that it is possible to capture these communications. He stated, as “new capabilities and channels becoming available, so both compliance officers and their suppliers need to be agile to keep pace. Suppliers of trading recording and compliance systems have woken up to the potential for their financial services customers to modernize operations by exploiting these newer technologies and are beginning to build additional interaction capture capabilities into their solutions. Not many such solutions are currently capable of capturing all of the communication modes offered by Skype-for-Business, say, or Cisco UC. But some are, and these are opening up new and effective ways for financial institutions to pursue and transact business.”
We next turned to proactive compliance in the context of capture. Fry observed that “a potential issue affecting the use of unified communications tools, apart from the ability to capture the interactions, is the increased potential for interactions to fall outside established, compliant guidelines – because they have included the communication or sharing of information that should remain confidential; because compulsory disclaimers or policy disclosures have not been communicated; or because the parties involved should not be talking to one another – conflicts of interest or insider trading, for instance.”
He believes that through the use of proactive compliance, it is possible address these weaknesses and so make it possible to utilize UC tools avoiding these pitfalls. He noted that “the latest version of Verint’s Financial Compliance interaction capture system – aside from capturing all of those additional UC communication modes previously mentioned – also allows compliance officers to configure communication policies that the system will enforce within the UC environment.
He provided the following examples:
- Disclaimers and disclosure notices can be automatically force-fed into instant messenger conversations to ensure that the compliance policy is adhered to.
- IM conversations can also be monitored for certain data that should not be shared with the other party and automatically redact it from the conversation, thus proactively preventing a non-compliance from occurring.
Moreover this approach allows prevention of non-compliant And it can prevent some interactions from taking place at all – identifying that, for instance, a trader should not be in conversation with the firm’s M&A researcher and stopping them connecting a call or IM session.
These additional capabilities can make a big difference to how effective and useful UC tools can be in a financial services organization, because they help to prevent the expanded communication modes resulting in a similarly expanded compliance workload and greater compliance risk.
I then asked Fry how a company could exploit these processes to compliance teams transform their compliance and business operations but use other tools and systems to maintain an integrated compliance landscape. Fry stated that “any business that is implementing new tools will face a period of overlap with the legacy systems they are replacing and none of these capabilities will exist in isolation from the mission-critical systems that support other facets of the organization. Typically there is not a single supplier which can provide every part of the equation, so processes and data will need to be able to flow seamlessly to ensure that all parts of the operation are working with the latest information in a timely fashion.”
The bottom line is effective oversight is critical to compliance officers having a clear view of where problems are occurring and being able to adequately investigate, address and resolve them. Fry conclude “A comprehensive interaction capture solution (such as I described earlier) will yield lots of data about day-to-day activity and operations, patterns and trends that can help prevent and fix compliance issues as well as inform investigations. But as we have just discussed, it does not exist in isolation.”
In the next blog we discuss what control means when we’re talking about compliance in finance.