This article was written by Tom Fox, renowned author, blogger, columnist, and speaker, also known as the Compliance Evangelist. It was originally published on FCPA Compliance & Ethics Report supporting a special 5-part podcast series originally aired on Compliance Podcast Network. Tom sat down with Phil Fry, VP of Go-to-Market Strategy at Verint, to talk about how Verint is changing the future of financial compliance by challenging accepted wisdom through capture, control, sustainability, and oversight.
Control in the Verint process relates to the tools and techniques employed to keep operations compliant “in the moment”. In the tripartite compliance formulation of prevent, detect and remediate, it is (1) preventing non-compliant actions taking place, (2) detecting them when they do so, and (3) taking immediate remedial action when they are uncovered.
This can occur through monitoring, sometimes in real time or near real-time as it’s sometimes referred to. Monitoring can be even periodically, every week or month perhaps; recognizing the further you move away from the moment, the less opportunity there is to stop the non-compliant conduct and remediate. Nevertheless Fry noted it can become a “learning point” – something to inspire changes to processes so that we avoid a reoccurrence in the future.” Clearly the optimal approach is for a compliance regime to operate proactively so that it can spot situations where compliance breaches are in danger of occurring and step in to prevent it.
I asked Fry if he could provide some examples of the foregoing. He discussed “taking a cohesive approach to validating the collection and quality of the interaction data that is gathered during the capture phase of your compliance measures such as call recording.” Due to the communication channels and technology in use today whichever is expanding and recording or capturing interactions can get complex. It is not at all unusual for elements of this technology eco-system – sometimes software, sometimes devices – to stop working as intended – but because it’s largely working silently behind the scenes, it often goes unnoticed. The first you know about it is when you need to collect all the recordings for a regulatory review and discover that a trader’s turret had not been reliably recorded for the last 3 months and that included the period of the transactions under investigation. That is not a good thing to be trying to explain to the regulator.”
To counter this possibility many organizations carry out daily checks to see that recording platforms and physical devices – like handsets and Dealerboards – are working correctly. But this is hugely resource-intensive and time-consuming. And despite that, it probably still doesn’t give you assurance that everything is under in control, because you don’t have the manpower to check 100% of the infrastructure, 100% of the time.
If that task were handed over to an automated validation tool, you could run comprehensive “start-of-day” tests, every day and know whether everything is working properly, rather than guessing or hoping based on a partial sample. If there is a problem, you can take the action needed to put it right or circumvent it before business is transacted in a non-compliant fashion. The increase in efficiency and levels of assurance that result is a huge benefit for the organization as a whole and allows the compliance team to spend their time on more complex tasks that demand their special skills.
Applying these concepts across an ever-changing and evolving environment is obviously a challenge. To achieve this, Fry believes “it is vital to adopt open standards when creating these capabilities. There will always be a mixed bag of solutions at play for these compliance requirements, not to mention the systems in the back-office. It’s only by embracing an open approach that we can help these various systems to co-exist and inter-work with each other. The view of some suppliers that all you need is an all-in-one proprietary solution, doesn’t work in the fluid environment we now find ourselves in.”
The onboarding process in HR is critical to any organization but it is equally important to control in the compliance environment. It is possible to automate that process to provide confidence that no-one is left out from control, that new starters or those changing roles are monitored and recorded in accordance with your policy from Day 1. Finally, the way in which these “Ethical Wall” features operate, to prevent non-compliant exchanges or to intercede and ensure that appropriate policies are followed, is another great example of how the technology can be used to provide greater control.
Stay tuned for the next blog where we take a deep dive the into tools, processes and techniques to keep operations compliant.