A recent webinar hosted by RegTech Insight and sponsored by Smarsh, brought together industry leaders to explore innovative strategies for tackling conduct risk.
The panel included Sepehr Irandoost, Head of Global Surveillance Effectiveness and Efficiency, Bank of America; Marili Anderson, Head of Compliance, Rabobank; Theo Hill, Senior Director of Product Management, Smarsh.
Managing conduct risk has emerged as a critical challenge for institutions navigating rapidly evolving global regulatory obligations with diverging regional approaches—such as the US focus on front-line supervision and Europe’s emphasis on holistic surveillance. Firms are challenged to establish a delicate balance between robust oversight and operational flexibility. This complexity is compounded by the need to address nuanced behavioural risks, from personal misconduct to systemic failures in oversight.
This panel shared valuable insights into how firms can strengthen their surveillance capabilities while maintaining compliance in a fragmented and fast-changing regulatory environment.
By emphasising forward-looking prediction and integrating behavioural insights, the webinar underscored that addressing conduct risk requires more than technology—it demands collaboration, clear objectives, and a human-centric approach to compliance.
Watch the webinar recording here.
Global Regulatory Developments and Obligations
“Regulatory requirements vary widely,” noted one panelist, emphasising that firms need to understand not just the high-level rules but the underlying principles that shape market integrity. According to another participant, “The difference between European and US approaches is notable. In the US, the emphasis often falls on front-line ‘supervision,’ while European regulators, such as the FCA, expect more holistic ‘surveillance’ capabilities that dig deeper into non-financial misconduct, like bullying or harassment.”
An early audience poll to gauge the current state of preparedness for conduct risk surveillance suggests many firms still have a lot of work to do—36% of respondents having only limited conduct risk surveillance in place and another 7% just get started.
Another participant underscored that local culture and regulatory nuance matter. “In one region, regulators might strictly interpret surveillance obligations; in another, they may rely on principles-based guidance. Firms must define a global baseline, and then local jurisdictions can adjust and tighten that baseline as needed,” noting that “Building a global code of conduct—one flexible enough to incorporate varying local standards—is critical to aligning teams across continents.”
Challenges in Managing Multiple Jurisdictions
“You can’t rely on a one-size-fits-all system,” observed one panelist, reflecting on complexities faced by large organisations. Another participant explained: “A global policy sets the bar, but local procedures must respond to local regulatory priorities. Regional compliance teams add layers of rigour on top of global standards.” The key is governance both at the global and local level to ensure local adaptations align with global policies.
These insights were echoed by another expert who remarked, “The cultural element plays a huge role. A solution acceptable in one market may feel insufficient or excessive in another. You need governance structures that let each region shape surveillance practices without losing consistency.”
Implementing Behavioural Surveillance
A second audience poll asked which area of conduct risk management needs the most improvement with the top vote going to “implementing behaviour-centric surveillance methods” at 46%.
“Traditional rule-based systems, relying on static thresholds and lexicons, often miss subtle forms of misconduct,” stated one panelist whilst another explained, “Conduct risk is multifaceted. We need methods that connect disparate data points across trading, communications, and even personal conduct.” Emphasising the complexity, the panelist noted, “Firms must integrate data from trade surveillance, electronic communications, and voice, to detect patterns and anomalies that point to deeper behavioural issues.”
According to another speaker, “Behavioural surveillance means looking at the intent behind actions, not just the outcomes. Instead of thousands of false positives, we want systems that help us understand whether someone’s behaviour is diverging from their usual baseline. Are they using unusual words or communicating at odd times? That’s where real conduct risk insights emerge.”
Leveraging AI and Machine Learning for Conduct Risk
As the conversation turned to cutting-edge solutions, one expert observed, “AI and machine learning allow us to rank alerts by risk, focusing analysts on the most critical cases.” Another participant cited another practical application, “Machine learning can establish a baseline of trading behaviour and highlight outliers. Suddenly, we’re not buried by thousands of low-value alerts. Instead, we can concentrate on a handful that really matter.”
However, caution prevailed. “We must be specific about what we want AI to solve,” said one panellist. “If you just say, ‘reduce false positives,’ that’s too vague. Instead, identify a particular problem—maybe a certain pattern of suspicious trading—and train the model on that. Govern it properly, cross-check its outputs, and ensure you can explain the results to regulators.”
Data Governance and Model Risk Management
Governance emerged as a central theme. “Good governance of technology is essential,” said a participant. “If your new machine learning models produce a flood of useless alerts, that’s not progress. You need to monitor performance, calibrate parameters, and maintain quality assurance.”
Another panellist added, “Model risk management teams may feel like a hurdle, but their role is crucial. They test for failure states and push for transparency and documentation. This helps ensure that when regulators ask, ‘Why did this model flag that event?’ you can provide a clear, auditable explanation.”
Privacy Considerations and Cultural Factors
Addressing the tension between surveillance and privacy, one participant explained, “It’s essential to separate personal devices and activities from work-related channels. Firms are increasingly restricting business communications to official, monitored devices. Employees must know that work channels are subject to oversight, while personal privacy remains intact.”
According to another expert, “Social media poses a unique challenge. Personal accounts sometimes blur lines. Regulators may still want evidence if personal communication affects professional duties. The best approach is to establish policies that prohibit sensitive discussions off-channel and ensure all work-related activities stay in firm-controlled environments.”
Predictive Elements and Future Outlook
Looking ahead, a panelist noted, “We need to move from backward-looking detection to forward-looking prediction. By analysing emerging patterns, we can identify individuals at risk of misconduct before serious incidents occur.” Another expert highlighted the importance of embedding behavioural insights into training and support: “By understanding who might struggle with conduct issues, firms can offer targeted training and prevent problems rather than just reacting after they happen.”
Key Takeaways
The panellists agreed that addressing conduct risk involves a holistic strategy. As one participant put it, “Start with a global code of conduct, then adapt locally. Use technology not as a magic wand, but as a targeted solution to well-defined problems.” Another panelist advised, “Maintain strong governance, keep the human element in oversight, and ensure your compliance teams have the analytics skills to interpret advanced surveillance outputs.” Ultimately, improved behavioural surveillance and the judicious use of AI and machine learning can empower organisations to detect, prevent, and manage conduct risk effectively.
While the move toward behavioural surveillance and AI-driven tools is well underway, success rests on robust governance, clear objectives, and ongoing collaboration. As one participant succinctly stated, “At the end of the day, it’s about achieving tangible outcomes that reduce risk, meet regulatory obligations, and uphold the integrity of global financial markets.”
See the full webinar recording here.
Subscribe to our newsletter
