About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Simplifying Compliance Tracking with User Behaviour Analytics

Subscribe to our newsletter

By James Wooster, COO, Glue42.

Spending IT budget on compliance solutions is never satisfying. While the impact of fines is easy to measure, the uncertainty of the risk means that other business cases always look more attractive. The scope of MiFID II and CAT compliance has placed additional burdens on financial institutions as both require data capture at the point of interaction. This demands knowledge of the sequence of transactions and an appreciation of the user behaviours that led to a moment of interest. Unfortunately, traditional approaches track the results of user behaviour, not the users’ behaviour itself.

The bad news for IT departments is that the complexity of the desktop environment and the multitude of in-house and third-party applications makes it incredibly difficult to identify anomalous user journeys. Applications are written in different technologies and are often unaware of the existence of others. Worse still, at the backend, the breadcrumb trail of transactions is dispersed across many different silos (e.g. databases, log files, audit files etc) and often with little in the way of a common identity to help match the interactions in one system with those from another. Not surprisingly, compliance requirements often lead to the creation of complex integration programmes which compete with critical machine resources while at the same time never offering any business value until a problem arises.

Enter User Behaviour Analytics (UBA). This is an approach based upon process mining techniques where the front-end applications are instrumented in converting user gestures into specific events that record what a user has done (or not done). For example, opening an application, viewing the content of a report, interacting via a softphone application, looking for specific market data, bringing an application into view are in themselves uninteresting – but thanks to UBA those actions can be viewed in context and can offer an insight into the users’ intentions. Better still, comparing patterns of application usage between users performing similar functions allows baselines to be developed from which missed process steps or errant behaviour can be quickly identified. The key point to remember is that not all users’ interactions have a corresponding bread-crumb at the backend. Scrolling through a dataset, bringing an application into view, copy/pasting data between an enterprise application and an email are things for which a data-centre solution is simply blind to.

In addition to passive monitoring, UBA can also be used to trigger actions. For example, taking a silent screenshot before, during and after a trade is executed or raising an alert if the appropriate data sources are not consulted prior to offering a customer some advice.

Like all compliance regimes, there are clearly data privacy concerns and the big-brother accusation is never far away. While these are issues for the individual firms to manage and communicate, the best UBA platforms offer the ability for this level of tracking to be switched on or off for specific users or departments at the flick of a switch. This allows targeted analysis to occur where there is strong justification or suspicion.

Interestingly, there are many reasons why keeping UBA switched-on outside of a compliance scenario is a good thing. For example, being able to compare the behaviours of a rock-star trader with a new-hire can reveal opportunities for further training. Spotting repeated copy/paste activities between applications may highlight the need for application integration to reduce the handling time and remove the opportunity for errors. Constantly restarting an application is indicative of application failure.

The UBA approach is being adopted by tier-one banks and hedge-funds around the world. Sometimes this is coupled with the adoption of interop platforms, where web-apps and desktop applications of any type are integrated together to simplify the user-journey and improve business outcomes. Indeed, the market leading interop platforms have this capability built-in as the insight gained through UBA can help build business cases for future digital transformation and use of the interop capabilities.

UBA is therefore a way of delivering leading-edge compliance solutions whilst at the same time delivering business benefits, operational advantages to all end-users. IT departments should also keep a watching brief on the use of machine learning techniques to spot new attack vectors and opportunities for assisted guidance to help the end-user and client.

Maybe spending IT budget on compliance just got slightly easier?

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: Best practices for compliance with EU Market Abuse Regulation

EU Market Abuse Regulation (MAR) came into force in July 2016, rescinding the previous Market Abuse Directive and replacing it with a significantly extended scope of regulatory obligations. Eight years later, and amid constant change in capital markets regulation, technology and culture, financial institutions continue to struggle to stay on the right side of the...

BLOG

Saifr Sponsored Webinar Targets Effective Due Diligence for Financial Crime Risk

In a world where regulations shift as rapidly as the tactics of those who seek to undermine them, staying still is not an option. This reality check and its implications was the focal point of a recent RegTech Insight webinar hosted by A-Team Group and sponsored by Saifr that brought together a panel of industry...

EVENT

RegTech Summit New York

Now in its 9th year, the RegTech Summit in New York will bring together the RegTech ecosystem to explore how the North American capital markets financial industry can leverage technology to drive innovation, cut costs and support regulatory change.

GUIDE

Regulatory Data Handbook 2024 – Twelfth Edition

Welcome to the twelfth edition of A-Team Group’s Regulatory Data Handbook, a unique and useful guide to capital markets regulation, regulatory change and the data and data management requirements of compliance. The handbook covers regulation in Europe, the UK, US and Asia-Pacific. This edition of the handbook includes a detailed review of acts, plans and...