About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Simplifying Compliance Tracking with User Behaviour Analytics

Subscribe to our newsletter

By James Wooster, COO, Glue42.

Spending IT budget on compliance solutions is never satisfying. While the impact of fines is easy to measure, the uncertainty of the risk means that other business cases always look more attractive. The scope of MiFID II and CAT compliance has placed additional burdens on financial institutions as both require data capture at the point of interaction. This demands knowledge of the sequence of transactions and an appreciation of the user behaviours that led to a moment of interest. Unfortunately, traditional approaches track the results of user behaviour, not the users’ behaviour itself.

The bad news for IT departments is that the complexity of the desktop environment and the multitude of in-house and third-party applications makes it incredibly difficult to identify anomalous user journeys. Applications are written in different technologies and are often unaware of the existence of others. Worse still, at the backend, the breadcrumb trail of transactions is dispersed across many different silos (e.g. databases, log files, audit files etc) and often with little in the way of a common identity to help match the interactions in one system with those from another. Not surprisingly, compliance requirements often lead to the creation of complex integration programmes which compete with critical machine resources while at the same time never offering any business value until a problem arises.

Enter User Behaviour Analytics (UBA). This is an approach based upon process mining techniques where the front-end applications are instrumented in converting user gestures into specific events that record what a user has done (or not done). For example, opening an application, viewing the content of a report, interacting via a softphone application, looking for specific market data, bringing an application into view are in themselves uninteresting – but thanks to UBA those actions can be viewed in context and can offer an insight into the users’ intentions. Better still, comparing patterns of application usage between users performing similar functions allows baselines to be developed from which missed process steps or errant behaviour can be quickly identified. The key point to remember is that not all users’ interactions have a corresponding bread-crumb at the backend. Scrolling through a dataset, bringing an application into view, copy/pasting data between an enterprise application and an email are things for which a data-centre solution is simply blind to.

In addition to passive monitoring, UBA can also be used to trigger actions. For example, taking a silent screenshot before, during and after a trade is executed or raising an alert if the appropriate data sources are not consulted prior to offering a customer some advice.

Like all compliance regimes, there are clearly data privacy concerns and the big-brother accusation is never far away. While these are issues for the individual firms to manage and communicate, the best UBA platforms offer the ability for this level of tracking to be switched on or off for specific users or departments at the flick of a switch. This allows targeted analysis to occur where there is strong justification or suspicion.

Interestingly, there are many reasons why keeping UBA switched-on outside of a compliance scenario is a good thing. For example, being able to compare the behaviours of a rock-star trader with a new-hire can reveal opportunities for further training. Spotting repeated copy/paste activities between applications may highlight the need for application integration to reduce the handling time and remove the opportunity for errors. Constantly restarting an application is indicative of application failure.

The UBA approach is being adopted by tier-one banks and hedge-funds around the world. Sometimes this is coupled with the adoption of interop platforms, where web-apps and desktop applications of any type are integrated together to simplify the user-journey and improve business outcomes. Indeed, the market leading interop platforms have this capability built-in as the insight gained through UBA can help build business cases for future digital transformation and use of the interop capabilities.

UBA is therefore a way of delivering leading-edge compliance solutions whilst at the same time delivering business benefits, operational advantages to all end-users. IT departments should also keep a watching brief on the use of machine learning techniques to spot new attack vectors and opportunities for assisted guidance to help the end-user and client.

Maybe spending IT budget on compliance just got slightly easier?

Subscribe to our newsletter

Related content

WEBINAR

Upcoming Webinar: Best practices for compliance with EU Market Abuse Regulation

Date: 18 June 2024 Time: 10:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes EU Market Abuse Regulation (MAR) came into force in July 2016, rescinding the previous Market Abuse Directive and replacing it with a significantly extended scope of regulatory obligations. Eight years later, and amid constant change in capital markets regulation,...

BLOG

Ex-BoFE Haldane’s Headache Amplifies Banking’s PEPplexity

By Rory Doyle, Head of Financial Crime Policy at Fenergo. Just when you thought the drama was over after the Nigel Farage-Coutts saga, along comes another high-profile figure to re-shine a spotlight on a problem that refuses to disappear. Andy Haldane, a former bigwig at the Bank of England, is the latest to be denied a...

EVENT

AI in Capital Markets Summit London

The AI in Capital Markets Summit will explore current and emerging trends in AI, the potential of Generative AI and LLMs and how AI can be applied for efficiencies and business value across a number of use cases, in the front and back office of financial institutions. The agenda will explore the risks and challenges of adopting AI and the foundational technologies and data management capabilities that underpin successful deployment.

GUIDE

Managing Valuations Data for Optimal Risk Management

The US corporate actions market has long been characterised as paper-based and manually intensive, but it seems that much progress is being made of late to tackle the lack of automation due to the introduction of four little letters: XBRL. According to a survey by the American Institute of Certified Public Accountants (AICPA) and standards...