By Robert Houghton, Founder, CTO and Technical Evangelist at Insightful Technology.
The elephant in the room whenever a discussion turns to risk-based surveillance is the fact that many Compliance Officers do not have complete confidence in their data. There are currently no parameters from the regulators of the financial sector to permit risk-based surveillance, yet still the approach is carrying favour with many Compliance Officers.
If this is a course you are considering for your organisation, ask yourself this one question: Should the regulator comes knocking, how will you demonstrate that the outcomes of your risk-based assessments have merit?
The risk-based approach has gathered momentum. However, can pure analysis of e-comms provide a data model that is sufficient to conduct an effective risk-based methodology? Whilst a risk-based approach to measuring a decision process has merit, have organisations considered extending the model to include other data sources?
This leads us on to the misleading narrative that has emerged surrounding the viability of holistic surveillance. Whether financial institutions have successfully built the right models to do holistic surveillance is a different matter! However, debating the different approaches to eComms surveillance distracts from the underlying issue that truly needs to be addressed, and that is how to solve the data quality problem. Get this right and whatever model for surveillance you then choose to implement in the future will be based on a sound and reliable footing.
Like it or not, it needs to begin by addressing who is actually responsible for the delivered surveillance functions. IT are responsible for delivering the infrastructure and supporting the chosen solution and compliance are looking for a solution that meets their needs. Neither party are proven data scientists, who can fully analyse and understand the data and data flows, the links between disparate sources of data and create a single clean data set. I believe that this forms the single biggest hurdle for the market to achieve cost effective automated compliance through machine learning, AI and risk-based surveillance models.
I am not opposed to risk-based eComms surveillance, or indeed any approach a financial institution deems right for their circumstances. Applying a risk profile to the surveillance objects, as a ranking tool, can make good sense. However, it would be remiss for me as a vendor that is well entrenched within financial institutions around the world, to not issue a note of caution as this trend gathers momentum.
Should banks come to the decision that a risk-based approach is right for them, it is our responsibility as a technology vendor, to work together with them and other consultancies to navigate a path that keeps them on the right side of the regulator. Openness with the regulator is essential and it is imperative that they are kept well informed regarding the guidelines, processes and reporting that will be implemented.
Tackling the seemingly larger data challenge may seem insurmountable, but the rewards to be reaped are immense and not only in relation to removing compliance and regulatory related headaches. Regulatory compliance is to a large extent about honesty and transparency, whether within an organisation or with the regulators. As such there is a need for some introspection to look at the root cause of the problem that faces compliance teams every day. In doing so, we transform the function and perception of the compliance department, from a cost centre to a value-driven asset, not only safeguarding the organisation, but delivering additional insight-driven value throughout it.