At the jam-packed RegTech Summit London held in St Paul’s last week, Paul Liesching, global head of financial markets at Truphone, gave the room a whistle-stop tour of the current key challenges for electronic communication in terms of trade surveillance – and how to fix them.
With technology becoming ever more ‘consumerised’ the tools of communication are becoming cheaper – and it is becoming harder to separate business use from consumer applications. The Facebook-owned Whatsapp, for example, has over 1.8 billion users – it’s free, it’s powerful, and everyone uses it. But how do you monitor that use when your regulatory compliance depends on it?
“It’s all about the asymmetry of knowledge. If I know more than you and I can communicate that knowledge faster, I will make more money,” pointed out Liesching. “The impact of this means that market participants are forced to use the most efficient tools to keep up – and those are often consumer tools. At the end of the day it’s all about making more money – but it means they are taking on more compliance risk.”
A survey conducted by Truphone and Verint of financial services clients on instant messaging recording found that 77% would like Whatsapp messages to be recorded – compared to 34% for WeChat and 17% for LINE. Yet when asked what measures they had in place to comply with mobile recording regulations, as per MiFID II, 41% of firms noted that they were either managing by policy, or doing nothing. “That’s a very loose approach,” warned Leisching. “It won’t fly forever.”
The problem is that buying business phones for all your employees has become very expensive – especially ones that they actually want to use. “New joiners to the industry have a high expectation of highly functional mobile and communication tools,” noted Liesching. “If you don’t provide them, in some instances they won’t even join your firm. It is becoming a competitive edge.”
So what’s the answer? Potentially, a solution could be to put your own functionality on your employee’s personal device (BYOD – bring your own device) – which is far cheaper and removes the requirement for two phones. According to the Truphone survey 41% of firms are now looking at BYOD. But inevitably, this creates additional risks around monitoring and control.
“Consumerisation of IT is happening. But compliance is also increasing. It’s a competitive market given the freeflow, ubiquity and ease of information transfer,” said Liesching. “But ignorance is no longer bliss. Non-compliance incurs high fines.”
The paradox is that while too much restriction stagnates growth, too much freedom creates too much risk, which is costly and dangerous. The holy grail is ‘controlled freedom’ that encourages compliance.
“You need to understand what regulations there are, what controls they imply, and what your users are actually doing – is that something you want to encourage and control, or actively stop?” explained Liesching. “It is not enough just to write a policy paper and put it on a shelf – you have to actively drive that policy.
“If we get it right, we make money – and so do our customers. So engaging with the vendor community is key.”
Going forward, Truphone believes that in five years time, firms will be empowering employees to buy their own mobile phones, then installing tools on them to control business related communication and information. With the advent of 5G, these tools are also expected to be dramatically more effective. But issues remain – such as the recording of Whatsapp messages – currently not allowed, due to encryption, and the separation of personal and business accounts on the same phone.
“Right now, the priority is to put compliance communication tools on our consumer devices,” stressed Liesching. “That’s the end-goal, and there is no doubt that in terms of communications surveillance, that is the direction in which we are all headed.”