I recently visited with Phil Fry, VP Go To Market at Verint. We considered how Verint is changing the future of financial compliance by challenging the accepted wisdom through capture, control, sustainability and oversight. I found this process as useful to think through a wide range and assortment of compliance issues for any compliance field: anticorruption compliance; trade compliance; AML compliance or any other type of compliance. This white paper will detail the Verint process and how it is changing the face of financial services compliance.

Part 1-Challenging Accepted Wisdom

Verint takes a unique approach to financial compliance. Verint does not accept that legacy solutions and methods are good enough for its client’s needs. As well as providing the most advanced capture and automation capabilities available within this space, Verint also partners with best-of-breed RegTech and FinTech organizations to provide customers with flexibility and options. The company’s approach is one of true partnership –open, honest, and share customers objectives, all while working together to achieve them.

I asked Fry to define reactive, active and proactive compliance. He said they refer to the speed of response to compliance issues. He said that “Reactive compliance is the slowest – responding to and addressing compliance problems after they have occurred, analyzing the actions and circumstances in order to both correct the specific instance of non-compliance, and also learn lessons to help prevent reoccurrence in the future.” He contrasted it with active compliance which might be thought of near real-time.

Finally he termed proactive compliance as “Minority Report approach - achieved with tools and processes that focus on identifying conditions in which non-compliances are prone to occur and heading them off with automated tools that enforce communication or disclosure policies – preventing some interactions from happening at all, automatically force feeding disclaimers into conversations or redacting content before it is transmitted and prompting employees with guidance and knowledge content to help them follow established, compliant procedures.”

We then turned to capture, control, sustainability and oversight. Fry said that “capture relates to the extent and scope of regulation, which makes it imperative that businesses record and capture the full range of electronic communication channels used by their employees. We all know how the number of available channels has increased –instant messaging, video calls and desktop sharing for example. And yet the majority of organizations cannot capture much more than traditional voice, dealer board and email communications. If any of their traders are using mobile phones or tools like Cisco UC, those interactions won’t be captured and are therefore automatically in contravention of regulations such as Dodd-Frank and MiFID.” In later podcasts, we will explore how it is possible to capture all of these channels and why this is the minimum standard businesses should be aiming for in today’s regulatory environment.

The increased scope of regulations means that it is becoming increasingly unsustainable to carry out all of the necessary compliance checks using traditional, mainly manual methods or control them. Fry provided the following example, “if your business is placing 50,000 calls per week, then verifying as few as one in ten of the recordings; this in and of itself is already be a huge task. If technology or configuration issues mean that you are unknowingly failing to record just 1% of calls, that is 500 calls a week that are out of compliance. Yet because of the sampling rate, you only have a 0.1% chance of discovering this. Which means that you may have thousands of non-compliant interactions by the time you discover it.”

Fry went on to explain that automation, which is a key part of controlling the environment, can remove problems like this, “as well as spotting other types of compliance violations and stepping in before they occur. We’ll look at these possibilities in more detail. We’ll also look at efficient, accurate transcription of trade related speech recordings, something that’s much harder to achieve than you might think and how to make all this easily identifiable, retrievable and readily available to support speedy responses to enquiries.”

Next was sustainability, which focuses on finding a mechanism to sustain compliant operations in the face of the very many day-to-day challenges that compliance and IT professionals face. It includes:

• Keeping up with fast-moving, multi-jurisdictional regulations and complying with regulatory requests

• Managing and sustaining acceptable levels of compliance and risk while organizations are going through widespread and wide-ranging change and transformation

• Staying on top of the issues and opportunities posed by an ever-widening range of communication streams and recording platforms

• And maintaining system health, inventory and performance

The Verint solution addresses growing need to create a modern operational and systems architecture with proper levels of oversight, while also de-risking the complex projects and migrations that may form a part of those moves.

Fry concluded with oversight, which he intoned is “how it all comes together. The interaction data captured from new recording modes, the management of those recordings and how they are archived and how new tools and approaches can help reduce compliance risk and improve the investigation of interactions and trade-related data.”

Part 2-Capture

We next considered capture. We began with a consideration of why interaction capture is so important and how it is affected by the latest communication technologies. Fry related that the current regulatory environment for financial services and trading are much more comprehensive and stringent than their predecessors. In their drive to control how businesses and individuals behave, regulators typically require that extremely detailed information is captured and stored about every transaction. In fact, in the case of MiFID II, it is necessary to capture data about interaction that was intended to lead to a transaction – even if the final transaction did not take place. What these regulations have done is catch-up with the plethora of communication channels now available to bankers, traders and customers when they communicate with one another.

This is far beyond calls to land lines, but mobile-to-mobile and voice and video conversations using apps like Skype and Cisco. Moreover, it is not simply paper letters and forms or emails, but also data shared using collaboration tools that allow desktop and file-share, integrated with voice and video. Unified communications or UC tools offer all of these modes within a single integrated environment, which offers customers and bankers alike a lot of convenience and options for how they communicate with one another are only some of the latest innovations. These tools also work on mobile devices, giving the option for a single interaction to range across multiple modes – voice, video and text for instance – whether the parties are in an office or on the move. Of course, regulators in the Foreign Corrupt Practices Act (FCPA) space have spoken forcibly about ephemeral communications.

Regulators are demanding that all relevant electronic communications are captured and stored, financial institutions must equip themselves to capture interactions across all of these communication modes – or else face the possibility that they may be breach of applicable regulations. This means you must do so or avoid using UC and restrict themselves to using only those communication channels that their legacy infrastructure can handle, which is obviously not a business option.

Yet Fry believes that it is possible to capture these communications. He stated, as “new capabilities and channels becoming available, so both compliance officers and their suppliers need to be agile to keep pace. Suppliers of trading recording and compliance systems have woken up to the potential for their financial services customers to modernize operations by exploiting these newer technologies and are beginning to build additional interaction capture capabilities into their solutions. Not many such solutions are currently capable of capturing all of the communication modes offered by Skype-for-Business, say, or Cisco UC. But some are, and these are opening up new and effective ways for financial institutions to pursue and transact business.”

We next turned to proactive compliance in the context of capture. Fry observed that “a potential issue affecting the use of unified communications tools, apart from the ability to capture the interactions, is the increased potential for interactions to fall outside established, compliant guidelines – because they have included the communication or sharing of information that should remain confidential; because compulsory disclaimers or policy disclosures have not been communicated; or because the parties involved should not be talking to one another – conflicts of interest or insider trading, for instance.”

He believes that through the use of proactive compliance, it is possible address these weaknesses and so make it possible to utilize UC tools avoiding these pitfalls. He noted that “the latest version of Verint’s Financial Compliance interaction capture system – aside from capturing all of those additional UC communication modes previously mentioned – also allows compliance officers to configure communication policies that the system will enforce within the UC environment.

He provided the following examples:

• Disclaimers and disclosure notices can be automatically force-fed into instant messenger conversations to ensure that the compliance policy is adhered to.
• IM conversations can also be monitored for certain data that should not be shared with the other party and automatically redact it from the conversation, thus proactively preventing a non-compliance from occurring.

Moreover, this approach allows prevention of non-compliant And it can prevent some interactions from taking place at all – identifying that, for instance, a trader should not be in conversation with the firm’s M&A researcher and stopping them connecting a call or IM session.

These additional capabilities can make a big difference to how effective and useful UC tools can be in a financial services organization, because they help to prevent the expanded communication modes resulting in a similarly expanded compliance workload and greater compliance risk.

I then asked Fry how a company could exploit these processes to compliance teams transform their compliance and business operations but use other tools and systems to maintain an integrated compliance landscape. Fry stated that “any business that is implementing new tools will face a period of overlap with the legacy systems they are replacing and none of these capabilities will exist in isolation from the mission-critical systems that support other facets of the organization. Typically there is not a single supplier which can provide every part of the equation, so processes and data will need to be able to flow seamlessly to ensure that all parts of the operation are working with the latest information in a timely fashion.”

The bottom line is effective oversight is critical to compliance officers having a clear view of where problems are occurring and being able to adequately investigate, address and resolve them. Fry conclude “A comprehensive interaction capture solution (such as I described earlier) will yield lots of data about day-to-day activity and operations, patterns and trends that can help prevent and fix compliance issues as well as inform investigations. But as we have just discussed, it does not exist in isolation.”

Part 3-Control

Control in the Verint Process relates to the tools and techniques employed to keep operations compliant “in the moment”. In the tripartite compliance formulation of prevent, detect and remediate, it is (1) preventing non-compliant actions taking place, (2) detecting them when they do so, and (3) taking immediate remedial action when they are uncovered.

This can occur through monitoring, sometimes in real time or near real-time as it’s sometimes referred to. Monitoring can be even periodically, every week or month perhaps; recognizing the further you move away from the moment, the less opportunity there is to stop the non-compliant conduct and remediate. Nevertheless, Fry noted it can become a “learning point” – something to inspire changes to processes so that we avoid a reoccurrence in the future.” Clearly the optimal approach is for a compliance regime to operate proactively so that it can spot situations where compliance breaches are in danger of occurring and step in to prevent it.

I asked Fry if he could provide some examples of the foregoing. He discussed “taking a cohesive approach to validating the collection and quality of the interaction data that is gathered during the capture phase of your compliance measures such as call recording.” Due to the communication channels and technology in use today whichever is expanding and recording or capturing interactions can get complex. It is not at all unusual for elements of this technology eco-system – sometimes software, sometimes devices – to stop working as intended - but because it’s largely working silently behind the scenes, it often goes unnoticed. The first you know about it is when you need to collect all the recordings for a regulatory review and discover that a trader’s turret had not been reliably recorded for the last 3 months and that included the period of the transactions under investigation. That is not a good thing to be trying to explain to the regulator.”

To counter this possibility many organizations, carry out daily checks to see that recording platforms and physical devices – like handsets and Dealerboards – are working correctly. But this is hugely resource-intensive and time-consuming. And despite that, it probably still doesn’t give you assurance that everything is under in control, because you don’t have the manpower to check 100% of the infrastructure, 100% of the time.

If that task were handed over to an automated validation tool, you could run comprehensive “start-of-day” tests, every day and know whether everything is working properly, rather than guessing or hoping based on a partial sample. If there is a problem, you can take the action needed to put it right or circumvent it before business is transacted in a non-compliant fashion. The increase in efficiency and levels of assurance that result is a huge benefit for the organization as a whole and allows the compliance team to spend their time on more complex tasks that demand their special skills.

Applying these concepts across an ever-changing and evolving environment is obviously a challenge. To achieve this, Fry believes “it is vital to adopt open standards when creating these capabilities. There will always be a mixed bag of solutions at play for these compliance requirements, not to mention the systems in the back-office. It’s only by embracing an open approach that we can help these various systems to co-exist and inter-work with each other. The view of some suppliers that all you need is an all-in-one proprietary solution; doesn’t work in the fluid environment we now find ourselves in.”

The onboarding process in HR is critical to any organization but it is equally important to control in the compliance environment. It is possible to automate that process to provide confidence that no-one is left out from control, that new starters or those changing roles are monitored and recorded in accordance with your policy from Day 1. Finally, the way in which these “Ethical Wall” features operate, to prevent non-compliant exchanges or to intercede and ensure that appropriate policies are followed, is another great example of how the technology can be used to provide greater control.

Part 4-Sustainability

Sustainability in this compliance context does not mean going green, an ESG initiative or something else along those lines. Rather this is managing constant change and moving your compliance organization; its resources, technology, practices, procedures, data, skills etc. to a place where they run effectively and efficiently, without undue drama, all the while as compliance risks are minimized.

Here Fry related “I’m well aware that many compliance officers will be listening to this and thinking “Yeah! That’ll never happen…” and in some respects they may be right. I don’t think there is currently a perfect, all-encompassing way of dealing with all of the many facets of managing compliance and the underlying technology, that will never suffer occasional blips, or be caught out by an unusual set of circumstances or unexpected regulatory or business change. But it’s worth thinking about how it is possible to move away from an environment in which compliance teams are constantly “fire-fighting” or struggling to keep pace with the workload.”

If there is one thing that is constant across the regulatory, business and compliance landscape, it is change. This means sustainability from the compliance perspective is not about transforming one thing, at any one time. I asked Fry to consider technology. He admitted, “I spend my time looking at the technologies employed in compliance and imagining how things might look if we can be bold about future possibilities and exploit the best that is on offer. Partly to set the backdrop for our march forward, but also to make sure that we can plot an attainable route from where we are to where we want to be.”

Indeed, it by such an introspection that you can consider the way forward. This is not a Back to the Future view but it is a company’s data where its real value is; are not going to disappear overnight, even if new ones are in place and operating smoothly. For Fry, when he is thinking about sustainability, it is about “how we make that transition – from current to future state – in a way that is as smooth and un-disruptive as possible.”

A key is facilitating the retention and migration of data in a way that does not compromise its usability or usefulness but allows a corporation to move forward more expeditiously. Fry believes “one of the biggest barriers to embracing new, better ways of working has been the desire, the need, to preserve access and use of data gathered over long periods and stored in existing solutions’ databases. So I’m a huge proponent of adopting open standards and ensuring that the new capabilities we create are equipped with a rich library of open APIs and tools that will allow them to inter-work with external systems and to use and exploit data that has been gathered and stored in legacy systems.”

Compliance teams should look for this approach because it is difficult to know the next business environment that becomes high risk due to regime change. Moreover, in many areas of compliance, in both financial regulation and others such as export control and trade sanction, regulations are changing literally on a daily basis. Being able to move data and process steps around, using open interfaces, can help you insulate your business against some of that uncertainty and more importantly regulatory or reputational risk.

Financial services is a fast-moving, dynamic and ever-volatile world. The only thing we can guarantee about the future is that everything will change. So, achieving sustainability also hinges on the capability to cope with those changes and developments, without them causing undue disruption. Moreover, disruption can be caused by simple, workaday things like the constant flow of additions and amends that happen to staffing rosters. This is about more than issuing new user IDs or cancelling obsolete ones because it affects your recording and interaction capture, the configuration and application of communication and trading policies, and how they’re monitored and policed. Managing these changes, and too often the fallout of them being missed and NOT applied when needed, creates a significant burden – and an area of compliance risk.

The same goes for verifying the operation of the infrastructure, which will always be a complex blend of technologies and solutions. Fry related that it “has multiple points of potential failure – recording platforms, databases, physical devices such as Dealerboards and computers, etc. Physically walking-the floor to check the operation of these components is not only time-consuming, it’s fraught with risk. These are areas where some of the latest automation solutions have a lot to offer. Variability is the enemy of compliance, and automation excels at carrying out high-volume, repetitive tasks with absolute accuracy and consistency.”

Fry concluded by discussing the importance of culture. While the Justice Department has made clear its views on the importance of culture in the Evaluation of Corporate Compliance Programs, 2019 Guidance, Fry considered it from the in-house compliance perspective. He said, “Plenty of experts and commentators have commented that digital transformation is as much, if not more, about transforming the organization’s culture as it is about the technology you introduce. And this is an important facet for financial services businesses too. Understandably they are likely to err on the side of caution, because they fear that too large a step away from the status quo, may increase their risk of being caught out. Throwing more resources at the problem has been a common response to the increasing regulatory burden, but it’s not sustainable (that word again) in the long term.” He ended by stating “we need to work at getting all stakeholders – not just the compliance team – on-side to the notion of taking a series of radical-looking steps forward.”

Part 5-Oversight

Oversight in the Verint process is not the traditional compliance definition of ongoing monitoring or auditing but rather how to bring together data and analyses from across an organization. Companies have mountains of information available to them, there are two key problems that continually bedevil the compliance professional. First is that the data is siloed and therefore inaccessible but equally importantly it is useless without understanding. Part of the later problems that that the compliance function is largely populated by lawyers who have no professional training regarding transactional data.

However, it is also a problem of exercising proper compliance control. That is, your is dependent ability to see the whole picture, to review data gathered from a variety of disparate sources. Fry stated this is a discussion “about how we gather, combine and analyze that information, created by various operational systems, in order to enhance the ability to keep the operation running smoothly, to identify and address potential issues early on and respond to compliance requirements effectively. To do this we need to link data from the communications platforms into the trade and market information.”

Ideally such a protocol allows you to adopt a more proactive approach. Prevention is always the goal rather than simply detection and then remediation. However, to do so, Fry believes one must “not only have to consider the data but understand the intent and the exact conditions when that data was created.” Here the visualization of the data is as important as the data itself. There has been a huge focus over the last few years around dashboarding, to the point that we are saturated with charts and graphs that no one has the time to review. He believes the “delivery of truly focused Business Intelligence is critical to success and has a vital role to play in providing real insights.”

While this might not appear easy, it can be a straight-forward exercise. Fry believes, “the key is the ability to cut through all the noise created by the mountains of data, and home-in on areas of concern, of potential or real non-compliance, that require attention.” This requires a consolidate operational data from a variety of sources and analyzing it within a framework that understands the data, can classify it appropriately and identify anomalies or red flags. That way it can then guide compliance teams to the specific activities, transactions or individuals that give cause for concern. Fry did caution that “given the sometimes highly technical nature of conversations about financial transactions, merely capturing or integrating into a regular recording is not enough anymore. The fact that voice conversations are inherently unstructured, carried out over two handsets at the same time, often in a noisy environment and include multiple languages can provide a real challenge.”

It can be particularly challenging in the financial trading environment, where such systems are built to handle the structured data found in the trade, order management systems and written communications, and these are used to good effect. Yet the insights they provide might take on a different complexion if looked at alongside the unstructured voice communications. This means that understanding the intent within voice data is key to preventing analysis tools creating a plethora of false positives that create additional work rather than efficiency. Better oversight comes from being able to quickly and intuitively see where these differing factors cross paths, affect one another, or reveal a truth that is not immediately apparent from the individual data.

By bringing together key operational and performance data into a single framework, one can verify operations and build queries and analyses that augment the value of the information, offer truly actionable intelligence and enhance control.

We concluded by considering speech analytics which is not widely utilized as the other technology but is still evolving. Fry said that, “it’s a sophisticated task to be able to automatically recognize where the significant information crops up during a conversation, and to mark and tag it so that it can be found again, viewed and analyzed. When a conversation consists of words and phrases that have little or no meaning in everyday conversation, it’s doubly difficult. Mainstream speech analytics tools typically only recognize, transcribe and tag “standard conversations”, they were not designed or built with trading in mind.”

What is required is technology that not only creates much higher quality recordings, making transcription of the language more accurate, but can also be programed to recognize the “tribal language” used in financial services and even within a specific company or group of traders. Obviously the same is true for any other industry where certain buzz words are used to describe bribery and corruption, trade sanction evasions or money-laundering conversations. Fry believes that “ Once you are able to produce these highly accurate transcripts and tagging, speech analytics can take a whole new place in the oversight regime. Conversations, interactions and trades can be analyzed for the inclusion of key words and phrases, however obscure and these insights can illuminate the investigation and reconstruction of trades, together with other data from other sources.” The final step is to pull all this data together but when you do so, it starts to become much easier to identify anomalies or patterns that have a compliance implication and know precisely where to start in order to put them right.

The bottom line is the Verint process and the Verint tools allow a more comprehensive and robust oversight of financial services. But more importantly, with the information and data generated from this process of capture, control, sustainability and oversight, your company will be able to improve its overall business process and at the end of the day, be more profitable. When a compliance solution, which more than fully meets the regulatory mandates, leads to greater business efficiency, it turns compliance into a profit center.