As Communication Channels Proliferate, Ensuring Compliance Is Becoming More Difficult, Writes Larry Tabb, CEO of TABB Group CHATROOMS

Loose talk costs money As communication channels proliferate, ensuring compliance is becoming more difficult, writes Larry Tabb, CEO of TABB Group CHATROOMS

hile talk may be cheap, chat certainly Broker-to-client communications have historically isn’t. Multiparty chatrooms have been in the compliance spotlight. As long as there cost large banks billions of dollars. have been incentives, retail brokers have had the The chat compliance challenge has tendency to downplay investment risk, use high become so great that it is now pressure sales tactics and sell products that may not Wthreatening the way that banks communicate, both have been suitable for investors’ risk tolerance. When internally and externally. these investments don’t perform as pitched, firms can Regulators have alleged that banks leverage wind up in litigation or arbitration. To combat this, chatrooms to conspire both to manipulate pricing to the US Financial Industry Regulatory Authority clients and to sway the benchmarks, allowing dealers (Finra) developed rules around broker to profit handsomely. Chatrooms called “The Bandits communications. In essence, all written Club”, “The Dream Team” and “The Cartel” have communications to retail investors need to be become the centre of attention in the enforcement compliance-checked. As traditional communications actions surrounding the alleged manipulation of evolved into email and instant messaging, firms various benchmarks and pricing mechanisms. increasingly adopted compliance software to monitor While banks, especially US retail brokers, have used electronic communications and communications bilateral email surveillance tools for more than a channels. decade, the implementation of surveillance around Electronic compliance software looks for outgoing multiparty chat, internal communications and multi- messages that break either specific compliance and/or dealer communications has been less rigorous. human resource policies. This software tends to be

Spring 2014 27 Two people same firm Corporate communications channel

Authentication Surveillance Compliance

Multi-party same firm Inside corporate communications

Authentication Surveillance Compliance

Two people different firms Corporate communications channel

CRM Surveillance Compliance Multi-party same firm Inside corporate communications

CRM Surveillance Compliance

Multi-party same firm Multi-party different firms Outside corporate communication channels Outside corporate communication channels

Multiparty CHAT Authentication Surveillance Compliance Authentication Surveillance Compliance CHATROOMS

either keyword or context-sensitive. Keyword-sensitive capture an increasing number of webmail, instant technologies scan for just that, keywords. This messenger, BBM, Bloomberg, Facebook, LinkedIn technology works well when scanning for profane and Twitter handles. language, off-colour jokes and simple ‘red flag’ words. Just tracking and mapping communicators and The problem with keyword search develops when channels can become a very challenging endeavour, as communicators know that they are being monitored creating a new email, IM or social media ID can be and can realign their language. Words such as ‘low done virtually instantaneously. To develop consistent risk’ can be switched to ‘high performing’ and ‘can’t and accurate surveillance is virtually impossible fail’ can be swapped for ‘highly successful’. unless a firm completely controls the communications As firms get smarter about language choice, channel, such as internal email, works with compliance areas become more aggressive at technology/channel partners to control access, or increasing the number of scanned words. But completely blocks access to these communications aggressive scanning leads to other problems, namely channels via internal systems. an overabundance of false positives, messages that are While blocking various channels may be the easiest trapped by compliance software that should really be answer, blocking may not be possible, or even ignored. So if ‘low risk’ is a catchword, worthwhile. Increasingly, client-facing staff need to communications software may flag more acceptable communicate via the channel that aligns with their messages talking about low risk diets, or low risk clients’ workflow. If the client likes to receive trading hedging strategies. ideas via an IM platform, blocking access to that The larger the institution, the larger the false channel may be the difference between soliciting an positive issue can be as the number of electronic order or not. An enterprise communications channel messages exponentially expands. While manually policy is wonderful; however, many firms will keep analysing dozens of false positive messages is certainly that boundary until it impacts their bottom line. Blocking specific communications can also be problematic. As computer- driven communications dissolve Information is increasingly being into mobile channels, and distributed first via social media many firms have a bring-your- own-device policy, it becomes difficult to manage, track and monitor all channels over all possible for a compliance team, as the number of false devices. And again, cutting off communications positives becomes thousands or millions a day, channels can cut off your staff. Just a few years ago manually reading each email or message becomes chat was just a bilateral channel; however, as bilateral increasingly burdensome to the point of being almost dissolves into multilateral social media channels such impossible. as Facebook, Twitter and LinkedIn, blocking these To reduce false positives and capture a greater channels means cutting off critical information number of those crafting their language to bypass channels needed to gather news and insight. keyword search, a few firms have focused on Information is increasingly being distributed first developing context-sensitive scanning technology. via social media before the traditional media has the Context-sensitive scanning technologies build opportunity to analyse, vet, write and publish. In an semantic libraries that better understand the environment where being first to react to contextual relationship of words. A context-sensitive information and news can so directly be tied to search should flag a message discussing low risk profit, blocking communications channels, no investment strategies while bypassing messages about matter what the type or mode, can have a significant low risk diets. The challenge with context-sensitive business impact. search technology is that it is more complex, difficult The increasingly mobile and socially networked to implement and expensive to manage, as new workforce adds to the complexity of supporting new patterns need to be continuously developed and media language usage. Many platforms understand trained. Poorly trained or inappropriately integrated native languages, and some even dialects, new technologies can create their own share of false communications channels have increasingly spurred positives and missed breaches. a new set of abbreviations, language shorthands, As electronic channels proliferate, messaging gifs and emoticons. While a traditional surveillance profiles expand and bilateral communications platform may be able to understand “are you transcend into multiparty chat, the surveillance bidding up the price of the 8/15/23 Treasury complexities multiply. The more communications Notes?” would it be able to as easily understand “ru channels there are, and the wider the target audience, bidding 23s?” not only does the number of scanned channels need Compounding this complexity is the addition of to expand, but the number of identities requiring more players to the traditional one-on-one monitoring across channels grows. While a traditional conversation. While my firm knows me, and it client’s email and possibly Bloomberg ID may be should know my clients, does it know all of the listed in the firm’s CRM system, the client’s AOL, nuances of all of the players in the industry, and how Yahoo!, Gmail, or MSN IDs may not be, and as email these players should or should not communicate? transitions to IM and social media, firms need to Knowing and codifying roles, functions and conduct

Spring 2014 29 TALKINGCHATROOMS BUSINESS

capabilities. A firm cannot begin an accurate compliance and supervisory regime without knowing who its employees are, their functional roles, their authorisation levels and where they fit in the organisation structure. Firms also need to track compliance-sensitive projects and tasks that may require two parties who normally would communicate, to have their electronic communications channels blocked. Second, the directory of communications partners needs to be expanded beyond the internal stakeholders to clients, and to a certain extent all connected parties and channels. Firms not only need to trace email IDs but also secondary and tertiary channel identifiers as well as the communications channels they are linked to. These channels must also

standards is a Herculean task. While it is important for front and back office staff to Chatrooms called “The Bandits Club”, communicate to resolve operational errors, these “The Dream Team” and “The Cartel” players should not be have become the centre of attention communicating to circumvent controls or defraud clients, firms or other market participants. Traders, analysts and bankers may be be forced, or engaged, to provide a surveillance link allowed to communicate on publicly announced for compliance officers to grab, scan, check and deals; but what about the communication of pre examine communications. released information? Discussing pre released Finally, the dictionary of words, language and information between members of a deal team is symbols needs to be expanded to incorporate not only certainly fine, but what about the person sitting next a wider set of languages but an increasing array of to the team member? Is he or she an approved abbreviations, symbols and what seems to be a supervisor, or just an uninvited gawker and possible modern set of hieroglyphics the world uses to compliance challenge? communicate efficiently. As we add communications channels, multiple This is not an easy ask. The lift is hard, the parties and different symbol sets, keeping track of technology challenging and just as a firm has who is saying what to whom and deciphering the embraced one communications channel, or mobile context and meaning of communications is getting app, someone develops a new channel, a new network harder. The complexity expands exponentially. or a new language that beguiles both compliance and technologists alike. So what is a firm to do? So while talk may be cheap, the written word, no Sticking one’s head in the sand is clearly not the matter what channel, language or mobile device it is cheap solution anymore and neither is an all-or- written on, and no matter who it is communicated to, nothing solution. A waiver-driven programme leaving is expensive and getting more so. As fines increase in compliance up to the employee may not hold up in both value and number, firms need to find a solution court, while completely locking down all not only to stopping retail brokers from huckstering communications channels may not provide the but more important, to stop institutional-facing flexibility for the firm to do business in the mobile members from communications behaviours that can and internet age. result in billion-dollar fines. This will not be easy. The first level of defence needs to be an Besides the compliance challenge, as long as there are understanding of the channels and parties new channels, new technologies and new symbologies communicating. Firms need a strong employee that can be employed, firms will be one step (or more governance and provisioning platform that has likely many steps) behind the most nefarious actors. accurate employee, role, level and authorisation But try firms must, and invest firms will.

30 Spring 2014