Last week, Custodia led an expert panel on financial compliance at the Verint Engage event, the discussion focused on challenges facing our clients, in finance, as regards communication recording.
The pandemic has dramatically altered the way people live and how they work, but above all, it has accelerated the pace of digital transformation and the adoption of technology. Regulators will continue to focus on pushing their operational mission to protect the integrity of financial markets, alongside their strategic objective to ensure securities markets work well for consumers, and remain an attractive source of funding – through taping and record-keeping obligations.
What does an effective compliance approach look like in a hybrid working environment? Compliance officers were expected to adapt their communication recording function to monitor activity effectively and holistically across all old and new channels, without encroaching on data privacy. As regulatory requirements increase in complexity globally, third-party compliance technology providers are able to implement robust taping and record-keeping infrastructure to comply.
Custodia’s technological services will continue to address the new compliance risks associated with hybrid working arrangements, the need to maintain operational continuity and protecting reputation in a highly volatile market landscape, as well as satisfying clients’ expectations for more digital communication solutions.
Market participants should assess the market abuse risks that may arise in their business including in the context of new working conditions. They should consider whether any systems and controls they have put in place continue to mitigate effectively the identified risks. Remote working solutions such as MS Teams, recorded and monitored by Custodia, are now omnipresent. Enforced home working and continuous lockdowns forced firms to implement and use new communication channels to maintain business continuity.
Segue into a digital financial journey In recent years, the financial services landscape had already experienced rapid technological change. Digital transformation is accelerated. It is an opportunity for businesses to position themselves within the digital economy. Data storage is trending away from the traditional on-premises environment towards cloud environments.
In the coming years, C-suite leaders will strategically initiate and progress the transition from legacy application data to the cloud, to maintain security, regulatory compliance, legal defensibility, and ensure scalability. In the Pulse report entitled ‘the future of legacy application data and the cloud’, executives that were asked why they were looking to move their legacy data off-premises and to the cloud, 46% cited regulatory compliance, such as communication recording and record-keeping, as the top reason.
The reality is, as industry regulations increase, following Brexit and hybrid working conditions, compliance is becoming costlier to maintain. Financial services are now using cloud-based communications recording solutions, such as Custodia CC1, that make compliance archiving and storing easier and cheaper. Corporate communications are stored securely in an offsite storage system, yet still easily accessible by compliance officers. An organisation is able to meet regulatory compliance requirements mandated by the SEC, FINRA, and the European, and National competent authorities.
Should your compliance efforts focus on mobile recording? In October 2021, Gurbir S. Grewal, Director of the Division of Enforcement at the U.S. SEC, warned that companies “need to be actively thinking about and addressing the many compliance issues raised by the increased use of personal devices, new communications channels, and other technological developments like ephemeral apps.” In the most recent action – with by far the highest penalties we’ve seen to date – JP Morgan agreed to pay a combined $200 million penalty to the U.S. SEC and U.S. CFTC based on record-making and record-keeping violations. Specifically, on December 17, 2021, the U.S. SEC issued a settled cease-and-desist order against J.P. Morgan Securities LLC – a broker-dealer subsidiary of JP Morgan Case &Co. – finding that, from at least January 2018 through November 2020, JP Morgan employees frequently communicated about securities business matters on their personal devices, using text messaging, WhatsApp, and personal email accounts, and that none of these records were preserved by the firm. By March 2022, Citi, Goldman Sachs and HSBC all warned, in their annual reports, that the U.S. SEC and U.S. CFTC are investigating their record-keeping of communications through private platforms. Ahead of these expected regulatory developments, Custodia has now added the recording of Instant Messaging services such as WhatsApp to its services by partnering with Telemessage – and satisfy any correlated regulatory requirements.
Enabling AI Complementary AI technologies such as biometric or sentiment provide vital data to analyse and identify early communications that need scrutiny or improvement. The needs for AI are diverse - meeting regulatory obligations, fraud detection, improving customer experience, assessing agent performance, or gauging the mood of a meeting.
Listening to dozens, hundreds, or even thousands of calls made by your users is a colossal task. More data was created in 2017 than in the previous 5,000 years of humanity. Custodia Technology has announced the addition of Transcription to its CC1 service. CC1 Transcription uses speech recognition technology to convert captured calls into text providing comprehensive analytic capabilities. Custodia clients will be able to proactively identify potential compliance issues and respond swiftly to regulators’ questions.
Looking ahead The rising importance of cloud services and cloud service providers (CSPs) in finance has caught the attention of policymakers and regulators seeking to reap the benefits of this new technology while mitigating potential risks. The PRA, FCA and Bank of England published their policy statement recently. The European institutions have finalised DORA – the Digital Operational Resilience Act. Most of these regulators have highlighted similar key areas including operational resilience and security, concentration risk and shared responsibility. Up to now, the adoption of cloud technology has been slower because of the lack of guidance from regulators as regards how they expect systems and controls to look like. During the pandemic, the viability of the economy has depended on technology. The financial services industry has been no exception.
With the vast majority of people forced to work from home, financial institutions have had to rely on digital and remote solutions for work and deliver services to clients, whilst remaining compliant. Although we cannot be sure about the long-term implications of this crisis, there is one thing we can be fairly certain of: digital is here to stay. Digitalisation is and will remain fundamental to the way that financial services are delivered, and compliance is conducted.