Share this post:
In many cases, one of the most significant operational risks organizations face today doesn’t come from fraudsters or cybercriminals—it comes from their own employees. Collusion, insider trading, mis-selling, intellectual theft and sales malpractice are just some of the ways bad actors can take advantage of their employer’s good reputation and subvert it to their own ends.
Compliance and customer trust
In the financial services sector, the threats posed by individual rogue traders, groups of disaffected employees and unhealthy risk cultures have highlighted the importance of conduct risk. While the 2008 foreclosure crisis highlighted conduct risk issues, the problem didn’t end there. Recent years have seen a string of high-profile conduct-related scandals, and in the years since the crisis, banks have paid more than USD320 billion in fines and settlements related to employee misconduct.
But it’s not just banks and insurance companies that face these problems. If you operate in any regulated industry, you need to assure both the regulatory community and your clients that you are acting in the best interests of the customer. Even in the absence of regulatory scrutiny, an organization’s long-term success can depend on earning and maintaining the trust of the client base. If you allow employees to operate and to create a culture where their own interests are prioritized above client needs, customer trust can quickly become impossible to maintain.
Keeping pace with evolving threats
Moreover, conduct risk is a moving target: it takes many different forms, and every year the threats become more complex and sophisticated. Risk and compliance investigators have now identified over 100 different market manipulation techniques that employees can use to gain an unfair advantage over their employers or customers.
In most cases, risk management and compliance teams haven’t been able to evolve quickly enough to keep pace with the relentless ingenuity of the wrongdoers. Financial institutions have limited options to identify and react to emerging threats and fraudulent behaviors, and many still rely on manual reviews as their primary safeguard.
Based on the current infrastructure of many organizations, conduct risk monitoring is performed on a siloed and fragmented basis. Most organizations have different groups of analysts looking at email correspondence, chat and instant messaging, customer complaints, HR incidents, suspicious transactions, whistleblower activities and so on. Whenever one team sees enough evidence to launch an investigation, the corporation then must collate information from all the other groups to put together a coherent picture of the suspect’s activities, which is a huge and time-consuming effort.
Most companies today still take this siloed approach, because until recently, there was simply no alternative. The sheer weight of information and the need for expert human analysts to process it meant that comprehensive insight into suspicious activity was impossible. As a result, it’s not surprising that around 80 percent of investigations are triggered by false positives—or that genuine cases of misconduct still get overlooked.
The most viable approach to conduct monitoring is to look at this issue in a holistic fashion.
Harnessing AI to bust the silos
The good news is that technology has now caught up with the problem. Recent advances in artificial intelligence (AI), especially in areas such as machine learning and natural language processing, are making it possible to monitor and analyze vast quantities of data across multiple channels and data sources in real time. This means comprehensive surveillance of employee behavior is now an achievable goal.
For example, from a technology and process perspective, the IBM Surveillance Insight platform uses machine learning techniques to model different scenarios, such as insider trading or collusion, and assess the likelihood that misconduct is occurring. It collects and analyzes data from across the business (email and chat logs, voice calls, trades and transactions, HR records, and so on) and is designed to detect suspicious patterns of activity. It then presents the evidence to the risk analyst in a format that makes it easy to drill down and investigate further for effective decision-making.
The solution follows the same principles as any experienced investigator: it’s not the content of any given piece of evidence that matters; it’s the context of multiple pieces of evidence that create patterns over time. With a traditional, siloed approach, an analyst who only finds a small number of suspicious emails from a given employee might discount their suspicions. But if they could see that those emails coincided with a series of improbably lucky trades, customer complaints, disloyal activity on social media, or frequent phone-calls to a competitor, that context might give them the clues they need to launch a full investigation.
IBM Surveillance Insight also allows investigators to spread their nets much wider, because it eliminates most of the manual effort required to collect and analyze data, which leads to the collapse of the silos created by traditional risk investigation. For example, no human risk team can listen to more than a tiny percentage of the phone-calls made by employees. AI-powered technology has no such limitation: every single call can be automatically transcribed and fed into a natural language processing model to detect suspicious topics and negative sentiment. By automating this analysis and presenting the most suspicious calls to analysts, the solution supports the compliance team in moving from mundane data collection to truly valuable investigative work—thereby transforming compliance from risk administration to true risk management.
The IBM Surveillance Insight solution comes with a range of pre-built models for detecting key conduct risk areas such as insider trading, off-market trades and sales malpractice, making it easy to get up-and-running quickly—but it’s also flexible enough to tailor specifically for each company’s unique requirements.
Building a positive risk culture
By deploying the Surveillance Insight platform, IBM can help your business demonstrate that you have appropriate controls and mitigations in place and ensure that your employees operate ethically and treat customers fairly. This not only helps satisfy ever-more-demanding regulators; it also shows your employees that your organization has zero tolerance for misconduct, and that if they don’t behave ethically, they will almost certainly be caught. This is a powerful deterrent that helps prevent the growth of undesirable cultures within the business.
Secondly, the solution can also be utilized to assist organizations in identifying positive behavior so that employees who set an example of the right approach to client management are rewarded and potentially promoted. This encourages them to train their peers to support customers more effectively and inspires those peers to follow their lead.
Finally, our solution can help your compliance teams become more proactive about risk management, with faster detection of even the most sophisticated misconduct scenarios and risk-based prioritization of alerts that reduce time wasted on investigating false positives. Ultimately, this solution helps your business avoid the costs and reputational damage of conduct-related scandals and support the institution’s objectives in maintaining vital customer trust.
Vice President, Global Banking and Financial Markets, IBM Risk & Compliance Cognitive Solutions