Galen Stops looks at how chat room activity is being monitored and controlled following recent collusion scandals.

“I’ve talked to hundreds of firms across the world and I
haven’t yet met any that haven’t put requirements
around information control, policy and security at the
top of their agenda, it’s the first thing that comes to their
minds,” says David Gurle, founder and CEO of Symphony, a
cloud-based communications service provider.

This focus around information control and security is perhaps
unsurprising given the events of recent years, in which financial
institutions have been forced to shell out billions of dollars in
fines relating to accusations of collusion to manipulate the
Libor and WMR Fix benchmarks.

Focusing specifically on the FX collusion scandal, what
could perhaps be considered as the “smoking gun” in the
regulator’s case against the banks were the chat room
transcripts they published, which clearly detailed examples
of misconduct.

“It used to be like the Wild West in the chat rooms, you could
add anyone or do whatever you liked in them,” says one market
source.

Similarly, another source adds: “Before, having a chat on
your desk was just like calling someone on the phone, there
was virtually no control at all.”

There’s nothing quite like a public scandal to focus the mind,
and it seems that banks and other financial institutions have
been spending far more time focusing on how to effectively
monitor chat room activity.

“Chats are a fundamental part of the way that the market
trades, and that’s not changing any time soon,” says Tod Van
Name, global head of FX and commodities electronic trading at Bloomberg. “What we’ve seen is that firms have now
adopted much more stringent policies in terms of what people
are allowed to talk about, and then how they monitor and
process those discussions.”

Similarly, Lesli Fairchild, head of collaboration services at
Thomson Reuters, reports a “huge” growth in the adoption of
the compliance service functions that are offered alongside
Eikon Messenger.

In some cases, it seems that there were monitoring and
surveillance tools that might have helped prevent the recent FX
rigging scandals available to market participants, it’s just that
they weren’t properly applied.

To be clear: unlike a platform provider that is expected to
bear some responsibility for the behaviour that takes place on
its platform, firms that host chat rooms bear no responsibility
for what occurs within them.

Firstly, they are just communications network providers –
they can’t even see the text contained within the messages.
Secondly, the scale of the messages being sent would make it
near impossible to monitor effectively. Bloomberg’s messaging
system processes something in the region of 180 million
messages per day, meaning that even with the best technology
in place, it would still require a small army to keep track of
what was being said in those messages.

Dynamic approach

But although they don’t have a responsibility to police
what occurs in the chat rooms that they host, these
communications service providers have been looking for
ways to upgrade and improve the surveillance and
compliance tools that they offer in response to the renewed
enthusiasm for them from their clients.

For example, Thomson Reuters has been working to make
the compliance controls that it offers around its chat rooms
more dynamic.

As part of its messenger service, the firm offers “out of the
gate” compliance tools, which monitor all activities in the chat
rooms – what rooms are entered, every post read, every
comment made, every file shared – and records them. On top
of this it also offers active compliance tools, which are
customisable and designed to enable firms to prevent
messages that would contradict their internal compliance
policy from ever being sent.

Although elements of these active compliance tools can
already be updated regularly – firms can change the key
words that will be blocked or flagged by the messaging
system on an hourly basis – Thomson Reuters is increasing
the frequency at which the overall active compliance policy configurations can be updated from once every 24 hours to
three times per day.

“This change was triggered by industry demand and there’s a
clear appetite from firms to put their arms around this
technology,” says Fairchild. “It’s a much more serious world
that we operate in now compared to when the scandals first
surfaced. We offer these protections free of charge as part of
our messaging service and their rapid adoption rate evidences
that firms want to leverage them rather than explain to their
audit department why they didn’t use these capabilities when
they were readily available.”

Post-scandals, one of the biggest concerns amongst
financial institutions was that multilateral chats were being
convened by their staff without anyone being aware of it.

This is why Thomson Reuters launched its bilateral chat
feature, persistent user-generated forums that prohibit more
than two firms being included in the discussion.

Another step taken by Thomson Reuters to help firms reduce
any potential compliance breaches occurring via messaging
services is its bilateral enforcement, which systematically
removes users from chat rooms owned by other market
participants who then try to add people from different firms
into the conversation, making a multilateral chat.

Higher demands

Coming to market with a messaging service after the FX and
Libor scandals had emerged, Gurle argues that Symphony was
held to higher standards in terms of the types of surveillance
and compliance controls that its clients demanded.

Following extensive discussions with market participants
about what sort of controls they wanted Symphony to offer, he
identifies four main areas that they focused on.

The first is again these active compliance tools that seek to
prevent messages that could potentially breach compliance
rules from ever being sent. Using key words and natural
language processing, these tools check what is being written
against companies’ internal policies and can either block
messages, issue a warning to the person writing it, or inform
them that they need to speak to a compliance officer or
another specific person within the company before sending.

The second is that Symphony has a set of controls that
enable administrators to only allow vetted companies or specific
people within certain companies to be part of a chat room.

The third is referred to as “data leaking protection”, and this
uses technology to scan any files being transmitted and checks
them against the firm’s internal policies, preventing any files or
attachments from being transmitted that contradict these policies.

The fourth focus is on allowing real-time surveillance by
compliance officers of what is occurring within the Symphony hosted
chat rooms.
“These four tools were at the top of the list of product
features that our customers asked for following the scandals,”
says Gurle.

Discussing how client attitudes changed after the scandals,
Gurle says: “There hasn’t been a desire to minimise the use of
chat rooms, because people realise that they’re a very good
medium to collaborate and exchange information in order to
get business done, but there’s more focus on the controls and
administration of them. Firms wanted more controls around
the creation of the chat room in terms of which firm is part of
the chat room and who has access within those firms to the
chat rooms.”

Breaking up silos

Van Name agrees that there is much more focus within firms
about ensuring that appropriate policies are in place that
outline which individuals are allowed to participate in which
conversations, both internal and external, and what these
individuals are allowed to say. He adds that it’s then incumbent
upon the senior staff at these institutions to ensure that these
policies are enforced.

“Clearly, one of the things that we’ve learnt from these
scandals is that there is an onus of responsibility on the
leadership within firms, it’s not an acceptable excuse that
senior staff didn’t know what was going on within a chat room.
But I absolutely think that almost every firm without exception has taken significant strides in this respect, particularly on the
sell side,” he says.

Discussing what sets Bloomberg’s messaging service apart
from some of the other competitors in the market, Van Name
emphasises that it is just part of a much broader offering.

“We look at ways to morph chats into something much more
powerful than simply exchanging lines of text,” he says.

Bloomberg has tried to make the information that it provides
through its services applicable to the specific content that is
being discussed within chats. For example, a user can
structure an options strategy and then drag it into a chat so
that their counterparty can immediately see it and they can
then click one link to automatically populate that strategy into
a pricing tool. If they want to trade the strategy, they can then
click a button to enter into an RFQ trade for that strategy.

The reason why this is relevant to the discussion around the
monitoring and surveillance of chat rooms is because it
potentially creates a much richer electronic trail for compliance
staff to view, should they need to.

When it comes to surveillance, Marten den Haring, chief
product officer at Digital Reasoning, argues that the best
approach is to focus on individuals and networks rather than
specific channels of communication, such as chat rooms.

“Independently of the FX asset class, if you look at the
compliance function within financial institutions post-crisis,
there have been a large number of governance changes in
terms of organisational structure, corporate policies, as well as
technology adoption.

“Some of these governance changes have become global
issues rather than a regional or divisional issue, and applying a
standardised set of new governance practices often means
that firms have to start breaking up silos. I think that’s the
main trend we’re seeing right now, the breaking up of silos in
order to try and look more holistically at the problem of risk
and controls.

“By cutting through surveillance silos, you begin to reveal
people’s true identities, intent and relationships. Once you put
traders under the microscope and start to correlate activities
across all communication channels and transactional systems,
you can begin to understand human behaviour in time and
space. At that point, you can start asking more sophisticated
questions of your surveillance data that map to your controls,”
he says.

Mobile challenge

The idea of taking a holistic approach towards internal
surveillance is perhaps more relevant than ever at a time when
technology is broadening the number of communication
channels available to staff within financial institutions.

As more and more trading firms embrace mobile technology,
traders and other market participants could potentially have
access to end-to-end encrypted messaging services such as
WhatsApp or WeChat via mobile phones. Although different
firms have different policies on mobile usage, the phrase
“bring your own device” (BYOD) has very much entered the
business lexicon.

This is obviously problematic – a compliance officer at one
bank jokingly refers to BYOD as “bring your own disaster” – for
a number of reasons. It fundamentally limits the ability of firms
to monitor what their staff are saying and it also represents a
vulnerability from a cyber security perspective.

If someone within a financial institution is using these
encrypted messaging services from a company-owned device,
then it may be possible for that company to screen scrape the
display data from that messaging system to see what that
individual was saying. However, because the individual can
access their messaging account from any device, this sort of
surveillance is very easy to navigate past.

Despite the surveillance challenges posed by the growth of
mobile technology within financial services, den Haring argues
that it is still possible for vigilant firms to spot potential
compliance problems.

“We all live in a digital age where we leave exhaust. Even
though I may not be able to monitor exactly what you discussed
on WhatsApp with a trader, there may be clues on other
channels, such as one person saying “Hey, let’s take this
offline” or uncharacteristic use of boastful or foul language.
Unless people go truly off the grid, when you’re dealing with
human nature and a scenario where people need to
communicate and collaborate, then you’re going to find
breadcrumbs that lead to a bigger picture,” he says.

The surveillance technology available to firms is also
improving at a rapid pace.
“The industry focus now is on things like artificial intelligence
that will allow compliance staff to understand how the dialogue
and the words being used in chat rooms are changing,” says
Fairchild.

She adds: “There’s never going to be a bullet proof solution,
but firms need to evolve their practices, improve their
processes and apply sophisticated technologies to help remove
false positives from their surveillance and detect potential
issues that warrant further investigation.”

Den Haring says that as the surveillance function within
financial services firms evolves, they will increasingly look at
combining internal surveillance techniques with external data
sets to piece together how individuals or networks are
interacting or collaborating. Giving an example, he says that
firms might use social media channels to provide greater
transparency into personal relationships, or overlay news
reports with surveillance data to investigate who knew what,
when, in an effort to prevent confidential information from
being shared inappropriately or leaked.

Gurle emphasises that the financial services firms that he
has come into contact with are very serious about making all
possible effort to effectively monitor and control the
communication channels that their staff are allowed to use,
and claims that the industry has made significant progress in
this respect.

But will the changes that they’ve implemented prevent
similar scandals in the future?

“It’s going to be harder and harder for individuals to engage
in prohibited behaviour via chat rooms,” says Gurle. “There are
a number of reasons for that. One is the technology, but
another is just the awareness of the massive surveillance
that’s going on. So if you’re a bad actor and you know that all
your conversations are being monitored in real-time, that you
have compliance officers able to review what you’re saying and
sophisticated algos are scanning through the text, you’re going
to think twice before breaking any rules via those channels or
otherwise. There’s a psychological element to it, the awareness
of being watched. Enhanced compliance surveillance is a
deterrent that will encourage better behaviour overall.”

Ultimately, if individuals are determined to collude it is very
difficult to stop them. But since the benchmark scandals, the
financial services industry has clearly targeted chat rooms –
and communications channels more broadly – as a legal and
compliance weak point that needs to be addressed.

The industry has clearly made steps in the right direction in
this regard. By re-thinking how they monitor and control the
communications channels that their staff use and using the
technology available from service providers, it’s clear that firms
can significantly reduce the chances of any future scandals
where chat room transcripts can be held up as evidence.

Galen Stops

Share This

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on reddit
Reddit

Related Posts in