How can firms be sure that their automated compliance assurance tools are working?
By Eugene Land, headof compliance products at BT
Increasingly stringent global financial services complianceregulations, such as Dodd-Frank, Basel III and Mifid II, require investmentfirms to record all calls that conclude deals with clients. This means thatvoice recorder assurance can no longer be ignored and that today’s voiceinfrastructure teams face a daily challenge of ensuring that relevantconversations on trading floors and in contact centres are continuouslyrecorded.
Firms are now expected to oversee and monitor their voiceand contact centre systems and controls to ensure that they are robust enoughto identify risks before they become systemic in their business. In fact, inthe UK, the senior managers and certification regime scheduled to be introducedin March 2016 shifts accountability for failures of oversight more directlyon the shoulders of senior management.
Financial firms have to face broad consequences fornon-compliance. These include monetary fines, already huge and still growing;senior managers placed in the regulatory firing line; expensive and disruptiveoperational consequences; and even greater regulatory scrutiny. Total fineslevied by the UK Financial Conduct Authority in 2014 came to a staggering £1.4billion, compared to £474 million in 2013. Needless to say, as news storiesof hefty fines imposed on the financial sector multiply, firms are exposed toever greater reputational risk, the repercussions of which may be perhaps themost damaging.
As a result of all this, the ability to easily retrievefirms’ voice recordings in a timely manner has risen significantly up theagenda of compliance teams. Robust retention policies must be put in place toensure information can be easily accessed as and when required.
Unfortunately, however, complaints such as ‘I couldn’t findthe audio file when I needed it’, or ‘when I found the file I was looking forthe audio quality was poor’, still persist. This is frustrating as theregulators are less than willing to accept firms’ technological challenges.
Historically, banks have often had little choice but toinvest in more human resources to demonstrate that their trader voice and widerenterprise voice, video and conferencing estate are up to standard. But increasinglythey are seeing automation as the way forward.
Many routine daily tasks, such as "walk the floor" (where anengineer tests equipment on the trading floor), and tests such as “dot releasetesting” and “moves and change testing” – traditionally undertaken byengineering teams – can now be automated. In fact, automated compliancechecking can take place on an ongoing randomised basis throughout the day, andthe outcome goes way beyond the passive monitoring that banks had before.
But in this new automated age, how can firms be certain their automated compliance assurance tools are working, and what actions shouldthey take to ensure that they continue to comply with regulations withever-increasing complexity?
The simple answer is that the time-honoured principle of'Who will watch the watchmen?’ still applies. Automated tools need checkingjust as much as their human counterparts, and customers need to challengevendors to ensure they have robust checks in place to constantly monitor that theirsoftware is working. The good news is that with an automated system, any faultsand failures are picked up sooner, therefore leaving less impact on thebusiness.
Clearly automating compliance assurance can bringsignificant business benefits in terms of labour and business processes. But before wholesale adoption, firms need toconsider what they want to achieve, what benefits/return on investment arerequired to support their business case and whether a pilot would be a suitableway to validate the business benefits.
