Highlights from the October 2024 Compliance Executive Roundtable
November 4th, 2024
After a successful executive roundtable this past April, NICE Actimize and Guidepost Solutions hosted another roundtable recently. Over a dozen surveillance heads from the US and EMEA attended the event. Several key takeaways, insights, and trends emerged from the discussions, which are highlighted below.
Takeaway #1 – Increase in Junior-Level Examiners Asking Uninformed Questions
There was a general consensus among attendees that many of today’s examiners seem to lack the experience of their predecessors, which is evident in their lines of questioning.
One executive expressed concern, stating, “I worry whether they possess the necessary product knowledge, as some of the requests we receive are quite puzzling. My fear is that these requests stem from a lack of understanding, and I don’t see this situation improving.”
Another executive shared how his firm had addressed this issue by raising discussions to a higher level. “We’ve successfully employed this strategy during exams by escalating the conversation to the examiner’s supervisor. Don’t hesitate to escalate concerns but do so respectfully. It’s a valuable option to consider if you’re encountering difficulties.”
Takeaway #2 – Data Lineage: A Focus for External Regulators and Internal Audit Teams
Data lineage involves tracking the flow of data needed for surveillance, from its origin to its final destination. This process ensures that the data is accurate and complete, and that it effectively feeds into downstream surveillance systems as intended. It addresses key questions like: does the data meet the criteria of our surveillance platforms so we can generate alerts? Without the ability to track data lineage, it is impossible to identify surveillance gaps.
Given its significance, it is no surprise that data lineage has become a key topic for both external regulators and internal audit teams.
“We’re receiving inquiries from nearly every regulator now regarding data lineage, sometimes even from different departments within the same regulatory agency,” stated one executive at a roundtable discussion. “We’re being asked and are answering many questions related to data lineage.”
“Data lineage has definitely been a topic of conversation, but more on our internal audit side of things,” commented another roundtable participant.
In addition to unanimously acknowledging that data lineage has become an increasingly important focus, roundtable participants also expressed several frustrations. One participant pointed out that just because data is located in one cloud solution doesn’t automatically ensure that it will successfully transfer to another cloud solution, even if a vendor claims it will. Another participant lamented that because data elements are tailored to each bank, reconciliation solutions must also be customized.
Still another was frustrated that vendors try to charge more for data reconciliation solutions. “At this point, you wouldn’t expect to be asking for something that is ‘mind-blowingly’ new or different. However, when we talk to vendors about how they handle data reconciliation, I am often surprised to hear them say, ‘We can do it for you, but it will cost an extra $200,000.’ This implies they want to charge us to simply verify what they should be doing correctly in the first place.”
In light of this, one bank represented at the roundtable was even taking steps to create its own comprehensive solution for data reconciliation.
“Our internal auditors are pressing us for a solution. If we receive message IDs 1, 2, 3, 4, and 5 from the source communication channel, can we find those same IDs in the retention platform? Can we provide evidence that these messages were actually surveilled in the surveillance platform? While we have these types of capabilities in our Anti-Money Laundering (AML) space, we are now working on building these robust features into our surveillance area as well.”
Additionally, one participant predicted that while data lineage is currently a growing focus, it will become a standard part of the examination process within the next three years.
Takeaway #3 – Off-Channel Communications Remain a Priority
In 2022, 16 Wall Street firms collectively paid $1.1 billion for breaches related to off-channel communications. Additionally, 26 firms incurred over $390 million in penalties this year due to record-keeping failures tied to the widespread and ongoing use of off-channel communications. This illustrates the heightened scrutiny that both financial services firms and regulators are placing on these communications.
One executive at the recent roundtable noted, “We underwent a review of off-channel communications last year with two regulators. While we’ve faced some ongoing questions, we have so far managed to satisfy the regulators’ requests.”
Takeaway #4 – An Increased Emphasis on Multi-Language Surveillance
With over 6,000 languages spoken around the world, limiting surveillance to just one language can present significant risks. Regulators have started to pay more attention to multi-language surveillance as a result.
One participant in the recent roundtable discussion noted, “We have a multi-language surveillance program, and we received many inquiries from regulators about it, such as how we randomly sample for languages that are not being surveilled.”
Another executive from a firm that conducts surveillance in six languages added, “Interestingly, during an audit with one regulator, they did not raise any concerns about our off-channel communications program. However, they posed numerous questions regarding non-English language surveillance. I found it surprising that this was their primary focus, considering they could have addressed a wide range of other aspects of our surveillance program.”
Takeaway #5: Shifting Responsibilities Between Second and First Line Teams
During the roundtable discussion, one key topic was the transfer of surveillance responsibilities from the second line to first line teams. This shift is aimed at saving money and addressing surveillance backlogs due to resource constraints.
“Currently, our surveillance is entirely managed by the second line,” stated one participant. “However, I do see a trend toward moving this responsibility to the first line.”
Another executive, who transitioned from the first line to the second line six months ago, added, “It’s an understatement to say we are ‘squeezed.’ I need to expand my organization and compliance resources, but I cannot approach the business for additional hiring. Therefore, I really need support from first line resources.”
While some are considering transferring surveillance tasks to the first line, there is still uncertainty about whether this is the best approach. Afterall, do supervisors or heads of business truly want to have more direct control over surveillance?
One executive noted, “If you polled supervisors on the first line of defense and asked if they wanted to perform surveillance, you’d probably find that less than half of them would say they have the time, energy, desire, or capacity for it. They are interested in knowing about problems and potential issues, but I don’t think they want to sift through numerous false positives to find that one instance in a hundred or a thousand where something meaningful is actually discovered.”
Another participant in the roundtable shared their perspective as a former regulator and someone on the second line: “I wouldn’t trust the first line to take on surveillance responsibilities — detecting issues, escalating them, and determining whether something requires notifying a regulator. In my experience, I’ve never seen it work well in practice, at least not consistently.”
Takeaway #6 – Increasing Emphasis on AI
One executive noted that he views AI as a solution to current bandwidth issues in surveillance, rather than merely reallocating work between first and second-line teams.
“I foresee that in the near future, companies will seriously consider how they can use AI to enhance efficiency. Organizations will start asking questions about their expenditures and whether processes can be improved. AI is definitely something we cannot overlook.”
The roundtable discussion also explored various ways AI is currently being utilized for surveillance as well as potential future applications. These include natural language processing for better understanding the context of communications, AI for advanced detection, and generative AI, which could eventually be used to automate report writing.
Join Us for The Next Executive Roundtable
Interested in exploring these and other topics with your peers in compliance? Join us for the next executive roundtable. Reach out to our roundtable hosts for more information:
Paul Cottee
Director, Subject Matter Expert, Compliance, NICE
Eric Young
Senior Managing Director, Guidepost Solutions