Graham Jarvis is a freelance business and technology journalist. Here he looks at why personal mobile device surveillance is imperative for banks and finance organisations in spaces such as trading floors to achieve regulatory compliance.
According to The Financial Times, ‘Bankers crave return of in-person trading floors’ because “the human factor matters”. Strengthened with effective personal mobile device surveillance, whether traders are on the trading floor or at home, they matter. However, there is also a role for technology to prevent market abuse. Human factors, such as trust, can’t prevent it.
In banking and finance – particularly on trading floors, trust is often considered to be at the core of maintaining and achieving compliance. The sector’s traditional approach involves implementing soft policies that are focused on mutual trust, which isn’t sufficient to prevent significant and costly regulatory breaches in regulated areas, such as trading floors. In fact, rather than focusing on trust, banks and financial organisations should predominantly concentrate on compliance.
Concentrate on compliance
The sector has what are called ‘regulated areas’ to prevent insider trading and market abuse. They include trading floors. Raili Maripuu, CEO of Mobilewatch, reveals that personal mobile devices in regulated areas can be used to facilitate market abuse. She explains why: “Controversially, this is mainly because the majority of the banks address the problem with ‘soft policies’, sometimes combined with some (largely minimal) supervisory labour.”
“10 years ago, such an approach was indeed enough, as mobile phones were much simpler, there were less of them and there was no surveillance technology to address the problem. This is no longer the case. Nokia-type brick phones have evolved into complex smartphones and the technology to ‘see’ such devices along with them.”
Soft policies are predominantly used to monitor personal mobile devices in banks, and because they are based on trust, they are often found to be wanting. Policies that focus on trust more than on compliance are often not 100% effective.
Maripuu reveals that open policies are also very much prevalent within the banking and finance industry, and there is strikingly a lack of effective device monitoring. “The huge risk is clearly evident and on the increase; and so, they should ideally deploy indoor positioning technology to advise the Surveillance and Compliance teams by highlighting what activity is happening, when it happens and with historical recording for investigations and demonstrable regulatory reporting.”
If soft and open policy-based trust was completely effective, Market Non-Public Information (MNPI) abuse would be eliminated. She believes banks should go beyond trust. They must, in her view, “look at technologies that enable true compliance as the regulators intended, such as indoor positioning technologies. This will support compliance by identifying all personal mobile device activity in any particular regulated space every hour of every day.” Personal mobile device surveillance, using indoor positioning technology, enables supervisors to spot and report regulatory and policy breaches.
Use technology sensitively
To many, indoor positioning might seem a bit like Big Brother is watching, and there is a need to use technology sensitively to avoid trust issues. However, Maripuu argues that this is a misconception. She explains why: “People think indoor technology positioning is another Big Brother technology because they are not aware of how the technology works. There are numerous other surveillance technologies, including voice recording and CCTV, that are ten times more intrusive than passive indoor positioning technology, which simply collects information that is already publicly transmitted.”
“Regulatory environments already employ many other technologies, such as chat room and voice surveillance. These are already accepted by traders as normal and expected. If there was an employee concern about Big Brother, it started over 10 years ago. Banks and its employees also need to remind themselves what the purpose is of these surveillance technologies. They are ultimately there to protect the consumer from market abuse – trust cannot do this alone.”
She elaborates that the nature of trading is that it’s highly regulated and, subsequently, continuously monitored. In fact, trading floors typically deploy an increasing number of surveillance methods and technologies to ensure compliance with the goal of preventing market abuse. Indoor positioning involves passive monitoring in comparison to many of them and it involves monitoring – for example – publicly available mobile phone transmissions. “So, the Big Brother argument really falls flat on its face here”, comments Maripuu.
She adds that indoor positioning technology was created to spot and identify breaches of all types of mobile devices in unauthorised, high-security areas. The technology is typically deployed by governments, law enforcement and corporate security. It can also be utilised to manage smart working in corporate environments, to manage large crowds at public events, as well as assess shopper behaviour in supermarkets and shopping centres, “where such information is used to negotiate appropriate tenancy agreements.”
“Within financial services, indoor positioning is a new niche, highly specialised market”, comments Maripuu. She finds that the use of personal mobile devices within regulated spaces is rising, and some banks are operating an open or any device policy – creating a significantly increased risk of MNPI abuse.
“This has also been compounded by the home working requirements of today’s Covid-19 pandemic world, where the regulated space must now also reside”, she says. Financial services organisations expected the regulations associated with personal mobile devices to be enforced. So, she believes “the race is on to move away from the ineffective soft policies currently employed and implement a 24×7 automated ‘eyes always on’ solution instead, only achievable through technology.”
In the UK, for example, the Financial Conduct Authority (FCA), requires banks to ensure that personal devices are not used for any business communications. The Financial Conduct Authority’s Handbook Statistics in SYSC 10A:1.7 states: “A firm must take all reasonable steps to prevent an employee or contractor from making, sending or receiving relevant telephone conversations and electronic communications on privately-owned equipment that the firm is unable to record or copy.”
Maripuu cites Julia Hoggett, the former Director of Market Oversight at the FCA, who said in a recent speech that the expectation going forward is that office and home working arrangements should be equivalent. Maripuu adds: “This requirement by the regulators is no longer held back by technology. Banks are hiding behind the fact that regulators are implicit in stating what is required, but not the ‘how’. The surveillance achieved in the home environment can equal that of the office, effectively extending the regulated space seamlessly for those working from home.”
She adds, referring to the desire of traders to return to the office: “Although the FCA anticipated an increase in market abuse reporting during over the past 12 months, due to new working practices, the reality is that this has decreased. There is a clear disconnection. Traders returning to the office to find new social-distance operations in place.”
“In effect, supervisors may have the same number of people to oversee, but over a greater area. The result is a reduced ability to spot offenders sending a quick text or use another personal mobile device. Outside of trading hours, the space remains regulated, although the supervisors have gone home. With security staff, cleaning and, IT contractors carrying out their duties, the regulated space currently remains unmonitored. These are weak security points which Banks turn a blind eye to, that will be until the regulatory enforcement is in place.”
To achieve compliance, the only way this can effectively be tackled is by using technology that can monitor all devices in a regulated area. With indoor positioning technologies, you can capture 100% of personal mobile device activity, bringing immediate awareness to employees that it is present all of the time, round the clock every day.
The challenge is that firms do not have the authority to record or copy privately owned personal mobile devices. Yet soft and open policies are opening up to permit them in regulated spaces. This disconnection means that the effective monitoring of these devices is essential and mandatory to, as she explains, “protect the consumer from MNPI abuse” by using technology to capture everything.
“This is a huge deterrent of unscrupulous activities and this can prevent a sporadic opportunity of the theft and abuse of MNPI, in itself”, she says. Furthermore, the use of artificial intelligence can in her view “determine patterns of activity including times, movements and stationary periods.” With AI and the captured data, it’s possible to identify the potential risks before they occur. Also, as banks are mindful of the well-being of their employees, they can use this technology to better identify and educate their staff, rather than catch and heavily fine them – and/or fire them.
However, with more traders working remotely and, increasingly from home, it’s becoming more important to monitor home-based versions of regulated areas because the risk of market abuse via mobile devices has increased. Remote working from home can reduce the ability of banks to have control over whether these mobile phones, smartwatches, tablet and laptops are stored away from the home-working area.
“Since the pandemic, the use of work mobile devices in regulated spaces increased by 500% and the average length of a mobile call jumped from 48 seconds to over 3 minutes,” she reveals. Interestingly, she highlights that industry statistics find that there is a significant decrease in the number of calls made in regulated areas during the pandemic – largely in the work-from-home environment.
This is compared to the pre-Covid situation, where trading activities – including calls – occurred in largely controlled and supervised office environments. She concludes that this suggests the missing number of calls have been transferred elsewhere, such as to personal devices – which no-one monitors. So, the need for personal mobile surveillance is now more important than ever. This means that, over the next 5 years, regulatory enforcement is going to be tightened up, allowing little wiggle room to be used by the financial services industry.
Many other benefits
By embracing indoor positioning technology, banks will discover there are many other benefits to personal mobile device surveillance that go far beyond that of compliance. Maripuu explains with reference to the banks’ concerns for staff well-being:
“This technology, when combined with AI, provides rich behavioural analysis and benefits to its employees; whether it’s an employee looking on their work app to see which hot-desks are available, to building security identifying where exactly people are in the event of an emergency, to helping route people away from an incident; or for an employee to simply check how busy the in-house fitness centre is; the appetite and applications for indoor positioning technologies is on the rise.” So, as well as enforcing compliance, the technology provides an opportunity to motivate staff, even in a crisis.