Leveraging Meta Data for Holistic Monitoring of Employee Behavior

Today, most controls and monitoring are done in siloed systems that neither talk to each other nor integrate easily. While trading doesn’t happen in a vacuum, many controls are only looking for potential risk at single point in time events – such as a trade, a transaction, or a single communication.

When it comes to communications monitoring for employee behavior, many of today’s preferred methods are prone to inaccuracies and therefore have limited success. These include:

Electronic Communications:

• Lexicons, which refer to the use of words and terms within written communications such as emails and chats, has been the industry standard for several years. Whilst effective at detecting the crimes of old, it’s well known for generating high volumes of false positives, being prone to subjectivity, and ignoring context and the relationship between the participants. As a result, this approach could fail to identify other instances of potential market abuse, misconduct or new and emerging risks. Even more sophisticated methods such as Natural Language Processing (NLP) are struggling to overcome the challenges posed by these more traditional approaches.

Voice Communications:

• Voice recording – This relates to manually reviewing a sample of every voice call made by specific high-risk groups such as Libor traders, which is simply not possible. A risk-based approach would enable teams to focus their communication monitoring efforts on the highest risk areas and people.
• Automated – Voice to text automation converts spoken language into written text (with varying degrees of accuracy), reflecting the nuances in how people communicate verbally and in written form. However, this approach requires further models and ongoing model management.
• Mobile monitoring – By placing software on a phone to monitor usage, certain apps can be blocked or restricted. The right monitoring can allow for use of newer channels, such as WhatsApp and WeChat which are becoming more popular with clients. However, Bring Your Own Device (BYOD) presents a challenge when it comes to linking a device to a particular person.

These approaches lack context, leaving banks unable to generate a holistic view of relationships and behaviors. As a result, there remains a long list of challenges which surveillance teams face when it comes to effectively monitoring communications and employee behaviors.

The Biggest Challenges with The Current Communication Monitoring Approaches

• High number of false positive alerts – This threatens to overwhelm monitoring teams’ ability to adequately execute their functions. The initial alert review is normally performed in an offshore low-cost location.
• Onboarding new communication channels –It can take time to onboard new channels onto existing monitoring tools, and those that weren’t previously permitted (such as Teams, Zoom, WhatsApp) have now become essential to support today’s new hybrid working models.
• Training data – Often, there are very few findings within a bank’s own data that can be used to train the models. Lexicons from previous cases can be used and built back into the detection rules, when it comes to external sources and intelligence – such as chat transcripts published as part of enforcement cases or news stories – often only small extracts are published, making it difficult to extract useful training data.
• Multiple languages – Updating all scenarios and models to reflect different languages and dialects can be costly – and ineffective.
• Reprisal from the regulators if banks turn off ineffective tools or scenarios – This can prevent organization’s from focusing on new projects as too much time and resources have been spent on low quality outputs.

To detect genuine risk, surveillance teams would need to read every email or listen to every call. But given the huge volumes of communications, this is simply not possible. There needs to be a more targeted approach that strikes the right balance between risk and cost. That’s why communications monitoring is still the largest area of investment and focus for surveillance teams.

Meta Data: The Answer to Communications Monitoring?

Meta data is activity data. It’s “data that provides information about other data”. It includes everything about a communication other than the content itself and what is being said.

Edward Snowden’s leaked NSA document in 2016 revealed that metadata collection is one of an agency’s ‘most useful tools’.

Where Does Meta Data Come From?

Every action or piece of activity can be used to generate data that can be used to monitor behavior. For example, for employee communications, this might include:

• Volume and frequency of emails sent
• Size of the emails
• Whether the email included attachments
• Whether the email was encrypted
• Time the email was sent
• Recipient of the email, and their response (if any)
• Email IP address

Market manipulation cases are complex and more difficult to investigate than insider dealing or other types of market abuse because they are not transactional or involve opportunistic trading; perpetrators often work in groups, in an organized way, using sophisticated techniques, over extended time periods.

Mark Steward

Executive Director of Enforcement and Market Oversight FCA, 2020

The Benefits of Meta Data

Meta data remembers everything and forgives nothing. This analysis can be used to build ‘pattern-of-work life’ profiles of individuals. Meta data can also be used to:

• Build networks, chronologies, and predictions of behavior over time – Given that meta data does not look at the content, this approach is language agnostic and can be applied to all traders, globally.
• Identify new and suspicious groups as they start to form – Additional context can be taken from alternative data sets that might illuminate hidden relationships of interest, or from those that may not have been disclosed by the employee, potentially in breach of policy.

The insight generated from meta data can then be used to identify normal expected behaviour for an individual. With this information, advanced analytics tools can be leveraged to look for deviations from that expected behavior.

Leveraging the capabilities that underpin a contextual approach can help to monitor communications at specific points of time, or to observe particular activities where there may be cause for concern (e.g., a particular trade of interest, when speaking with a certain 3^rd party, after a flurry of unexpected comms). This may bring to light certain communications that had slipped through the lexicon net, helping investigators determine where to focus more targeted attention.

Consider this. It’s like a private investigator following a person of interest. The investigator will be keeping note of what time the POI leaves their home, where they go, who they speak to, and what they do following that conversation. At each point the investigator will be taking photos, recording what’s being said and taking logs of actions. This is essentially meta data. It’s this insight, or context, that allows the investigator to determine where to shine the light and focus more targeted attention.
 

The Building Blocks to Holistic Monitoring

Surveillance teams are increasingly focused on network analysis and continue to invest in unstructured data, as this is considered the best data set for this type of monitoring. However, meta data analysis should pass the proportionately test – does the risk justify the cost? – when it comes to monitoring your highest risk employees, particularly in today’s new hybrid way of working, the ability to observe how your teams communicate in person is reduced.

As work life patterns evolve, it’s important to keep on top of these changes, so investigators are able to identify and distinguish between suspicious changes in employee behavior, and legitimate lifestyle shifts.

However, searching for unusual patterns in meta data isn’t the only necessary control. This approach does not mean the demise of lexicons, it should be used to complement the approach which regulators find satisfactory.  This would allow for some of the ineffective rules to be off-set, freeing up resources for more targeted investigations.

Meta data analysis is a paramount building block which provides a foundation to a more comprehensive process to holistically monitor employee behavior in a more entity centric manner.