Asset 1
1LoD Breakfast Briefing London 2018
The Tipping Point for the Three Lines?

At 1LoD’s Conduct Surveillance Briefing, co-hosted by Digital Reasoning, more than 30 of the most senior practitioners in compliance and front office surveillance took a deep dive into the impacts of current technology and culture on trade and e-comms surveillance. Two debates were held, covering trade/conduct surveillance, and e-communications surveillance.

Discussions were introduced by Alan Lovell, CBE, managing director and global head of group regulatory surveillance at HSBC. Lovell spent 26 years in the UK government focusing on counter-terrorism. In 2003 he helped set up the UK’s first joint terrorism analysis centre, having been involved in the UK’s reaction to the 9/11 attacks in New York. He also contributed to securing the London Olympics and shaping the UK’s response to ISIL. After two years at HSBC, he has been able to synthesise some fascinating observations on the similarities faced by banks and governments when it comes to the core surveillance challenge.

Of these, a number of key insights stood out. Lovell believes organisations need to move away from unscalable and unaffordable rules-based methodologies that require them to analyse everything and that generate useless false positives. As a consequence, regulators and audit must be taken on a journey to a metadata-based, behavioural analytics approach that can identify deviations from normal that may indicate illegal behaviour and intent. Lovell notes practitioners must take a risk-based approach, as well as centralising data and trying to understand the ‘unknown knowns’ – the information the organisation has but doesn’t know it has. And we need for the 1st and 2nd lines to work seamlessly together and for institutions to share best practice with each other. These themes cropped up again and again in the discussions that followed.

A new approach is needed

It was clear from the discussion that there is no definitive version of the roles of the 1st and 2nd lines, and that a distinction has to be drawn between the risk and technology issues around trade surveillance and those around e-comms. There was general agreement that the 1st line has been driven by specific failures, such as Libor or FX, to focus on specific issues – insider trading, price discovery etc. – without necessarily taking an enterprise-wide view. The 2nd line, on the other hand, has leaned towards regulatory compliance but in the process has built up an unsustainable cost base.

“So is technology by itself the answer? No. There is no point automating the existing system further.”

There was also concern expressed that front office culture has still not changed sufficiently, because they are not responsible for their own surveillance and controls. The 1st line needs to understand and identify poor behaviour better and it can struggle to succeed in isolation.

As Adam Markson, managing director at Accenture, says: “What we need is a rebalancing of the 1st and 2nd lines. Ideally, the 1st line needs to take a more risk-based view of conduct surveillance holistically and should be focusing on a wider range of risks than those it has traditionally focused on, while assuming the 2nd line was taking care of them. The 2nd line is taking a more enterprise-wide view of risk but needs to refocus on policy and checking of the 1st line.”

This division of duties has been driven partly by the banks’ need to comply quickly. This has pushed an increasing amount of responsibility into the 1st line and created significant inconsistencies. A common conclusion was: We need to do things differently and the onus is on the industry to come up with new ideas and a different approach.

Battling with complexity

Participants agreed that recent regulations have changed the game in terms of challenges, if not yet in culture. As TradingHub COO David Hesketh explains: “There has been a dramatic increase in complexity. Many behaviours that were previously not prohibited are now. For example, the Market Abuse Regulation (MAR) says that an attempt that fails is a behaviour that has to be tested. So if I try to spoof the market but I fail, it’s still illegal. And the number of asset classes included has increased. You have to monitor more behaviours across more asset classes. It’s simply not affordable to monitor everything, so the answer must be to look in a more complex way at these behaviours.”

How this can be done with better technology was a central topic of conversation. Bank systems are not designed for cross-product surveillance. Data is scattered across multiple silos. It is clear that in order to satisfy the spirit and letter of the regulations, legacy technologies are unsustainable and that newer, statistics-based RegTech solutions are more likely to be able to process the huge amounts of trade data necessary, and to carry out the metadata and behavioural analytics needed, to intelligently identify anomalies without generating millions of spurious alerts.

Some participants were concerned that technology was looked at as a silver bullet, without the adoption of a risk-based approach and without a detailed analysis of the risks that were actually being faced. Others pointed out that the relative paucity of solutions left banks with a difficult choice between build-your-own and collaborating with each other and third-party providers.

One issue identified by several participants was the continuing need to obtain senior sponsorship for commitment to control projects and getting different business lines involved in budgets. It was pointed out that in the area of trade surveillance at least, there was a potential for a positive P&L contribution; in analysing trader behaviours, surveillance solutions try to identify anomalies in which excess returns seem to be generated relative to risk taken and so on. Where these are not due to illegal behaviour, they represent opportunities for better profitability. So new trade surveillance technologies could help pay for themselves.

E-comms: a work in progress

In e-comms, it is clear that the challenges are just as complicated. The sheer volume of emails and voice calls, not to mention communications through unauthorised channels, is one problem. The other is the difficulty of extracting meaningful conclusions from those streams of (potentially disguised) natural language. Participants highlighted the failings of the simpler lexicon-based solutions but were also realistic about the limitations of technologies such as NLP. Sharing of lexicons was discussed, along with more ambitious ideas akin to shared utilities or other third-party tools.

“We all need to share best practice, because failure by one means increased regulation on all. We have a moral obligation to collaborate but more than that we have an economic reason to.”

Again, the technology debate highlighted legacy solution failing. In AML transaction monitoring and in the lexical analysis for insider dealing, participants referred to systems generating 95% false positives. As one said: “So is technology by itself the answer? No. There is no point automating the existing system further.”

Instead the 1st and 2nd lines need to work together, seamlessly reinforcing each other with constant iterative and constructive feedback. As one participant put it: “It’s not easy, it’s not sexy, and I don’t think it’s reliant upon a single piece of shiny tech. It’s about real conversations among the right people.”

Many speakers referred back to Lovell’s experience in counter-terrorism when noting – if there is too much content to analyse, then you have to think about the metadata. It’s about extracting value from who is talking to whom, how they normally talk to each other, and when that changes. The banks therefore need to create a single, integrated effort that triages the most worrying information and constructs a coherent, person-centric view of what is going on. This approach is part organisational, part organizational culture, part data sourcing and collation, part data manipulation, part technical integration.

It means that the 1st and 2nd lines must genuinely work together to collate, integrate and understand. And it also requires surveillance teams with the appropriate skills. This may well extend beyond core compliance skills, requiring a combination of compliance expertise, ex-traders’ experience and true investigative experience.

Participants agreed that more detailed discussions on technology, data centralisation, and solution implementation were a must. And they agreed that it is up to the industry to show that new technology and methodologies can better address the risks of most concern to the regulators.

Collaborate and listen

Participants went on to confirm that more discussions of this kind were a crucial part of the cross-industry collaboration that is required to get conduct, controls and surveillance right. As one put it: “We all need to share best practice, because failure by one means increased regulation on all. We have a moral obligation to collaborate but more than that we have an economic reason to.”

In technology it was clear that the potential exists for a number of initiatives around polling lexical data, sharing models and even some forms of third-party utility or joint venture to aggregate industry knowledge to improve solutions for all. Participants acknowledged the desirability of these, while noting the difficulties involved in creating them.

Finally, it was clear that a lack of standardisation of 1st, 2nd and 3rd lines of defence functions, the difficulties of adapting bank systems and processes to new standards of conduct surveillance, and the formidable technology issues around building a robust oversight and control framework will require a huge and continuing effort from the industry. This discussion is the first stage in what we hope will be viewed as an integral part of the ongoing effort to improve conduct and compliance processes throughout the banking industry.

This article appears in the 1LoD 2018 Annual Report & Benchmark Survey and has been reproduced with the kind permission of 1LoD.

Discover more content by 1LoD
90% of Global Banks Expect the Front Office Controls Mandate to Expand
The FCA’s 5 Conduct Questions
Rogue Trading: Connecting the Dots
Good Conduct is Good for Business

Written By

1LoD provides intelligence for risk and control professionals across the three lines of defence in financial institutions globally. It delivers this information via conferences, training and digital media. For more information visit