Proactive vs. Reactive: Keeping Your Company Out of the News


If I were to ask you, ‘what is the biggest risk at your company right now’, what would you say that was?

You have your answer? Ok, now what measure do you have in place to manage that risk? Lastly, is the risk that you just thought of covered by your communication surveillance solution?

If you answered ‘no’, you’re not alone.

While the regulations governing electronic communication surveillance change often, there has been one phrase that remains intact, despite the multitude of revisions.

“Each member shall establish and maintain a system to supervise the activities of each registered representative, registered principal, and other associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations”

However you interpret the phrase “reasonably designed to achieve compliance”, it’s clear that measures have to be taken in order to prevent regulatory violations BEFORE they happen. Putting such procedures in place AFTER something has occurred, and especially when it was a potential risk in the first place, is like a farmer building a fence after all the sheep have escaped.

Countless timeswe’ve seen instances where companies have failed to account for obvious risks that have resulted in regulatory penalties.

Many of these infractions, as bad as they may have gotten, could have been detected early on and stopped through the use of a few relatively simple preventative policies in a communication surveillance solution. While this seems like a simple and obvious solution, it’s remarkably rare that I’ve seen it in practice.

It seems that the goal of a majority of companies is to save money, while fulfilling only the minimum requirements for compliance. This tactic not only exposes a company to unnecessary risk, it can end up costing a company far more than it would have originally cost to institute a preventative measure in the first place.

One of the areas that we specialize in, is the customization of your email surveillance solution to capture activity which could be a violation. By instituting policies that just target general concepts such as deceptive language, bribes/kickbacks/Quid Pro Quo, or Coercive Behavior, you effectively reduce risk associated with a wide variety of potential violations, across the board.

In addition to these “general language” policies, more focused policies can be used to cover specific areas such as Anti-Money Laundering, Gifts and Entertainment, Political Contributions, or even the various methods by which insider trading can occur.

Instituting both of these types of policies in your environment will enhance your surveillance solution’s ability to monitor, capture, and even intervene, should a member of the firm violate them. Phrases, idioms, euphemisms, colloquialisms, and words in context of other words such as “Don’t tell anyone”, “Keep this between you and me”, or “I said this. But really it was this”. This method, as opposed to searching for just keywords, will not only reduce the sheer amount that you have to review, it’ll allow you to focus on what’s important.

With heavier and stiffer fines being issued, it’s clear that financial institutions need to stop waiting for an infraction to occur before something is done about it. But be it through an enhanced focus on electronic communication, trade surveillance, or even through the use of behavioral and predictive analytics, what’s clear is that it’s become increasingly necessary to reinterpret what we define as “reasonably designed”. Now is the time to take a proactive stance.

So, about that risk you thought about earlier…