Time To Act: Effective Personal Device Surveillance, PDS
Mobilewatch CEO, Raili Maripuu joins the expert speaker panel at the 1LoD Digital Debate in January 2021 to discuss the risks of international market abuse due to personal mobile devices and the increasing need for the most effective PDS (Personal Device Surveillance) technology.
Current soft policies, which are based on trust, do not work even in the office. With more employees working from home for extended periods, there is a reduced level of surveillance within the office. The traditional first line of defence becomes redundant for home-working scenarios and the risk of market abuse considerably increases. A July 2020 1LoD In-Focus Report for Relativity, ‘Surveillance in a post-Covid World’ finds an influx of trade and communications alerts – a 1000% increase on typical daily volumes – “warning of potential market abuse or collusion”.
Despite this, fewer than 5% of banks have Effective Personal Mobile Device Surveillance in place. Raili Maripuu, CEO of Mobilewatch, explains: “Soft surveillance policies with some manual enforcement are in place, and combining our own experience with other industry data, the detection rate amounts to 1-3% of all mobile activity. With scaled back office operations and working from home the new norm, this is highly likely to be less.”
She says there are a range of potential risks; on the of these includes insider trading. There are other forms of market abuse, too. Mobilewatch finds that these specifically include “the sharing of Material Non-Public Information (MNPI), which are financial crimes.” The consequences of failing to prevent market abuse and to maintain regulatory compliance can lead to fines, bans on certain trading activities, personal and corporate reputations damage, loss of employment, mis-accusations, the accrual of investigation costs, costs associated with taking up board time and, at worst, imprisonment.
Unprecedented uncertainty
So, with the new working from home norm, the UK’s Financial Conduct Authority has set out what it expects from banks and the financial markets. The regulator says coronavirus is “causing unprecedented levels of uncertainty in financial markets.” To keep everyone safe, it says it’s working with “the Government, the Bank of England, the Payment Systems Regulator and firms to make sure customers are protected and markets continue to function well.”
This includes providing resources and guidance for the firms it regulates – including those involved in market trading and reporting, its colleagues and for consumers to ensure that a high level of regulatory compliance is maintained. The challenge to prevent market abuse and no compliance to regulations is particularly increased when traders operate from home. With this increased risk of market abuse, there is a need for companies to quickly mitigate it.
The FCA’s position is extremely clear. In its revised update on 12th Jan 2021, entitled ‘Coronavirus (Covid-19) – Information for Firms[1]’, it reaffirms: “Given the extensive duration of these arrangements [new working practices due to pandemic], we now expect you to record all relevant communications (including voice calls) when working outside the office. You should continue to take all steps to prevent market abuse risks. This could include enhanced monitoring or retrospective reviews. We will continue to monitor for market abuse and, if necessary, take action.”
Financial firms recognise the problem. Soft policies put in place to address the arrival of personal mobile device regulations 10 years ago are simply a tick-box. This was primarily because the required technology, which can automate such policies, wasn’t being developed – that is until now. Companies can have the most secure building in the world, but if the doors are unlocked, information is going to get out.
Discouraging breaches
Raili Maripuu adds: “With soft policies as basically the only control over personal devices, it is so easy and even tempting for the traders to breach the policies, as with mobile devices it can be done very quickly. Knowing that this vulnerability is currently unsupervised, the human psychology almost decriminalises this such action.”
Taking to the road for a minute, she compares this to how people behave when they are driving passed inactive speed cameras. You have two potential scenarios. If you know they are inactive you may either slow down or speed up. Most people would probably still slow down, but there will always be some people who like to take the risk of it being operational. Nevertheless, if you’re unsure that the cameras are really inactive, the chances are you will sensibly slow down.
The same risk assessments occur on trading floors, and they will also happen whenever a trader is working from home. It’s therefore vital to communicate with everyone ‘on the trading floor’, even if they are working remotely, that policy is being enforced. This can’t be lip service, enforcement must be seen to take place. “Knowing that your organisation is actually enforcing the policy, you’ll consider twice, before readily using your personal device in regulated area”, she says.
Recording communications
In addition to the FCA’s position that companies should ‘record all relevant communications’, there is an important oversight to quantify – which devices the relevant communications are occurring on. It’s already been established that work devices only make up to 60% of mobile traffic within regulated spaces, and that the actual enforcement of personal mobile device surveillance is simply overlooked. The logic that follows is clear – financial organisations can only demonstrate full compliance with all work and personal mobile devices being monitored.
To address these problems, Mobilewatch entered the market 2 years ago with a specialist indoor positioning technology. Prior to engaging in financial services market, Mobilewatch’s expertise originates in the tech-heavy surveillance industry. In the financial services sector, history demonstrates that where there are gaps in surveillance, people will and do use it. Positioning technology is not new; it’s been used in the government space for some time. It has also been embraced in the retail sector to monitor customers behaviour in-store.
For the first time, her firm has brought the basis of this technology into the financial services sector. She says the company’s technology increases the effectiveness of Personal Mobile Device Surveillance by up to 100% across Wi-Fi, Bluetooth and cellular channels, both in the office and home environments.
Enforcing compliance
The FCA and other regulatory bodies around the world have been following the development of Mobilewatch’s technology closely. It comes as no surprise that the FCA is re-asserting its clear position on regulations within the office and home working environments. Mobilewatch’s technology helps companies address the FCA’s requirement to ‘take all steps to prevent market abuse’.
Raili Maripuu says it’s great to finally be able to have eyes all over all signal-based devices, such as mobile phones, laptops, wearables, etc., in regulated areas. “Our technology sees absolutely everything that’s active and operating on the floor, often even the legacy systems that have been forgotten,” she explains.
She adds that Mobilewatch has the capability to offer real-time reporting of breaches. They can be stopped as they occur. It also offers quick analysis and investigations. Subsequently, costs are significantly reduced compared to the current processes. The technology can also be used to improve employee well-being by, within the regulations, relaxing polices; or, she says, “to minimise financial penalties by catching breaches early (a continued string of breaches generally escalate in seriousness), vastly improved regulatory auditing, true compliance with the regulations.”
Regulatory compliance is now more essential than ever in the financial services sector. The industry has proven, during the Covid-19 pandemic, its ability to move quickly. Mobilewatch is the only firm offering a solution that addresses the monitoring of personal mobile devices in the regulated space. What’s more, it’s high time the banks did more to tackle the problem. The time to act is now because prevention is better than having to deal with the consequences of non-compliance.
[1] https://www.fca.org.uk/firms/information-firms-coronavirus-covid-19-response#operational-resilience
Published: 21 January 2021