Personal Devices: Live Feed from Trading Floors
Less than a week ago, Facebook and Ray-Ban released their first-generation smart glasses that “give you an authentic way to capture photos and video, share your adventures, and listen to music or take phone calls”. All this starting from $299 per pair. A truly exciting and futuristic gadget in the ever-growing world of Internet-of-Things (IoT) devices.
The plethora of smart IoT devices is increasing rapidly, and whilst the technology behind those powerful smart devices is amazing, let’s first circle back to the heart of the risk to understand what a smart device means. Without paraphrasing widely available definitions, all IoT devices have two key elements that make them smart: (1) they connect to a network such as WiFi, Bluetooth or 5G, and (2) they are interactive. The presence of these components in effect means that each smart device has a microphone and a camera and is almost always online, the combination of which makes them an inherent cyber security risk.
Cybercrime is a continually evolving and growing problem, doubling in the last five years costing the UK £87Bn since 2015. Use of mobile and IoT devices are a security weakness, as 54.8% of global web traffic is mobile-related. This has been further exacerbated by the shift to hybrid working. Financial Services as a high-risk sector, is particularly vulnerable with incidents increasing by 54% in early 2020 compared to the same period in the previous year.
In other words, unless you (as a person or as an organisation) proactively do something about protecting material non-public information, consumers or other valuable information, smart devices are a gateway to the rest of the world or to whoever has an intention and ability to get their hands to that information.
At the same time on trading floors…
Whilst the regulators along with risk and control professionals continue to go through the traders’ emails, chatrooms, voice recordings and trade records with a fine-tooth comb, following elaborate compliance and surveillance measures, personal devices are seeping back to the trading floors more than ever before. Hybrid working is further exacerbating the problem as personal devices in restricted areas are growing in numbers like the multi-headed Hydra in Greek mythology.
We only need to take a brief look at the numbers of mobile device usage in restricted trading floors, which has grown at least 500% since the start of the pandemic, and the duration of an average mobile call is now at least 3 minutes instead of pre-pandemic 48 seconds. These figures only reflect the usage of work devices, there’s virtually no statistics on personal devices.
This is because regardless of the multiple market abuse cases where burner phones were used, regardless of the existing regulation, regardless of smart devices acting as convenient gateway to blatant cyber security breaches, personal device surveillance on trading floors remains a paper-based compliance exercise. This in turn means that traders (those who intend to commit a breach) no longer need to spend money on burner phones, they can just use their personal devices, as these are not monitored. Not meaningfully or effectively anyway.
Where to from here? An expert panel at 1LoD’s 1st Line Risk & Control Deep Dive event on Conduct Surveillance, also attended by our CEO Raili Maripuu, publicly acknowledged that “personal devices are becoming such a significant risk on trading floors that no longer can be ignored” and “the banks should do more”. Five months later, we still see no major and meaningful shift in the behaviour of the financial firms who continue to quote other priorities and lack of a business case to address the problem.
The real question is, do we really need to wait for the currently “Hydra-sized” problem to take the size of the pandemic, so that the financial firms can yet again prove that they are capable of bring about a radical change and evolve almost overnight? Or how about getting some visibility first as to what the real status of all personal devices on the trading floor is, establish their normal behaviour, so that we become aware what abnormal behaviour looks like. The technology is there, all we need to do is start using it before it is too late.