The Full Scale of the Problem with Employee Communications
2022 has brought a new buzzword to regulated trading floors – unapproved employee communications. This is all thanks to the refreshed post-Covid regulatory focus on the problem of high-risk personal mobile devices that have remained unmonitored for the past decade and have now been ‘upgraded’ from their residual risk status.
Consequently, multiple global financial firms are now being investigated by the US regulator, the Securities and Exchange Commission. One of them, JPMorgan, has also been issued a rather sizeable fine of $200 million. As expected, the same regulatory focus has swept like a shockwave through the global banks with each of them now looking for ways of how to meaningfully address the problem.
Unsurprisingly, the entire industry is buzzing, suggesting solutions that range from policy upgrades, staff training, to using the existing technologies to also cover unapproved communications. Whilst this renewed buzz is commercially fantastic, it also creates a slight chaos and misconception of the problem at hand.
The principal focus seems to be on all private instant messaging platforms, such as WhatsApp, Telegram, Signal etc. However, instant messaging (IM) forms only 10% of the problem with personal devices on trading floors. There is a whole 90% of other ways to communicate information via your personal mobile device that continues to go unmonitored. The most notable examples being all cellular traffic, personal trading apps, and connected devices.
In the main, it could be said that the banks are currently considering between three groups of actions. For the ease of reference, we have given each approach an enforcement efficiency rating that demonstrates an overall visibility of all activities on personal devices to the financial firms.
- Ban all personal devices that are not monitored with existing surveillance technology. This policy-based non-tech approach is definitely the cheapest option, however, without any technology, this ban can only be enforced to the extent of the capabilities of human labour stationed on a trading floor. Enforcement efficiency is 1% plus the risk of losing your start traders.
- Use existing technology on work devices to extend surveillance also over personal devices. Due to the privacy and security rules, this is practically unenforceable as the existing tools are too intrusive for personal mobile devices. This approach allows for indirect measures only, such as analysing the existing communications through work devices and extrapolating the next moves by the potential bad actors. Enforcement efficiency 10%.
- Look for new technologies specifically designed to non-intrusively monitor the behaviour of personal mobile devices. There are two options out there, hardware-based involving indoor positioning technologies, and software-based involving transparent device registration and employee engagement. The former is complex and expensive, the latter is brand-new. Enforcement efficiency is 100% for all registered personal devices.
It is important to understand that the problem of unapproved employee communications lies in a device and is not channel specific. Your entire personal device can create and facilitate market abuse. Our mobiles are like super-computers in our pockets, with a full capability of recording and transmitting MNPI (material non-public information) completely undetected and within seconds. By addressing one channel out of 50 means that the other 49 channels still remain unmonitored and used by bad actors.
A good analogy to describe the scale of the problem with personal devices is establishing what’s the best way to empty a bathtub – using a spoon, a cup, or a bucket? The first two illustrate the policy-led bans and the bucket the use of existing surveillance technologies on work devices. For the full-scale and effective surveillance on personal devices on trading floors, we need to pull the plug.
Further information on a new technology solution with 100% enforcement efficiency is available only at Mobilewatch.