Getting surveillance right: Protecting banks

Banks have spent considerable amounts on initiatives related to regulatory compliance over the years, but major events continue to affect their reputation and profitability. In most cases, proper surveillance and early notification of improper and/or illegal activities could either have prevented the events from taking place or could have greatly limited their scope and the damage inflicted.

Our view is that current and potential customers are far more likely to work with firms whose focus is on their own day-to-day business rather than those who have breached regulations and damaged their reputations.

In this new Finance & Risk Services paper, we explore how banks can enhance their surveillance capabilities and implement an effective, integrated and proactive surveillance function to help deliver quantitative and qualitative benefits to the company.

Background

At present, surveillance is an activity that is driven primarily by regulation. The data generated by surveillance activities is typically confined within specific business units or trading desks, available only on a "need to know" basis.

Surveillance is often designed to identify specific actions taken by individuals within the organization. The thresholds for flagging such actions tend to be similar for all groups and business areas, based on an analysis of structured data using clearly defined algorithms. This model is a reactive process using tools that look at past patterns to determine if a breach has occurred.

As banks' recent experience indicates, this overall approach leaves significant coverage gaps. For surveillance to realize its full potential, it should become more proactive.

Analysis

Forward-thinking banks are moving toward a surveillance model, which is driven by organizational culture rather than specific regulations. We believe that a planned, systematic approach to investing in surveillance capabilities could generate significant returns, not only in terms of preventing and minimizing adverse events, but in demonstrating banks' commitment to being a stable, dependable business partner.

Recommendations

A big, comprehensive surveillance picture requires that different business units and functions create a pool of data that is regularly monitored and analyzed to identify patterns and anomalies.

We have identified three key elements that, in our view, are essential to a competent, proactive, big picture surveillance function:

1. A commitment from top management expressed clearly as a set of working principles for team leaders and members.
2. Measured and focused investment in the right technology and tools.
3. The right culture, developed and fostered throughout the organization. That means that top management of each business unit and function should understand the benefits of actively shared data.

The basic steps toward an effective, integrated surveillance framework include:

• Creating an accountable risk governance structure for surveillance activities responsible for reviewing highest priority issues and supervising ongoing surveillance improvement.
• Enhancing preventative risk identification methods.
• Defining relevant data collection and data sharing requirements for different teams.
• Integrating data across functions.
• Creating a centralized tracking and reporting center of excellence.