The Blog

Another $4.3Billion in Fines and Banks Are Still Paralysed

There will be another Forex-style scandal within the next three years. It is probably brewing even as you read this. And it will probably all be conducted on the telephone, now that the regulators have worked out IM chatrooms...

There will be another Forex-style scandal within the next three years. It is probably brewing even as you read this. And it will probably all be conducted on the telephone, now that the regulators have worked out IM chatrooms...

Is it because the banks don't want to put their house in order? No. I have spoken to every major US and UK bank, and many across Europe and Asia, and they all committed to doing more than just "box-ticking" regulation.

Why, then, are we being bombarded with a series of major scandals, costing banks, and by extension the wider economy, billions and billions of dollars? Why do banks seem powerless to stop it happening?

Financial scandals are not new - in the last 5 years, the FCA has prosecuted over 20 people for insider dealing, many successfully, and confiscated millions of pounds in profits. The SEC has launched hundreds of investigations into insider trading, so many that just the cases they have started since 2009 fill 13 pages:

The phrase "S&L" will strike terror into the hearts of any American readers who watched their savings disappear in the 80's and 90's when almost 1/3 of Savings and Loans (S&L) associations failed (what in the UK would be called a Building Society)

The simple fact is that if you run an economy on the basis that "greed is good", it is inevitable that people will not play by the rules if it gives them an advantage. Without a wholesale rewriting of the human genome, our natural desire to spear sabre-tooth tigers and beat to death the next door cave dweller with a club is very likely to come to the fore.

Wrongdoing is not always something that people go into willingly. It mischaracterises many situations to suggest that people start trading fraudulently with that intention in mind. In many cases, Nick Leeson being one well-known example, the wrongful trading only starts to cover up earlier mistakes, with the sole intention of getting out of a hole, not for personal gain.

But at senior levels in major financial institutions, executives know, and have known for several years, that they have to put a stop to this type of behaviour. It has always been alleged (usually by the people that get caught), that senior managers usually turn a blind eye to people who engage in questionable activities, so long as they make money. The fact is that now people are going to go to jail: we will see the CEO in the dock before long.

So why the apparent inaction?

I see a form of paralysis has crept in. Urgent statements have come down from board level, demanding that "something be done" - Recently, those edicts have concerned the monitoring of instant messaging, in particular the now infamous chatrooms. But how, in practice, do you actually do that?

It is ironic, perhaps, that the fines that the banks have paid would have paid for (at a very conservative estimate) 40,000 monitoring staff for a whole year. They could have read every email, listened to every phone call, and snooped in every IM ever sent.

But is having a human to monitor every other human really a good idea? Who guards the guards, for goodness sake? And how do you spot patterns of collusion across multiple desks?

Little known is the fact that most banks do have monitoring in place, and have had for years. This comes in a number of forms, but, in the unstructured data world, focuses around email mostly. Why? Because email is easy. It is pretty short, has good metadata, and is in text form. You can search it, and you can perform regular keyword searches to detect known fraud phrases ("Cover up", "Send it on Gmail", "Recorded Line", "Off the books", "Getting whacked"). These processes do rely heavily on random sampling of data, and could use a few more bodies on the ground, but they do work.

Companies such Symantec and CA have successfully sold products that manage this sort of activity for years.

However, particularly in the wake of the Dodd-Frank regulations in the US, which have imposed new rules about information disclosure on certain types of swap trades, including IM and for the first time voice recordings, a whole new industry has grown up. And that industry is trying to terrify its customers into throwing out what they have that is good, and replacing it with new, unproven in many cases, systems.

I sat through the FSA's attempt to get banks to record mobile phone calls in London a few years ago. A whole new industry grew up then, most of it providing string and chewing gum solutions to a complex problem. Only now, 3 years on, is the marketplace settling down, and sensible technology being introduced.

I urge them not to make the same mistakes again.

They do need to get their data out of silos. The telephony guys do need to talk to the messaging guys who need to talk to the email guys, and join up their users' access to data. But there are ways of converting that data to work in the existing systems, and so to take a big step, but not a giant one, to achieve real "holistic" compliance. Once this first step is achieved, then you can start to look at how super smart algorithms can start to explore and even predict rogue behaviour (and we've got some, and anyone who comes over to is welcome to come and chat to us about them).

But make that step 2. Monitoring all of the conversations that all of your staff have and making sense of it is a huge change. And one day, technology may be all of the answer. For the moment, though, buy only the technology that you need, reuse what you've got where you can, and help ease that paralysis.