Holistic surveillance concerns the monitoring and analysis of structured and unstructured data, with the aim of intercepting the harmful actions specifically of rogue employees, but also clients, cyber criminals or indeed any body that is intent on doing damage.
Certainly for risk managers working in financial services businesses, holistic surveillance is a developing concept that is potentially of great interest.
Managing multiple threats
Organisations face threats from many different directions. Emails and telephone calls are commonly stored and monitored. But, data that could be potentially malicious or hold vital evidence can be found in portfolios, transactions, performance history, applications and claims.
Companies also do not just receive or make communications directly, they could arrive via third-party platforms such as Bloomberg and businesses can also be receiving data from instant messaging, news feeds and their suppliers. Add to this a raft of data from social media including Facebook and LinkedIn – trade and external data needs to be viewed in its entirety.
According to consultant Accenture, which produced a recent report on the topic: “A holistic approach to surveillance and compliance can help mitigate this issue, but can also enable firms to identify positive behaviour along with the kind of business-building insights that generate sustainable profits and growth.”
There is also a push from regulators who require firms to not only make significant investment in their compliance work, but are also handing out large fines to those with weak processes.
Barriers to working holistically
The barriers to holistic surveillance are connected to those that exist for enterprise risk management (ERM). Financial services firms can typically have a number of locations and have commonly experienced consolidation, resulting in different systems and data being analysed through single channels. Unless reform has taken place, employees may work in silos, with different teams covering areas such as:
- Recording and monitoring voice calls
- Social media monitoring
- Monitoring electronic communications
- IT security including protecting against cyber threats
- HR – overseeing employee wellbeing and maintaining staffing records
No single solution
So, ways to harmonise the data from these sectors is a key goal – managers from these diverse parts of the business need to agree on a strategy, with work typically led by the chief data officer and risk managers.
But while a collaborative approach is undoubtedly essential, Accenture states that there is “no single-solution approach that can provide full insight into activity across all areas of the organisation. Instead of relying on one or two solutions, firms should work toward implementing multiple, complementary surveillance capabilities some of which include lexicons, machine learning, semantic technology, network analytics and relationship mapping.”
Use of machine learning
Indeed, surveillance technology can both enrich data by cross-referencing platforms and also helps reduce false positives. The advance of machine learning is a vital element of achieving holistic surveillance, but skilled people will always be leading risk management efforts – those intent on rogue behaviour will always look to circumvent systems.
Bringing data together and securing a top down approach, is likely to be something those focused on ERM will already have implemented or most definitely have on their radars. It is a major project but offers long-term advantage when adopted.
This is next generation risk management work and those who get a handle on it now, will be well placed to take on the growing number of threats from within and the many regulatory requirements on the horizon.