News & views

Market Abuse and Conduct Surveillance: Are you drowning in a sea of alerts?

A multi-faceted approach to transformation is needed in Financial institutions to combat market abuse.

Financial institutions, in keeping with the expectations of risk functions and regulators, are working to strengthen their control environments by extending surveillance coverage of risks, populations, business lines and regions. But in doing so via rollouts of existing technical solutions, surveillance departments risk the existing waves of false positive alerts developing into an overwhelming swell that chokes off existing successes. As the sea of alerts rises, it must be matched with significant additional investment in headcount to cope – a business model that is simply unsustainable in the long run. In fact many new products on the market still take a channel centric approach, so even system replacement projects that are commissioned to tackle this problem will fail to deliver the required benefit.

So what exactly is the problem?

Well, technology and detection algorithms are typically deployed in silos, on single data sources and with thresholds set conservatively and requiring tuning. They lack the broader context that enable better decisions to be made, whether that be from internal or external data sources that can support integrated analytics or the deployment of more sophisticated behavioural models. These technologies also focus on detection but leave the surveillance officer ill-equipped to perform analysis or support investigatory work.

The output of these systems are ‘alerts’. These identify non-compliance against their coded rulesets. And HUGE volumes of them! Most of which do not lead to identifying a route cause issue by the way. In fact the use of the term alerts is a problem in itself. To me, an alert highlights a problem – I think of red flashing lights and an alarm sounding! However this is simply not the case for the alerts generated from surveillance detection systems. Because they are deemed alerts, they are expected to be processed causing the demand for large number of analysts to process them. They are also then subsequently used in MI and KPI measures and conversations with stakeholders and become a de-facto of good or bad performance. But which is better - a higher number of alerts or lower? There are simply a means to an end but not the end itself.

Alerts can therefore be many and varied requiring significant numbers of staff to clear. If policies are too few and thresholds are too tight much of the risk will go undiscovered, conversely on the flip side it may be very difficult to see the wood for the trees as more alerts are generated than can be handled effectively. Large numbers of analysts to process ‘low value’ alerts is an expensive way to do business and drives a false sense of security for control owners and risk stewards – something I’ll save until a future article describing the “Risk Iceberg”. But worth mentioning too that detection systems focussing on single sources of data is itself a flawed approach, adding to the issue of undiscovered risk. A further problem is the lack of attributed value. Without this, there is no mechanism other than chronology for sequencing the processing of these alerts.

So today’s problems are many and varied. A multi-faceted approach to transformation is needed that moves away from must-review detection alerts and toward indicators. These indicators identify signals amongst lots of noise and by joining together data sets, taking a more integrated approach and taking advantage of behavioural models and AI, we can increase the strength of indicated signals (and attribute a value to this) to both differentiate signals from noise and help prioritise amongst identified signals. This will provide a more sustainable model for scaling coverage and feeding the analysis, investigations and reporting elements of the surveillance lifecycle.

And if you still have doubts, consider this… Your existing alerts may not even be uncovering the full risk picture anyway. If your existing detection is not 100% effective then failing to find other ways to explore and analyse your data in conjunction with existing alerting mechanisms, will allow some inappropriate activities to continue undetected. We’ll explore this in our next articles…

We've created a hub of information on our intelligence-led approach to risk management and threat mitigation that responds to the exponential growth our clients are seeing in data volumes and regulatory expectations.  To talk to us please use the contact us form.


Matt Pockson



DMW's family day & National STEM/STEAM day 2019

On the 8th November every year, we celebrate National STEM day. But what is it, why is it important and how does it relate to a large ...

Read more

Microsoft Ignite 2019: Satya Nadella's keynote speech

DMW are at Microsoft Ignite this week, one of the world’s leading cloud conferences.

Rob Merrett attended Microsoft CEO Satya Nadella’s ...

Read more

How to manage multiple financial regulations with sustainable technology

With increasing financial regulatory demands ramping up technology & process requirements, there is a growing need for both financial ...

Read more

Raising mental health awareness in the workplace

We asked one of our Mental Health First Aiders, John Kendrick, to write about the importance of good mental health as part of World ...

Read more

SFTR reporting – identifying key challenges and how to solve them

The first deadline for the implementation of the Securities Financing Transaction Regulation (SFTR) is April 2020. In this article we ...

Read more

RegTech and Legacy - the path to better adoption

There are many benefits of using RegTech for the financial services industry, but there are also barriers that need to be overcome in ...

Read more

Surveillance: Readying for the Seismic Shift

To date the overriding priority of surveillance in Financial Institutions has been one of coverage, but a seismic shift is upon us.

Read more

Stop trying to tame the data beast and learn to herd data critters

“The world’s most valuable resource is no longer oil, but data.” – The Economist, 2017  

Read more

Why celebrating Pride is more than just a banner at DMW

June is international Pride month, where we celebrate LGBT (Lesbian, Gay, Bisexual and Transgender) identities and highlight the work ...

Read more

Disrupt the digital challengers with transformation mindset

Transformation can no longer be seen as a one-off project, and for organisations to survive, it is becoming the new norm.

Read more

DMW on G-Cloud Framework

DMW delivers complex cloud migrations to public and private sector clients, supplying public sector organisations via the G-Cloud 11 ...

Read more

DMW welcomes... Naya Giannakopoulou

Happy International Women's Day! Over the course of recent months we have been delighted to welcome more brilliant women into the DMW ...

Read more

Helping our customers harness the power of cloud

We’re delighted to boost our cloud computing credentials with the announcement that we are now a Standard Consulting Partner in the AWS ...

Read more

DMW welcomes... Hani Qadiri

As DMW continues to grow at a blistering pace, we are welcoming more DMWers through the door than ever. Here is the first in a series of ...

Read more

The Cloud Brick Wall, Part 3 of 3

In the first two blog articles of our series from Konrad Petrusewicz, we started by covering the fundamental challenge of building a ...

Read more

CTO hot take from AWS re:Invent 2018

As the DMW Group team jet back from AWS re:invent, Amazon Web Services major cloud technology event in the states, we offer their ...

Read more

The Cloud Brick Wall, Part 2 of 3

An essential component of any Cloud migration is the actual code base that needs to be run and understanding how it operates within the ...

Read more

AWS re:Invent 2018 Keynote Hot Take

DMW are at AWS re:Invent 2018, the leading cloud technology event from Amazon Web Services in Las Vegas this week. Here’s our take on ...

Read more

The Cloud Brick Wall, Part 1 of 3

The Cloud Brick Wall is approaching. In this 3-part series of blog articles Konrad Petrusewicz maps out how to break through the brick ...

Read more