From Regulatory Fines to Corporate Devices: Adapting to the Evolving Surveillance Landscape in Asia Pacific

One of the key takeaways from our discussion was the significant impact that regulatory fines issued by the US regulators in particular and the FCA to an extent, have had on the Asia Pacific region. When regulators focus on a specific issue and back it up with substantial financial penalties, the entire market takes notice and implements changes, even in banks that are not directly targeted of in jurisdictions where the activity is not a focus. This consistent messaging from the panellists highlights the effectiveness of regulatory action in driving industry-wide change in surveillance practices.

Interestingly, the influence of the 'big' market regulators who have issued these fines appears to have extended beyond the market itself, also shaping the regulatory landscape in Asia Pacific. Our panellists observed that APAC regulators have begun to place a greater emphasis on the capture and record-keeping of unrecorded communication channels, following the lead of their counterparts in other regions. This shift underscores the global nature of the challenge and the importance of a coordinated regulatory response.

During the session, our discussion also delved into the wide range of controls that banks can employ to effect behaviour change and embed a culture of compliance. From implementing robust policies and procedures to leveraging advanced technology solutions, the discussion highlighted the multifaceted approach required to address this issue effectively. There was much discussion about needing the ‘carrot’ as much as the ‘stick’ for real change to take place.

The panellists emphasized the importance of training and awareness programs, as well as the need for clear accountability and oversight at all levels of the organization. Additionally, they discussed the role of frequent attestations - some deploying monthly, others quarterly - as highlighted by US regulators, in promoting compliance. However, banks are also leveraging a wide range of strategies beyond attestations, including monitoring for off-channel usage, implementing technology blockers and policy bans on apps, delivering 'tone from the top' messaging on the topic, providing frequent reminders to employees as well as appropriate consequences for those who break the rules.

Notably, the industry appears to be firmly moving away from the Bring Your Own Device (BYOD) approach and back to the mandatory use of corporate devices for all business purposes. Although, it is by no means a full migration, and some organizations have exception policies in place for BYOD rather than a hard rule. This shift is driven by the challenges many banks have faced in implementing effective monitoring technologies for BYOD, leading them to ban their use altogether. This trend reverses the migration that was initiated circa 8 years ago, when many organisations moved away from corporate-issued devices (such as Blackberry) to BYOD for cost and efficiency reasons, as well as employee preference for carrying a single device.

As the discussion unfolded, it became evident that striking the right balance between ensuring comprehensive capture and record-keeping while maintaining operational efficiency is no easy feat. Banks must carefully consider their specific risk profile, regulatory obligations, and the evolving nature of communication channels when developing their surveillance strategies. By adopting a risk-based approach and continually refining their controls, banks can work towards achieving a sustainable and effective surveillance framework.

In conclusion, the panel discussion on "Striking the Right Balance: Ensuring Capture and Diligent Record-Keeping of Unrecorded Comms Channels" at the 1LoD AsiaPac Surveillance conference provided valuable insights into the challenges and opportunities banks face in addressing this critical issue in the Asia Pacific region.

As the regulatory landscape continues to evolve and new communication channels emerge, it is imperative that banks remain vigilant and proactive in adapting their surveillance practices to meet the demands of an ever-changing environment.

If you are grappling with this, or related surveillance issues, feel free to reach out to me for an informal discussion about how I may assist.