Electronic Communications Surveillance - Using “Big Brother" to paint the “Big Picture”


Rosie Phillips

Analyst II

December 2017
Trade Surveillance

Just when the world thought the banks had learned their lesson from the Financial Crisis in 2007, the Libor scandal came to light, and ever since there has been a continuation of reported bad behaviour. Banks have paid approximately $321 billion in fines since the crash and so with the increased weight of regulation on their shoulders, is there any sign of a financial scandal slow down[i]?

Presently, technology is increasing the automation of trading systems, making it more difficult for surveillance functions to uncover manipulative conduct in an overcrowded sea of data. If such behaviours are to be caught, it is no longer enough to implement surveillance systems onto a trading floor that only look at one snapshot of the “big picture” at a time. The challenge for compliance officers and their surveillance team’s today is to integrate all monitoring systems to generate a holistic view of the firm, looking beyond just the suspicious trading and bringing together trade, written and voice communications data.


Electronic communications (e-comms) surveillance is the monitoring and supervision of all electronically produced communications executed by employees of a firm[ii]. Communications can be in the form of email, instant messenger, text and voice (both landline and mobile). Within Compliance Departments, e-comms surveillance functions are essential to allow firms to monitor, review and investigate illicit trading and/or compliance with any pre-defined company policies and procedures. To date, firms have been left red-faced time and time again in the wake of financial scandals after publications of trader communications, conducted to aid market abusing behaviour, are exposed. The most renowned example of this exposure is the Libor scandal, investigated in 2012 and resulting in many lessons learned for the surveillance world;


The Libor Scandal

Libor is a benchmark interest rate, based on the rates at which banks lend unsecured funds to each other on the London interbank market. Each morning at 11.00am, a panel of global banks submit an estimate of their borrowing costs to the Thomson Reuters data collection service[iii]. The average interest rate is then calculated based on the submissions by the major global banks and this in turn determines the Libor rate for the day. Between 2003 and 2010, traders across 15 different financial institutions worldwide colluded to manipulate the Libor rate and generate selfish profits.


Real-life conversations below reflect the typical level of communication between traders throughout the rigging period and highlight their nonchalant attitude to the laws pertinent to them:


Figure 1[iv]

November 22, 2010:

Senior Yen Trader: Hey ...you think we be able to convince [Primary Submitter] to change the libor today?

Yen Trader 1: I can try

Senior Yen Trader: Need to drop 3mth Libor and hike 6m Libor he dropped 6m by 2 bps last Friday

Yen Trader 1: At the moment the FED are all over us about libors

Senior Yen Trader: That’s for the USD?

Yen Trader 1: Yes

Senior Yen Trader: Don’t think anyone cares about the JPY libor

Yen Trader 1: Not yet, I will walk over to [sic] them


November 24, 2010:

Bloomberg Chat:

Senior Yen Trader: Was wondering if it suits you guys on hiking up 1 bp on the 6mth Libor in JPY ... it will help our position tremendously

Primary Submitter: How you doing with all the volatilities these days? ... To be honest happy with levels we see at the moment.

Senior Yen Trader: Ok no prob ... wouldn’t want to cause any problem ... thanks mate.

Telephone Conversation (Following the above Bloomberg rejection):

…Primary Submitter: We’re just not; we’re not allowed to have those conversations on [instant messages].

Senior Yen Trader: Oh, sorry about that. I didn’t know.

Primary Submitter: (laughter)

Senior Yen Trader: (laughter) Oh because of the, the BBA thing?

Primary Submitter: Yes, exactly.

Senior Yen Trader: Ah, ok ok.

Primary Submitter: So yeah, leave it with me, and uh, it won’t be a problem.

Senior Yen Trader: Ok, Great.

The improper use of electronic communications by traders in everyday life can facilitate collusive trading behaviour and is a threat to financial institutions.  The above example resulted in six banks paying a combined $5.8 billion to both the Justice Department and other regulators, with five individuals jailed for sentences ranging between two to sixteen years[v]. The exposure of the communications between the traders at different financial institutions led to scrutiny from the regulators as to how investment banks monitor and control their communications, and how misconduct should be detected with the surveillance systems in place. Had appropriate e-comms surveillance been put in place, would the Libor events have been prevented and/or the damage done been greatly mitigated?


Contextual Analysis

E-comms systems, at the lowest level allow for an email database to be searched systematically using key components such as names of individuals or the time of a communication. More developed systems can scan all email traffic for matches against an extensive list of policies comprised of keywords, generating alerts for each trigger breached[vi]. Examples of keywords include restricted list securities, customer complaints and inappropriate language.  This lexicon screening approach generates large volumes of alerts for surveillance teams to work through with little to no consideration given to the context of the situation or other linked communications on a different platform that would paint the ‘big picture.’ The Libor rigging emails may not have used language that would flag on such a system, and if they did, would one email alone have been enough to raise any suspicion within Compliance?


Behavioural Analysis

It is not only the context of the message exchange that is important when uncovering malicious trading behaviour. The consideration of relationships within e-comms surveillance is fundamental to an all-encompassing system; Who is the trader speaking to? What is their relationship? Is this a frequent communication line? Do they only communicate on one forum?


Between 2011-2014, JP Morgan Chase banker, Sean Stewart passed inside information about upcoming health care mergers to his father, Robert Stewart. They communicated over both the telephone and email about the abusive trading. Communications were often vague and sometimes even used ‘golf’-related code to mask their intentions. Referring to the higher-than-expected price of a stock they were illegally trading, one message from the father read:


“Saw local story about high cost of golf reservations since a foreign company purchased all. Even more expensive than imagined[vii],”


Again, would one stand-alone email alert between a father and son, raise any suspicion within Compliance? Similarly, Libor communications were vast amongst many financial institutions and had an understanding of their relationships and the frequency of contact been implemented into a surveillance system, dots might have been connected to reveal the web of market abuse going on within the industry.


Trade Analysis

Investigations into potential market abuse are often derived from either a suspicious trading alert or an individual compliance issue requiring e-comms review. Presently, under EU regulation MAR (Market Abuse Regulation), compliance departments are not required to have an automated system to conduct their trade surveillance and may manually conduct this function if deemed appropriate within the business[viii]. Therefore, not all financial institutions will employ a trade alert based system to their surveillance, relying only on an e-comms flag to bring to light any abusive behaviour within the firm.


Figure 2: What data sources does your trade surveillance system monitor?

Figure 2 shows that a recent survey found only 50% of financial institutions monitor both e-comms and trade/order data. This figure increased to 60% amongst Tier 1 respondents[ix]. For compliance teams to get the most from their surveillance systems, a combination of both e-comms and an automated alert based systems is vital. Using trade monitoring alone will only identify areas that potentially require further investigation, and ignore the conclusive evidence as to why trades are done and the intent behind them.   



E-comms surveillance systems and Compliance Departments need to be able to paint the “big picture” with the data made available to them. Come January 2018 with the implementation of the second Markets in Financial Instruments Directive (MiFID II), the scope of surveillance will be extended and all financial institutions will be “obliged to record all communications that are intended to result in a transaction.”[x] Regulators are taking a step in the right direction to ensure all aspects of a transaction can be monitored and reviewed, increasing the likelihood of the exposing illicit trading behaviour. By taking advantage of the large volume of communications data held within a firm, surveillance teams will be able to develop systems that take into consideration not only the trade in question but the behavioural analytics and the context of the communications behind it. Such actions will bring the subsequent investigation process to the next level, encompassing so much more than a lexicon alert. Had such processes been made available to surveillance teams at the time of the Libor scandal and alike, communication patterns might have been picked up sooner and financial losses might not have been so detrimental. “Big Brother” will now play an increasingly essential role for many firms in their attempt to paint this “Big Picture” and help identify any illicit trading within the market.

[i] https://uk.reuters.com/article/us-banks-fines/banks-paid-321-billion-in-fines-since-financial-crisis-bcg-idUKKBN1692Y2


[iii] https://www.theice.com/publicdocs/IBA_LIBOR_FAQ.pdf

[iv] https://www.bloomberg.com/news/articles/2012-09-25/rbs-instant-messages-show-libor-rates-skewed-for-traders

[v] http://www.businessinsider.com/libor-rigging-criminal-charges-and-fines-2015-5?IR=T

[vi] https://www.accenture.com/t00010101T000000Z__w__/gb-en/_acnmedia/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Dualpub_12/Accenture-Communications-Surveillance-Identifying-and-Preventing-Misconduct.pdfla=en-GB#zoom=50

[vii] https://nypost.com/2015/05/14/ex-jp-morgan-banker-dad-busted-for-insider-trading/

[viii] http://www.acacomplianceeurope.com/news/compliance-alert/compliance-monitoring-and-surveillance-under-market-abuse-regulation-what-does#

[ix] http://www.ey.com/Publication/vwLUAssets/ey-trader-surveillance-report/$FILE/EY%20Trader%20Surveillance%20report.pdf

[x] http://westondigital.com/index.php/about-us/news/73-mifid-ii-concerning-communications-recording



Rosie Phillips joined FinTrU in 2016 through our third Financial Services Academy after graduating from Queens University with an BSc hons in Accounting. 


Since joining FinTrU, Rosie has worked as a member of the Trade Surveillance team providing EMEA and APAC coverage for a Global Investment Bank. Within this team Rosie is responsible for Electronic Communications surveillance, analysing trader communications and conducting investigations into potentially abusive trading, escalated by her client. Rosie also specialises in Wealth Management surveillance, compiling monthly dashboards that are presented to the Conduct Risk committee.


During her time at FinTrU, Rosie has completed all 3 modules of her Investment Operations Certificate, specifically studying an Introduction to Securities and Investments, UK Financial Regulation and Derivative Operations. 

Rosie Phillips

Analyst II

  • LinkedIn - Rosie Phillips
  • Facebook - FinTrU
  • Twitter - FinTrU