Understanding Conduct Surveillance: A Discussion With Smarsh Product Leader Brandon Carl
We recently sat down with Brandon Carl, Executive Vice President of Product Strategy at Smarsh for a discussion about our end-to-end solution for proactively managing communications risk. Brandon describes practical applications for AI-enabled surveillance technology — including the emergence of “communications intelligence” as a critical business tool — and its potential impact on both regulated and non-regulated organizations. We also touch on how Smarsh can help companies navigate consumer and employee privacy protections in a time of unprecedented digital activity and cyber risk.
Can you explain the Smarsh Conduct Surveillance solution and the problems it is designed to address?
Conduct Surveillance uses machine learning to identify evidence of misconduct in regulated communications and surface them for review. It is designed to monitor multiple forms of conduct discretely. Two of the most important models address market misconduct and customer treatment. It was the first solution to market — and remains the leading solution for large, regulated financial organizations — that applies machine learning to electronic and voice communications. The machine learning allows for processing those communications at a speed and scale that people alone can't. Conduct Surveillance emulates the expert, reviewing those communications and then finding evidence or potential conduct violations that occur.
How would you define market misconduct and customer treatment?
Market misconduct focuses on protecting the market. It is an umbrella term that includes deliberate attempts to interfere with the operations of the market, to profit from non-public information, or to engage in inappropriate market-related behaviors. Customer treatment focuses on protecting the customer. It might include high-pressure sales or deception, or any situation where customers are mistreated.
In addition to covering the basic or mandated areas for market misconduct, our solution is built to intelligently surface behaviors or intentions that are consistent with bad actors. Examples of this could be avoidance, i.e., “Let's not speak here. This is a monitored channel,” or a change of venue signal, “Hit me up on my cell, let’s talk offline.” The entire system is built to proactively spot those situations.
Is it just for regulated companies?
No, but somewhat counterintuitively regulated companies are the pioneers in the space. Regulated organizations have an existing set of risks. Some are related to regulatory requirements and others are related to security, operations, legal issues, brand image, etc. Workplace violence is an example of an unregulated risk that applies to companies in all industries. Businesses of all kinds are trying to proactively detect and mitigate these risks. How and where do you find evidence of misconduct? What is the most effective way to find high-quality signals without picking up irrelevant noise? By feeding communications data through the machine, with examples of what to look for and what’s not relevant, it will continuously learn to zero in on actual red flags. This is an applicable use case for any company that is trying to manage risk.
How do you contend with data privacy and employee protections?
Privacy is paramount. It should first be said that we’ve set up protocols for advanced access, so only approved people can view the data. These distinctions must be determined at the outset.
As it relates to our philosophy, we believe that as a developer of technology, part of the process must be defining the appropriate use of that technology. Knowing how and where to wield it should be done thoughtfully. Whenever possible, we partner with our clients’ ethics committees, and we ourselves are working to develop guiding principles that we can share and help companies implement to prioritize individual privacy.
Let's take an example: analyzing an employee’s happiness. Yes, you may determine that someone is a culturally negative person. However, my personal view is that the invasion of privacy to the individual is greater than the potential corporate good. However, if you were detecting imminent workplace violence threats, the corporate good is meaningful, and you could take steps to remediate those issues.
I presume this applies as well to consumer protection obligations?
Exactly. Practically speaking, you must make sure that you have appropriate data disposition mechanisms, and that varies by jurisdiction. When we incorporate sensitive data into our models, we make it a practice to remove all sensitive information: Personally Identifiable Information (PII), Protected Health Information (PHI), National Provider Identifiers (NPI), etc.
How do you define Communications Intelligence?
Communications intelligence is the set of technologies and tools that exist to enable companies to take their communications data — which is a strategic asset — and to transform that into critical insights and opportunities, and risk detection. Companies across every industry are generating growing volumes and types of communications data. And within that communications data are operational errors, risks, insights, etc. that can help companies revise their strategies and better serve their customers.
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.