In June of 2018, it was announced that Bank of America Corp.’s Merrill Lynch unit had agreed to pay $15.7 million to settle allegations made by the Securities Exchange Commission (“SEC”) that it failed to properly supervise traders who persuaded clients to overpay for mortgage bonds by misleading them about how much the firm paid for the securities. According to Bloomberg: “Salespeople at the firm illegally profited from improper markups on residential mortgage-backed securities (RMBSs) that were, in some cases, twice as much as what customers should have paid. Merrill agreed to pay a fine of about $5.2 million and to pay disgorgement and interest of more than $10.5 million.”
Lack of procedures=costly mistakes
The size of the fine wasn’t what was remarkable about this case—instead, it was what the SEC said in issuing the fine. According to the SEC’s order, Merrill Lynch failed to have compliance and surveillance procedures in place that were reasonably designed to prevent and detect the misconduct that increased the firm’s profits on RMBS transactions to the detriment of its customers. The SEC order suggests that the compliance professionals within Merrill did not have a structured way to review records and identify violations of rules by traders and salespeople.
Could Merrill Lynch have avoided this compliance failure? As compliance leaders, we’re faced with two choices: either we can invest in significantly greater resourcing to monitor 100 percent of communications or we must come up with a more creative approach. Clearly, no company is going to resource compliance to monitor all communications, so compliance leaders have chosen instead to conduct surveillance based on risk assessment of all business activities. And while risk assessment is a good way to decide where you want to spend your resources, it runs the obvious risk of overlooking bad things that are happening in areas they decide not to spend time and resources on.
The relevance of this case
Merrill Lynch highlights just how easy it can be to get hit with a fine for compliance failure given the discrepancies between regulatory requirements and enterprise compliance teams’ ability to manually monitor all communications. As compliance leaders, we have learned to ‘live with the reality’ that you cannot get 100 percent visibility to 100 percent of the activities 100 percent of the time, but that’s clearly not going to cut it for regulatory bodies like the SEC.
Today, AI-based technologies allow companies to finally bridge this gap and stop sacrificing compliance for cost. Leading organizations are leveraging AI-powered speech analytics to “listen” to 100 percent of their calls, spotting exactly when and where prohibited language or techniques are being used or when required disclosures are not used in a transactional conversation. Machine learning enables these managers to train the software to learn the jargon and lexicon that is unique to their business and alert them when suspicious activity is occurring and, more importantly, has been detected.
AI-powered speech analytics is the breakthrough that compliance leaders have been searching for. It effectively eliminates the need to conduct selective risk assessments and opens the window to comprehensive trader desk oversight across the globe. With this approach, the new reality for compliance leaders can be 100 percent conversation monitoring 100 percent of the time.
Tethr’s AI-power speech analytics can enable you to effectively and proactively manage end-to-end enterprise risk by illuminating blind spots around every corner.