Upload
vubao
View
217
Download
1
Embed Size (px)
Citation preview
COMPLIANCE ASSURANCE
& Skype for Business Recording Integration
Are you ready
for the increasing
Communication
Compliancedemands?
Greater assurance
required around
communicationsHigher priorities for
compliance
New
communication
methods that need
recording
More regulations
around
communications
Did I capture everything I should
have?
Do outside callers know they
are being recorded?
Can I find the calls I am asked
for quickly?
How do I know the system is
working even though I don’t
have any alarms?
How do I prove the correct
people are in the system and
successfully recording?
How do I export the calls
you are asked for quickly?
Are all calls archived
successfully with the correct
retention?
Are the correct people
recorded?
Trading Regulations
have changed the
recording needs
4
More Modalities More Conversations More People
More Evidence More InvestigationsMore Data
Reconciliation
• Dodd-Frank is fully in force
since August 2013
• Record and archive all electronic communications such as voice, emails, instant messages, communication files and 3rd party messages
• Communications to be captured, tagged, retained, searchable and available to the regulator within 72 hours from the request
• Make sure systems are running- Firms need to have insight into their system to ensure that they are functioning properly
• Transaction Reconstruction: Compliance departments upon request need to be able to find requested data, then be able to find all relevant communications
• Prevent Fraudulent Practices: Now that firms captured voice, email, IM and chat for their traders, they must have some form of monitoring and surveillance in place
Strict Regulations Around Communications Are on the Rise
Dodd-Frank
• MAR is in force since
July 2016
• Record all communications of ‘Direct Market Participants’ (Brokers and Dealers)
• Be able to identify intent related to a event and actions behind the event which requires surveillance that highlights possible fraudulent behavior
• To identify an entity how may facilitate the dissemination of false or misleading information
• Be able to monitor trading based on Material Non-Public Information(MNPI)
• Be able to take handling instructions communicated from clients and in case of best executions investigations compare the instruction to the activities of the trades
• Benchmark Submitters- Those firms that have a submitter to establish a rate now fall under increased supervision. Monitoring their communications with other submitters, within the same bank, or others, is now under major focus to ensure and prevent possible collusion
MAR
• MiFID II will come into force in
January 2018
• Monitor all Voice Communications - internal & external, inbound & outbound, pre- & post trade, front- & back-office, mobile phones
• All conversation must be retained for at least 5 years
• Notification of recording: parties outside the frim must be notified all communication will be recorded
• Monitor all Electronic Communications -Emails, Chats (e.g. Bloomberg, Thomson Reuters, Yahoo), etc.
• Monitor Market abuse: firms must provide evidence they can detect behavior around market abuse
MiFID II
• Code of conduct was updated
May 2016
• Compromising Confidential Information-Firm need to demonstrate how they protect Confidential Information and promote effective communication that supports a robust, fair, open, liquid and appropriately transparent FX Market.
• Complete and Accurate Data- This is fundamental to support effective surveillance. Automated algorithms should be documented and are subject to design and effectiveness reviews. Each communication alert should be dispositioned to the extent that it can be independently reviewed and audited
• Measure and Monitor- firms are expected to promote and maintain a robust control and compliance environment to effectively identify, measure, monitor, manage, and report on the risks associated with their engagement in the FX Market.
FX Codes of
conduct
Recent News
6
Source: https://blogs.thomsonreuters.com/financial-risk/risk-management-compliance/mifid-iis-trickle-down-effect-may-catch-non-eu-firms-unprepared/
MiFID II transparency obligations will
require firms to capture and record a
wide range of data at certain points in a
transaction. This could impact non-EU
firms.
Collaboration technology
will create new questions
Do I know all of the information that was shared?
How do I know who is talking to who?
How do I reconstruct the scenario that consists of voice, video, and mobile?
How will I capture the new ways employees are
communicating?
NICE offers ONE solution to capture ALL communications
8
Turrets
PBX
NICE Trading
Recording
UC
Mobile
Phones
Easily Expand Existing Recording Infrastructure with UC
9
NTR
Core Server
NTR
Core Server
Fusion
Fusion Server
SatelliteSatellite Satellite SatelliteSatellite
Central User
Management
Turrets PBX Mobile Phones Skype for
Business
Voice
UC
Central Search
& Download
Central System
Management
Central
Monitoring
Sentinel
Add Skype for Business Add other Communication Types
Capturing Skype for Business Voice - Overview
10
1. The Front End Server sets the Recording Target
(extension to be recorded)
2. The NICE Proxy is introduced between the
Front End Server and the NICE Recording
3. The NICE Recording Satellite is selected for the recording
4. The IP address of the Recording Satellite send to the
Front End Servers as the Recorder Audio Destination
5. The Audio is forked from the Proxy to the Satellite
Grow existing Recording Infrastructure as you add Communication Types
11
VideoVoice is supported today
Video added H1 2018
Instant MessageAdded H2 2018
VoiceFully Supported today
Ethical Walls
Added H2 2018
Screen SharingAdded H2 2018
Whiteboard, QA, PollAdded H1 2018
File transfer
Added H2 2018NICE Recording
• Multiple devices (turret, desk, mobile)
• Pre- and post trade conversations
• Back- and middle office
• On-site or remote working
• All required people and content is captured
• All regulated users are in the systems
• Reconcile regulated users are actually being captured
• Systems are fully operational
• Central retrieval from multiple locations
• Fast search for any type of communication
• Bulk download for conversations under investigation
12
More than Just Trading Floor Recording is Required
Capture all communications
Prove all communications are captured and stored
Retrieve all communications quickly
NICE COMPASS: Complete Compliance Assurance
13
Capture Prove
Retrieve
com·passˈkəmpəs/
noun
An instrument that shows where
you are and the direction ahead
• Drives efficiency & automation
• Proves compliance policies
• Introduces controls for assurance
• Improves investigation processes
• Built to grow with your business
Capture all communications
• Use existing NTR environments deployed today
• Record any communications system used in front- and back-office
• Expand with Skype for Business recording if required
• Add recording of Mobile devices to the same recording system
• 9 out of 10 global banks use NTR today
COMPASS – Capture
14
Front & Back-officeIncluding Mobile Phones
Omni-ChannelReady for new technology
PlatformSupporting latest technology
2N
Provide evidence that you are compliant
• New compliance auditing documents all steps within the recording process
• New dashboards visualize real-time actions, trends and exceptions
• New compliance reporting outputs statistics, information and reconciliation of the process
• New assurance tests automatically check the end to end process
COMPASS – Prove
15
AssuranceProve you are compliant
SecureAlways protected
RetentionRobust retention and legal hold
TLS v1.2
Retrieve all communications easy and fast
• Central replay all of content
• Centrally manage your compliance controls
• Manage all your users and access
• Review your automated morning check
• Access and review all your compliance reports
COMPASS – Retrieve
16
Central SearchOne Portal for all retrievals
Fast SearchAdvanced search capabilities
Bulk DownloadQuick download for investigations
for Complete Compliance Assurance
17
Automation
Retrieve Calls
Centralized Portal
Reports Dashboard
NICE Trading Recording (NTR)
Turrets PBX Mobile devicesUnified Communications
Media Extraction System Assurance
Retention Management Recording Check & System HealthBulk Download
Centralized Portal
18
Challenges
• How to ensure all systems are correctly configured
• How to quickly access all content
• How to prove the correct systems are in place
• How to know everything is working correctly
Solution
NICE COMPASS enables central system and user
management allowing customers to manage there
recorders and user population globally from one
portal:
• Central Recording & User Management
• Central Search & Replay
• Central Retention Management
• User detail exporting and re-certification
• Central Downloads
• Central Reporting…and more
Centralized
Downloads
Centralized
Reporting
Centralized User Admin for Entire
Regional Recording EstateSimplified Management
Recording Check & System Health
19
Challenges
• How to ensure the recording system is operating
correctly and ready to record
• Complex interop between the communications
platform, network, recorder and archive
infrastructure
• How to replace the manually recording checks
performed today
Solution
NICE COMPASS offers
• Test clients strategically placed in the
infrastructure which can make test calls to each
other
• Check successful recording and archiving after
test call is finished
• Trigger alarms in case of arising problems
• Show status of automated test runs
• Display widgets to easily understand status
Traffic Light Indicator
Click for Test Detail AnalysisLast Tests Summary
Endpoint Result Summary
Media Extraction / Bulk Download
20
Challenge
How to quickly & easily export relevant conversations for a
compliance investigation, eDiscovery & Communication
Surveillance
Solution
The NICE COMPASS Bulk Download provides a secure,
auditable solution with
• Extraction of voice calls can be performed with a simple
job creation directly from the COMPASS portal
• 1.7 Million calls can be downloaded per day on a single
extraction server
• Queries are batched and queued to ensure there is no
impact on operational systems (1% CPU load)
• Technology neutral .xml and .wav output enable easy
interoperability
• Selectable time range and users
• Downloads in the background to allow continued
working
Historic Downloads
Audit
Current Downloads
Progress
Select Users and/or Groups, create Start
and End Date and trigger operation
Reporting & Auditability
21
Challenges
• Prove that all of regulated users are being
recorded
• Prove that the records correctly retained
• Get visibility to system operations that happen
“behind the scenes”
• Check who has accessed critical compliance
data and for what purpose
Solution
NICE COMPASS has a centralized capture of
interactions and events allowing to understand the
compliance recording status
• Every activity captured for auditing
• Simplified automated delivery options
• Central dashboards that highlights trend and
exceptions
• Open API and Excel /CSV output to support other
BI needs
Default templates
available
Build reporting
schedules
Customizable reports via API
Automation
22
Challenge
Use an efficient process to reduce manual errors and
prove the correct people are being recorded
Solution
The API of NICE COMPASS enables
• Correct configurations by programmatically
managing who should be recorded, their retention
and permissions from 3rd party data source
• Introduce a “Golden Source” for the user data
• Centralized provisioning solution
• Auditing of API actions
• Reconciliation of recorded users against source
data
REST API
COMPASS API calls
all require basic HTTP
authorization and
return JSON dataset Secure API link based
on HTTPS certificate
All Actions Added to
Centralized Audit Reporting
READ & WRITE Functions for
Updates and Validation
Open System
23
Challenges
• How to get recording system data in an indexing
system for additional investigations and analysis
• How to ensure the recording data is open for all
future application and regulation requirements
• How to square openness with security
Solution
The Index API of NICE COMPASS enables
• secure access to the interaction metadata
• archive pointers for direct access to media content
• real-time updates for immediate investigation and
analysis
• TLS/SSL and authenticated user access to ensure
openness is controlled and audited
COMPASS Portal
Extraction Server
Recording Check Elastic Index
3rd Party SystemCOMPASS
API
System X
NICE COMPASS
Retrieve
information
Store
information
REST API Calls Require Basic HTTP
Authorization and Return Dataset e.g. GET
/ic*/_count?q=int_core_hostname:NTR_London
Count calls for NTR Core Host NTR_London
Secure API link
based on HTTPS
Certificate
READ functions for access to all
interaction data and content locations
Are all calls archived successfully with the correct retention periods?
How do I export the calls we are asked for quickly?
Can I prove the correct people are in the system and successfully recording?
Can I prove “outside parties” are aware conversations are recorded?
How do I know the recording system is working even though I haven’t received any alarms?
Is the recording quality adequate?
Did I capture everything I
should have?
Can I capture new modalities
from Skype and Cisco?
Can I find the calls I am asked for
quickly?
COMPASS can help you say ‘YES’ to these key questions
24
Are the correct people recorded?
Capture Prove
Retrieve
Thank you, please also join:
For more information visit: www.HolisticSurveillance.com
28 September
Reduce Risk with Automated Communications Surveillance
Improve your compliance process
The challenges of trading compliance have become increasingly complicated by new regulation and new methods of
communication. By proactively monitoring ALL communications, you can prove your ability to be in compliance and reduce
costs of manual processes and recourses to meet all regulatory requirements. Automated Communication Surveillance
provides the ability to reconstruct trade communications as they happen and link them to transactions and enable a search
through every type of related interaction including voice, instant messaging, text and email.
www.HolisticSurveillance.com / webinars
Singapore 3pm / Tokyo 4pm