New regulations arrive regularly, and there are a few common themes we see across financial services. Regulations are political creations, implemented in law and thus tend to be light on detail of HOW, but will often be very clear on what the outcome should be. The ‘implementation' detail is often left to the likes of FINRA, ESMA and similar agencies. There's plenty of scope for interpretation of the actual regulations. Yet particularly for reporting obligations, there ultimately can be no scope of interpretation at all, because the market participants often must submit their reports to an API.

During the implementation of MIFIDII, there were updates on the data formats as late as a month prior to go-live. Such churn makes it very difficult for an IT organisation to be effective. Yet there is no reason to think the regulators are likely to get more considerate of the poor ole' IT folks.

The obvious conclusion is that we must get more flexible with the technology we use in order to achieve compliance. Behaviour mining offers significant advantages, as long as we have the appropriate toolkits to select the correct piece of information that we have gathered. But conversely, as touched on in earlier blog posts, behaviour mining in financial services is harder than in most places as a result of the number and diversity of systems we use in order to complete our workflows.

Gathering usage metrics from the desktop offers an opportunity to shortcut our route to compliance by taking a broad look at user behaviour, and applying intelligence to selecting the relevant events for reporting requirements.

There are a few vendor products in the market that allow the level of data gathering required. However, the solutions they offer are quite comprehensive.The real effort is in creating intelligent algorithms that can analyse a large data lake of events, and correlate those events to a point where we can create meaningful reports which meets regulatory requirements.