Interested in learning what's next for the gaming industry? Join gaming executives to discuss emerging parts of the industry this October at GamesBeat Summit Next. Learn more.
As the pandemic forces scores of previously-office-bound employees to work from home, companies in highly regulated industries, like finance, have struggled to achieve a balance between compliance and personal privacy. A Deloitte report notes that some federal laws mandate financial institutions to oversee the conduct of salespeople, traders, financial advisers, and branch managers as they interact with clients and the broader marketplace. Even a financial adviser who calls a customer using a personal cellphone, or an equity trader who forgets to shred client documents, might be in violation of compliance regulations.
In search of a solution, some banks and other institutions have adopted software that monitors employee communications — ostensibly to spot possible conduct violations. Vendors say that the software can reduce compliance costs by providing actionable workplace analytics. But several privacy advocates argue that the insights come at a steep cost, surveilling employees even when they’re out of the office.
Against this backdrop, one vendor, Shield, today announced that it raised $15 million after bootstrapping itself since its launch in 2018. While Shield declines to reveal its customers, the company says that it recently signed a “tier one” global bank and counts other “global banks” among its client base.
Cost of compliance
Compliance costs are generally high in the financial services industry. By one estimate, banks paid in excess of $42 billion in fees for noncompliance in 2016. In December, JPMorgan Chase alone was fined $200 million by regulators for failing to crack down on staff members who discussed company business on their personal devices via text messages and WhatsApp.
Event
Transform 2022
Join us at the leading event on applied AI for enterprise business and technology decision makers in-person July 19 and virtually from July 20-28.
Attributable to increases in personnel, accounting, consulting and advisory, legal, and data processing spending, nearly one-third (31.4%) of community banks expect to spend 5% or more on compliance than they did in 2020, according to a 2021 Independent Banker survey.
Instant messaging can be particularly tricky — and costly — to audit, owing to the real-time nature of platforms like Facebook Messenger, Slack, and WhatsApp. Only 23% of decision makers at financial organizations said that they had the technology in place to capture, process, and analyze regulated communications, a 2015 web poll found. A more recent survey from Theta Lake shows that nearly two-thirds (63%) of firms are still concerned that chat tools might circumvent existing monitoring and archiving processes.
Shield, which was founded by Tel Aviv, Israel-based entrepreneurs Ofir Shabtai and Shiran Weitzman, claims to help by applying natural language processing to “all employee communication channels,” including instant messaging. Shield connects to document processing, voice, chat, email, and social media apps to capture communications data and normalize, index, and reconcile it for review. Leveraging metadata from third-party systems including customer relationship management software, Shield processes communications through a set of engines to “enrich” them — enabling managers to trace orders back to specific messages.
“Shield … provides [alerts and] detailed insight into why an [alerts were] triggered so financial organizations can detect possible market manipulations across communication channels — including insider trading, spoofing, [and] front-running,” CEO Weitzman told VentureBeat via email. “[Shield] provides compliance teams with an in-depth analysis and understanding of communication triggers, including the scenario, the rule that was compromised and an overall relevancy score. And, because regulations and procedures can vary based on the specific financial organization, [the platform] allows compliance officers to customize what triggers an alert to the specific needs of their company, rather than a one-size fits all approach.”
Potential pitfalls
Privacy
Some regulators believe that software like Shield could be a useful enforcement tool going forward, particularly as financial services workforces become more distributed. (According to a PricewaterhouseCoopers report, 69% of financial services companies now expect to have two-thirds of their employees working from home at least once a week.) In a recent letter, Sen. Elizabeth Warren (D-Mass.) pointed to the Libor and forex rate-fixing scandals as evidence that text message transcripts have proven to be key evidence in cases that have uncovered criminal action by Wall Street.
But privacy questions abound.
In its usage policy, Shield disavows the data that it collects from employees and puts the onus on customers to communicate how they’re using the Shield platform. The company requires customers to publish privacy and data protection policies compliant with applicable laws and explain how they collect — and disclose — personal data to third parties.
In the U.S., the 1986 Electronic Communications Privacy Act (ECPA) prevents employers from monitoring private messages and email accounts that are password-protected and sent from a personal device unless an employee gives consent. But the ECPA allows companies to surveil communications for “legitimate business-related purposes.” Only two states, Connecticut and Delaware, require notification if employees’ email or internet activities are being monitored, while Colorado and Tennessee require businesses to set written email monitoring policies.
Your privacy policy must be sufficient to inform a data subject of the information collected by Shield on your behalf during use of the services, and you warrant and represent that Shield has the right to collect and process personal data on your behalf in order to permit Shield to provide the Services and that such collection and processing shall not violate the rights of data subjects or the privacy laws.
However, while Shield says that it doesn’t permit the third parties with which it does business from using customer data, the company leaves a carve-out for court orders and laws that might require it to disclose that data. Shield also says that it reserves the right to “remove any violating content posted … or transmitted through [its] services” without notifying customers, including content that potentially infringes on copyrights.
Toxicity detection
Shield also claims that its “behavioral analysis” technologies are able to detect instances of “toxic workplace culture” in messages, including sexual harassment and racism. The capability is along the lines of workplace monitoring platforms like Aware and Awareness’ Interguard, which can scan emails and messages for threatening keywords. Wiretap and Qumram similarly monitor forums such as Slack, Yammer, and WhatsApp, using AI to identify “harassment, threats, and intimidation.”
But there’s the potential for bias in the algorithms that Shield uses in its analysis. Studies have shown that text-based sentiment detection systems can exhibit prejudices along race, ethnic, and gender lines — for example, associating Black people with more negative emotions like anger, fear, and sadness. AI models also tend to inconsistently analyze hate speech, with research suggesting that automated moderation platforms struggle with “Black-aligned English,” quotations of hate speech, slurs, and spelling variations of hateful words.
Shield didn’t respond to VentureBeat’s question about about how it mitigated any potential bias in its algorithms.
A growing market
Shield pitches its software as merely a compliance solution. But not for nothing, banks have shown a willingness to use monitoring software for controversial purposes. JPMorgan and Wells Fargo trialed facial recognition software at physical branches to monitor both customers and workers. For its part, Barclays is alleged to have installed software — as well as heat and motion sensors — to find out if traders and bankers were sitting at their desks working.
In a push back against these technologies, Prospect, a UK trade union, recently called for the introduction of measures to protect employees from “intrusive monitoring.” Fifty-nine percent of remote and hybrid workers say that they feel stress or anxiety as a result of their employer monitoring them, according to ExpressVPN, while more than half say they’d quit their job if their manager implemented surveillance measures.
“Technology has undoubtedly kept many of us safe, connected, and working during the pandemic, but there is now a mission creep in its purpose,” Andrew Pakes, Prospect deputy general secretary, told ZDNet in a recent interview. “We need to challenge the rise of creepy tech and ensure that digital technology works for us, not the other way around.”
The concerns haven’t hampered the growth of Shield’s platform, which now monitors 5 million interactions a day across 120,000 employees. The company claims its customer base has grown 200% year-over-year, driving a 600% annual growth in revenue since 2019.
With the new funding — which was contributed by Macquarie Capital and OurCrowd with participation from Mindset Ventures — 60-employee Shield plans to open a New York City office, expand its customer success team, and explore new business verticals including energy trading. “As the work-from-home environment becomes permanent and the amount of communication channels used by employees continues to rise, monitoring and surveillance has become increasingly difficult to achieve,” Weitzman said. “Rather than spending the money and time needed to hire more compliance officers to counteract this rise in market abuse, executives can deploy Shield’s intelligence platform to do the job for them – providing a more cost-effective and efficient regulatory process.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.