Insider Trading Prevention – 4 AI Use Cases in Banking

In June 2014, a bombshell study from researchers at New York and McGill Universities found that a quarter of all mergers and acquisitions of public companies between 1996 and 2012 involved some measurable degree of insider trading.

Today, regulators are cracking down on insider trading with full force, largely thanks to emerging AI capabilities. Last month, the SEC charged nine individuals involved in three separate insider schemes that were tracked by the commission’s AI-empowered Market Abuse Unit’s Analysis and Detection Center.

The commission themselves have been vocal about their use and enthusiasm for the many regulatory applications of artificial intelligence for years. 

Given the proliferation of AI use cases in compliance and fraud detection throughout finance and traditional banking, Banks have every reason to leverage AI to minimize all manner of insider risk, if only to keep up with regulators.

Most observable illegal behaviors indicative of insider trading consist of text and audio data from conversations between brokers and clients. Thus, communications surveillance and data collection, in particular, represent the front line of insider trading detection in the financial industry. 

In our research, Emerj was able to point to four prominent vendor-based examples of products – one legacy brand, and three startups – being offered to financial institutions to assist in insider trading compliance:

• Microsoft 365 Insider Risk Management 
• Relativity Trace
• StarCompliance
• Shield FC

Each, in varying degrees, leverages the following applications of AI technologies in their products:

• Natural language processing (NLP) to analyze multi-channel conversational data surrounding major transactions.
• Machine learning to train natural language models to detect suspicious behavior.
• Data analytics to trace behavior around patterns in proximity to major business and trading events like mergers and acquisitions.

In the following use cases, we intend to show:

• How each exemplifies the application of the relevant AI technologies in banking.
• What these applications mean as trends for the future of insider trading detection. 

Often, these capabilities overlap with use cases in more generalized insider threat management, as well as various forms of fraud detection or compliance. In our summaries, we will articulate where certain AI applications – whether publicly promoted or discussed in other capacities – are being used explicitly for insider trading detection in the use case in question. 

We will begin by taking a closer look at Accenture and Microsoft’s partnership in communications surveillance. 

Vendor Example: Microsoft 365 Insider Risk Management

As early as 2017, Accenture began partnering with educational institutions like Stevens University to develop apps for detecting insider trading. From the beginning, these projects leveraged machine learning and NLP, back when these capabilities were far less renowned. 

Today, Accenture offers a suite of insider risk management products in partnership with Microsoft that leverage many of the same AI capabilities to the same ends. 

Specifically, Accenture offers their customers “Communications Compliance” features that they explicitly claim help companies:

• Detect
• Investigate
• Take action

On internal risks that include:

• Confidentiality violations
• Data theft by departing users
• Insider trading
• Fraud
• Sensitive data leaks

Through their partnership with Microsoft, the companies offer communications surveillance of Microsoft’s professional email (Exchange) and messaging applications (Teams). 

The four-minute video below, produced by Microsoft, walks users through the functionality of their Insider Risk Management dashboard:

A Microsoft-sponsored article in the Washington Post on their insider risk management capabilities does better to verify how these communications detection platforms work in practice. 

The hypothetical scenario described deals in an insider threat not altogether different from the communications detection involved in insider stock market trading. In it, a disgruntled employee looking for a career change sends sensitive internal documents to her personal email account, hoping to take them to her next job with a competitor. 

Once she figures out the safest way is to send the documents slowly over multiple transfers, she forwards her resignation letter to HR. The article claims Microsoft’s Office 365 Insider Risk Management solution would have immediately flagged the resignation letter, looking for patterns in “180 days” worth of historical activity. 

The article postulates that then the “security manager would have then been able to collaborate through workflows with HR and Mary’s manager to determine next steps—stopping the confidential data from ever making it to the competitor.”

One can see how the same functionality might work in an insider trading context, in the same two-step process:

1. First, data analysis tracks suspicious market activity and investments coming from bank traders. 
2. Using communications data along with NLP and machine learning to synthesize that data, Microsoft’s Office 365 Insider Risk Management solution could stop the trade from ever taking place.

Obviously, success stories for these products tend not to be well publicized. No marketing department is keen to let banking leaders go on record saying they have an insider trading issue to begin with, let alone that anyone with as big a loudspeaker as Microsoft provided an exceptional solution for the problem.

However, the well-documented success of these tools in the hands of the public sector should give us an idea of how well they might operate in hands less tied down by bureaucratic red tape and outdated internal rules.  

Vendor Example: Relativity Trace

Relativity is an emerging B2b data compliance firm whose Saas cloud product, RelativityOne helps the following organizations meet data challenges:

• Corporations
• Law firms
• Government agencies

These challenges include:

• Document Search
• Compliance
• Insider Risk

Their clients include more than 70 companies on the Forbes 400 and the U.S. Department of Justice. 

As a vendor, Relativity markets its products on the basis that communications surveillance is an overwhelming task for large and particularly legacy firms, like banks and financial institutions. In particular, their blogs on communications surveillance point to recent statistics that magnify the problem. 

For example:

• Estimates that 1.4 million video/voice calls and 333 million emails are sent in a single day as of 2022. 
• Slack users sent over 200 messages every day during the pandemic. 
• Global spending for financial services on financial crime compliance reached $219 billion last year. 

Invariably, the company employs two primary catch-all, non-technical terms in their positioning language to describe the AI-enhanced capabilities of their products in these sectors: “e-discovery” and “eComms surveillance”. Their marketing fact sheets define these terms generally in line with Relativity’s business goals in leveraging AI technologies to more efficiently “collect, search, analyze, and produce electronic evidence.”

Both the company’s marketing documents and independent reviews of the Relativity Trace communications compliance software within RelativeOne confirm the platform screens all digital channels of company communications – email, audio, and chat – in “near real-time” to flag potential high-risk content for review. 

An approximately two-minute promotional video from the vendor featured below shows the workflows and general dashboard layout for monitoring internal risk via Relativity Trace:

Supported by more technical explanations of the software in Relativity marketing, here is how AI enables Trace to detect insider trading within a financial organization:

• Audio and written content from the company’s internal media channels is analyzed using natural language models trained to detect suspicious behavior associated with internal risk. 
• Those communications are presented to internal auditors through the Relativity Trace dashboard.
• Then, the compliance actions are judged by the auditors and the clients’ internal assessment systems.

Despite the sensitivities associated with the activity for defensive-minded legacy institutions, Relativity touts at least one use case dealing directly with insider trading. 

While the use case isn’t quite given the same treatment in reporting as Relativity’s other more general compliance use cases, it is worth noting that Exelon is directly lending its name in a compliance-related announcement with high SEO and where insider trading is directly mentioned.

In terms of any concrete business results, Relativity and Exelon make two distinct claims they were able to:

• Increase Exelon’s collection efficiencies by 50%.
• Reducing Exelon’s “manual effort”.

Neither Exelon nor Relativity offer direct measurements or definitions of what these terms mean, and we suspect that is due to the sensitive nature of the communications. However, we find Relativity’s reputation in the communication surveillance space – and in particular, preventing insider trading – is only growing. 

Earlier this year, Deutsche Bank company Breaking Wave announced a high-profile partnership with Relativity to leverage Relativity Trace in their insider trading compliance operations earlier this year. Exelon expanded its partnership with Relativity in 2020 to integrate communications surveillance with their new cloud partner NightOwl for data management. 

In terms of the more general insider risk and compliance use cases with broad cross-over to insider trading in terms of functionality, Relativity Trace also notes the following more telling results:

• Reducing a data set in focus from 100,000 documents to just 600 emails while uncovering employees spending ControlRisk company money on personal travel.
• Reducing the red alert volume for a small compliance team at Daiwa Capital Markets by 80 percent in communications based in multiple languages. 

In March last year, Relativity achieved unicorn status upon striking a deal with private equity firm Silver Lake that valued the company at $3.6 billion. The vendor’s company LinkedIn page shows their current headcount growth at 6% and growing. 

Vendor Example: StarCompliance

StarCompliance claims to be “the world’s leading provider of compliance software to the global financial industry.” However, the front page of the company’s website cannot name a single company or shared use case in a client testimonial. 

By comparison, the landing page for Relativity Trace’s communications surveillance use case lists Exelon just below the browser. Elsewhere on Relativity’s larger testimonials page, named and happy enterprise clients are not hard to find.

Still, StarCompliance is an acclaimed vendor in the communications surveillance space, specializing in insider trading and is listed in independent reviews alongside Relativity Trace. 

The one-minute video from StarCompliance featured below explains how their STAR platform works and gives a glimpse of the software’s dashboard:

The dashboard provides clients with a 360-view of employees and transactions, presenting relevant information on suspicious behavior in networked graphs in proximity to major events like mergers and acquisitions.

StarCompliance claims elsewhere — and is verified by Deloitte — that they use data analytics to synthesize multichannel conversational data into what incidents require the most attention from frontline compliance managers.

Though nowhere in StarCompliance’s literature are NLP or machine learning mentioned, as they are in the stated AI capabilities being actively explored by their competitors. While not an AI-specific capability, automation is mentioned far more often as a core technology of the company’s software in marketing materials. 

We suspect the limited mention of whatever AI capabilities the STAR platform does feature would indicate that StarCompliance leans more to the Saas side on the spectrum of AI vendor business models. Furthermore, such a model is traditionally rooted in an overall business strategy that seeks immediate ROI over developing ingratiated, long-term transformative AI capabilities for clients. 

Digging more deeply into the “Client Stories” content buried in the “Insights” tab of the StarCompliance website frontpage, we find company-produced videos boiling down these narratives into question-and-answer formatted responses with successful clients. 

The two-minute video produced by StarCompliance featured below gives some substantive feedback on how its platform improves compliance workflows:

At approximately the one-minute mark of the video, Baupest Group Senior Compliance Analyst Kalonji Kabongo attests that the STAR platform:

• Reduces the work of three or four compliance officers down to one.
• Automates the tracking of statements and transactions in the task of trade request monitoring, using broker feeds in their dashboard.
• Presents a more streamlined approval process. 

Kabongo is featured in other videos on the “Client Stories” page, but the page itself only features brief videos of interviews or general marketing information – no white papers, no pdfs on use cases with documented results. 

The company received an initial round of investment from Luminate Capital Partners in 2017, but there has been very little official news since regarding company growth. Elsewhere, StarCompliance’s fundamentals appear strong from the outside. The company’s LinkedIn page shows a 15% headcount growth, with three recent management hires. 

Traditionally, these signs indicate a vendor leaning more towards a Saas model that prioritizes immediate ROI.

Vendor Example: Shield FC

Shield FC is a rising startup from Israel in the communications compliance space. They offer their clients the INSIDERS platform, a solution to detect and prevent insider trading that the company explicitly claims is powered by natural language processing (NLP) and data analysis.

In a public statement announcing the launch of the software, Shield claimed that INSIDERS not only helps firms monitor communications but also in demonstrating “ to the Regulator that any potential avenues for Insider Trading are closed, despite the significant shift in working practices for many employees.”

The amount and diversity of Shield’s data collection techniques are wide-ranging, as summarized in this 12-minute video interview with Shield CEO Shiran Weitzman by the Harrington Star Group:

In the video, Weitzman explains that Shield:

• Aggregates multi-channel communications from their clients.
• Analyzes these communications using natural language models to compare with the company’s trade and audit data for suspicious activity.
• Helps companies in areas of record keeping as well as communications surveillance.

Despite the aforementioned timidity banks have in offering client testimonials for such solutions, one “leading bank headquartered in the UK with offices around the world” is cited as a Shield FC success story in a sponsored article for the Times of Israel. 

Specifically, the testimonial was quoted saying that Shield was able to work with the bank to face challenges in processing “massive amounts of data, scale with our expanding operations, meet all our needs with respect to security and compliance and … be installed on cloud infrastructure.”

Though the bank remains anonymous, the testimonial itself is telling — as are Shield’s recent partnerships with TeleMessage, to collect data from mobile messaging apps like WhatsApp, and their membership in IBM’s Cloud for Financial Services.

However, among the major competitors listed, Shield FC trends toward the youngest startups. In January, the company announced it closed a $15 million round of Series A investment from Macquarie Capital, OurCrowd, and Mindset Ventures.

Yet as of the time of this writing, the company does not even yet have an official LinkedIn page and the Times of Israel-sponsored article remains among the company’s highest SEO listings aside from its website.