Supervision in a hybrid work environment

It is by now evident that the protracted effects of the Covid-19 pandemic on the workforce lifestyles and patterns across the world aren’t in a crisis management stage anymore — they are here to stay. Ever since the virus gained its ‘pandemic’ status, organizations worldwide forced to shift their workforces into isolated silos of their homes in an attempt to halt the spread.

However, this is just the beginning of what appears to be a long haul for business owners and corporates who’re unused to supervising security and compliance issues across remotely working teams using a bewildering array of collaborative video and audio-based communication tools.

For firms preparing to design supervision in this hybrid environment with a distributed workforce model, here are some things to consider:

Evolving collaboration tools

More and more of the active workforce is quickly realizing the benefits of the remote working lifestyle. From call center executives to financial advisors, sales staff, and more, functions previously unimaginable without an office set up are being seamlessly conducted from home-based setups. This growth spurt is supported by video communication collaboration platforms such as Zoom, Microsoft Teams, Google Meets, and Slack and innovatively mixed and matched by our existing audio and text tools such as calls and text.

A customer journey may start with a video conference, include telephonic support through the contact center, and have complaints resolution update sent via an SMS — to support a genuinely omnichannel communication experience.

Effectiveness of supervision model

With the emergence of a hybrid remote work environment involving multiple collaboration tools, the standard supervision model of call listening or physical oversight has become challenging and irrelevant.

As part of the risk management systems and internal controls, supervision needs to have established control functions. Therefore, these control functions’ central role and independence need to be reviewed.

Distributed supervision model also restricts internal audit function, including lack of access to data points, insufficient depth or scope. The on-site assessment is a critical method used to assure the effectiveness of control functions.

It is necessary to redesign supervision models with integrated control monitoring to support a risk-based supervision approach to manage operational risk and keep a proper audit function.

Emerging operational risk

In the traditional operational risk model, the senior management usually establishes a framework based on their understanding of risk and shows training and processes. However, in remote workspaces, behavior often goes unchecked. It takes extreme forms such as fraud, where firms may be inadvertent participants via dishonest customer-facing staff or maybe at the receiving end of unscrupulous persons who take shelter in legal loopholes and general anonymity that digital workspaces offer.

The risks may include misconduct, privacy issues, data disclosures, compliance, regulatory breaches through inappropriate behavior over audio, text, and video communications that are at odds with the company and regulatory policies. In addition, bullying & inappropriate behaviors in a distributed workplace are forms of abuse that are a risk that can create enormous reputation damage.

Managing regulatory expectations

The Covid era has given rise to financial crimes such as fraud, cybercrime, money laundering, trade abuse, market manipulation, conduct issues, terrorist financing, and tax violations. As a result, regulatory bodies have become more alert about the vulnerability of the remote work environments that financial markets are functioning in and increased regulatory and compliance accountability of financial institutions involving hefty fines and damaging legal implications for defaulters.

The senior management must consider that they have set foot into a time and space where their ability to measure and manage compliance breaches is relatively untested and immediately under the highest level of scrutiny.

Cultural alignment

With its soft and unpredictable nature, the nature of culture makes it a challenging attribute to analyze, anticipate, or influence.

In a distributed working model, handling culture and its alignment becomes a bigger ask from any firm’s management, with employees not having face-to-face interaction. Moreover, these behavioral misdemeanors are at odds with company policies on racial and ethnic abuse, personal attacks, sexual advances, threats, profanity, bullying, and so on.

Developing a robust risk culture lies in assessing the implementation of controls through the visible evidence of culture. It is essential to consider the right tools and framework that can assist in the measurement of risk and influence culture.


Key challenges in the front-office control function

The front office or first line of defense has been increasingly assuming overwhelming importance in the organizational structure. It is, therefore, not a surprise that a dedicated front-office control function is now standard practice for firms to enhance the ability to manage non-financial risks.

In this regard, firms have been following the classic three-line defense model to ensure a robust control environment that financial, operational, regulatory, and legal requirements.

This includes First Line of Defence (1LOD) — “front office/business”, responsible for assessing and mitigating risks.

Second Line of Defence (2LOD) — “risk management”, responsible for independently assessing the risk-taking activities and designing a risk framework.

And the Third Line of Defence (3LOD) — “internal audit” is responsible for evaluating compliance with policies, procedures, and processes established by 1LOD and 2LOD and providing independent assurance to the board audit committee.

The challenges of establishing a healthy front office control are many and complex — one of them is the science of perfecting customer experiences by regulating human behaviors within the organization. The very nature of behavior throws up complexities of conduct-related risk and redundancies that need to be addressed through a thorough assessment of customer interaction data to expose risk trends. Added to this is the consistent change in regulatory governance that requires any risk control framework to be adaptable and intuitive.

In sum, the critical challenges in establishing a front office control function are as follows:

Continuous change in regulation

In 2016, Thomas Reuters captured no less than 52,506 updates from 75 global regulators, averaging more than 200 for every single day. This was almost double the alerts seen in 2013. Every change in regulation translates to a change in the governance management, compliance operations, and eventually an overhauling of the front office controls.

With regulators getting more and more exacting about their risk and conduct surveillance criteria and increasing the stakes on failure to abide by them (such as legal procedures against business owners not taking by the SM&CR), keeping up with all the governance requirements is proving a significant challenge for many financial institutions.

Continuous change in risk dynamics

The time is ripe for front office control functions to adapt to emerging risk landscapes. Increasing automated surveillance-based controls, which were necessitated due to the dynamic regulatory atmosphere, may be time for IT acumen to be inducted into the front-office risk control teams. Risk is now an ever-changing force to be dealt with.

Data Overload

Many firms are struggling under huge heaps of diversified complex data that are being produced by the new control surveillance systems operating for their front office functions. One of the most common headaches in surveillance data is the reoccurrence of “false positives” or red flags in the form of potential misconduct or risk.

While many of these may be completely innocent, the sheer amount of time, overhead capital, and technological resources that can go into their investigation are draining. When put in the context of banks’ increasing requirement of data for compliance purposes and the demand for it by their clients for regulatory reports, this becomes an overarching challenge for any risk control function to deal with. It doesn’t matter how advanced your surveillance system is if it does not come with intelligent data management and governance system.

Need for a focus on culture

The emerging risk control landscape depends on organizational culture adaptability and transformation. In the three-line defense model, a cultural transformation has traditionally been seen as a top-down phenomenon. The senior management sets down the tone and cultural norm, the middle management assesses the risk around the procedure, and the lower rung embeds the change.

However, with the evolution of automated front office surveillance systems, a ‘bottom-up’ approach is now possible and perhaps necessary. In either case, however, the defining challenge in studying and changing culture is the complexity and unpredictability. By flagging conduct or the visible evidence of culture and analyzing the risks associated with its expression in 1LOD, the complex body of culture can be navigated, anticipated, and mitigated.

Skills Shortage

Nothing is ever enough when it comes to establishing a successful front office control function. Whether it’s the controls architecture going over budget trying to factor in complex data management and compliance monitoring or not finding the right team to introduce and implement the control — the struggle is real. Recruiting and budgeting for front office controls are tough.

In addition, with every new leap in surveillance technology, it is important to have individuals that have a combination of business, leadership, and technological acumen. Some of the technical skills that are relevant for front-office are domain knowledge, surveillance & digital risk management,  supervision, understanding of standards and controls, conduct risk, controls and measurement, risk assessment, and mitigation.

Cost Pressure

Regulations such as The Senior Managers and Certification Regime (SM&CR), MiFID II, the Market Abuse Regulation, and the Benchmarking Regulations have maximized non-financial risk-based accountability from heads of businesses in recent times.

This has meant that the surging costs to introduce, maintain and enhance the front office risk control framework are now part of the managerial headache. Whatever ensures perfect risk-free conduct has to be afforded: staffing levels, better surveillance systems, better data management, and the optimal model.


Video communication monitoring

Video communication monitoring for compliance

Remote working & the emergence of video-based collaboration tools

For well over a year now, the Covid-19 pandemic has forced organizations worldwide to shift their workforce into the remote Work-From-Home mode in an attempt to ‘flatten the curve’. The shift to digital communication and remote workplaces often became the deciding factor in measuring whether a firm or an entire industry is ready for the ‘next to normal’. In a matter of months, we were headlong into a video-first environment, where everything from medicine to education, finance to IT was a matter of intelligent interaction and video collaboration platforms running over home-based networks.

As lockdowns started stretching into months, more and more organizations settled into the new work culture and soon found value in it. In addition, government officials and institutions harnessed the power of video communication technology to enter into the hybrid working lifestyle of the private executive.

Screen shares, video calls, chats, audio, and video recordings, slide sharing, video conferencing, conference calling, Video Meetings, etc., replaced face-to-face conversations, board meetings, client presentations, walk-in demo-s, and so much more.

The benefits of remote working are apparent and substantial. 

For the employer, the dissolution of physical workspaces amounted to heavy savings on assets and maintenance. They now had the freedom to hire the best talent without geographic limitations. Keeping track and monitoring employee progress and performances now became more accurate than ever. Time management became efficient due to perfect meeting scheduling, leading to an overall increase in ROI.

 For an employee to cut back time on travel and get readily provided a welcome release from the daily grind, employment possibilities expanded beyond geographic locations — a heightened comfort level was reached.

The favorable situations created an environment rich for the emergence and spread of premier video communication and collaboration platforms such as Zoom, Google Hangouts, Microsoft Teams, and Slack. Microsoft Teams and Google Hangouts Meet both jumped in the rankings, with Zoom Cloud Meetings, the undisputed winner; it saw large downloads in the US, UK, and Europe from 2020 onwards.

Emerging compliance & Security Risks

The explosion of unified communications tools and platforms such as video calling and collaboration chat (where documents, files, and multimedia content are also easily shared) exposed businesses to greatly increased risks of inappropriate data disclosure, from personally-identifying information to intellectual property. The very nature and the range of exciting possibilities that video communication software and collaboration platforms offer make them vulnerable to a privacy breach.

From the sharing of confidential information via screen sharing, file-sharing through chat, or virtual white-boarding, to the conversation itself — even having documents or information displayed on a whiteboard in the background visible via the webcam — there are a variety of security loopholes for confidential corporate data to slip through, cause compliance risks or result in misconduct.

Specifically speaking, video communication exposes you to:

· Sensitive Information Leakage: We have seen gaps in some of the leading video collaboration platforms where a screen-sharing feature shows parts of presenters’ screens that they did not intend to share — potentially leaking emails or passwords.

The issue occurs in a “reliably reproducible manner” when a user shares one split application window (such as presentation slides in a web browser) while opening other applications (such as a mail client) in the background, in what is supposed to be in non-shared mode. The impact in real-life situations would be sharing confidential data in an unintended way to unauthorized people.

  • Unauthorized access: Disruptions typically occur when meeting information is made open to the public. A user could post a private meeting link on social media, share their virtual classroom information, and more. But when these links are out on social media or other public forums, that makes your meeting wholly general, and anyone with the link can join it. Most video collaboration platform now supports password protection and waiting room features. But this does not entirely prevent an unauthorized person from entering an internal meeting. A new nuisance — Zoom bombing refers to the practice where malicious actors or internet trolls make their way into your Zoom meeting.
  • Inappropriate conduct & company policy adherence: Maintaining decent workplace behaviors is challenging in a model where the workforce is distributed and not in a single physical place. This creates challenges in enforcing company policies around acceptable behavior and oversight necessary for the governance.

How AI-based monitoring can predict and prevent compliance and privacy breaches for video communication

To ensure compliance with policies, maintain conduct and contain data loss, it is essential to protect your data alongside strengthening your VPN and Firewalls. This means be not only able to define sensitive data but also be able to protect it from leaking outside network boundaries.

Cognitive View video analysis using machine learning can analyze video from a variety of collaboration channels. This supports the following key features

· Detection of sensitive data leakage: Automated detection of security, data loss, and compliance risks in verbal, typed, shown, or shared word

· Company policy enforcement for collaboration security and compliance: Ensuring that all video communication and collaboration platforms are carrying on company-compliant interactions

· Redaction capabilities for sensitive data: Comprehensive redaction capabilities to protect confidential or sensitive information from being accessed more widely

· Remediation & alert for the breach: Swift remediation and removal of any risky content across platforms


How AI can monitor and prevent workplace abuse

What is Abuse?

Abuse of any form or nature is an act of unjustified oppression, blaming, or dehumanization using manipulative, discriminatory, or bullying behavior that may cause the recipient profound emotional distress that may have life-altering negative manifestations.

Some of the common forms of abuse include Ethnicity Abuse, Community Abuse, Sexual Minorities Abuse, Nationalism Abuse, Women Abuse, Threat Abuse, Human Trafficking Abuse, Human Organ Trafficking Abuse, Drugs Trafficking Abuse, Arms Trafficking Abuse, External Contact Abuse, Generic Abuse, Personal Attack Abuse, Profanity Abuse, and Sexual Advance Abuse.

Why is Workplace Abuse on the rise?

In the digital age, abuse has taken on a vicious contactless form. Already challenging to deal with in physical spaces due to victim shame and guilt, abuse dished out in the digital spaces through emails, texts, video transcripts, customer inquiries, chats can become almost impossible to detect. This leaves in its wake a trail of victims of cyberbullying, gossip-mongering, scapegoating, inappropriate sexual advances, and so on, completely defenseless, their confidences flagging and self-doubt creeping into their performance.

The Covid-19 pandemic, by far the most expansive human tragedy ever faced, has worsened the situation by forcing the world’s workforce to move into their homes and carry with them the toxic corporate culture, only now with the added challenge of no physical redressal department to appeal to.

A lot of information gets lost in translation in a remote work setting. When speaking in person, a listener perceives just 7% of a message through spoken words only, according to research from body language expert Albert Mehrabian; 38% of a message’s impact comes from vocal cues, including tone, and the remaining 55% is nonverbal altogether.

The Work From Home mode has exposed employees to many more stressors than usual — the disappearing line between work and personal life, the unwritten law about “no leaves because you’re at home anyway”, fear of salary cuts and no appraisals, increased pressure to put in your 100% to retain jobs and so on. This alone has had a telling impact on the mental health of employees worldwide. Add to that the worsening of unregulated organizational culture that is now escaping through side chats on zoom meetings, text messages of undecipherable tone, passing gossip via Whatsapp groups, and so on.

If conduct goes unmonitored and unregulated, there will most certainly be an erosion of individual self-esteem and ultimately employee performances. It is a common occurrence that employees facing cyberbullying and abuse reduce work output, and let their frustrations get the better of them in their interactions with customers — costing the company business and reputational loss.

How can AI and NLP help in abuse detection?

Organizations all over the world are emphasizing improving their brand presence, customer-focused initiatives, and business compliance. Almost all companies strictly monitor their channels and ensure that no malpractices or lousy conduct occur. In the long run, it reaps monetary benefits as well. Moreover, it helps organizations to avoid getting penalized for regulatory issues and compliance practices. With a good brand image in the industry market, businesses can successfully increase their customer base, partnerships, and investments.

With the ongoing research and development in technology, many difficult tasks are now easily executed. Natural Learning Processing is one of the best methodologies for abuse detection since it is known as the ability of computer programs to understand human language. Businesses can use this technology to read all the texts from conversations, chats, emails, and social media, while simultaneously identifying abusive intent and words. The abuse detection process works on the foundation of training the computer program to predict what an abusive text is and how to differentiate it from normal text.

An AI-empowered abuse detection software can be especially useful in the post-pandemic situation by streamlining abuse monitoring across all major WFH platforms such as Zoom, Slack, and Microsoft Team for complete peace of mind and greater performance confidence

Active Risk Culture

Embedding active risk culture: supporting a bottom-up approach

Sound risk culture is an attitude or an amalgamation of behaviors that build organizational immunity and achieves specific business goals. The key to building a “good risk culture” is first to understand and articulate the cultural outcomes that will drive the right performance and support an organization’s strategy delivery.

In a three lines defense model, most organizational risk management programs seek a company-wide understanding of the “three lines of defense.” In the first line, business operations own and manage risk; in the second line, risk control and compliance oversee risk; and in the third, independent assurance conducts audits and reviews.

Traditional models assume the top-down approach where the board and senior management take the responsibility to set the tone and demonstrate behavioral mores in a risk culture transformation exercise. In risk management, transformations work in three phases: laying the foundation, measuring the impact, and embedding the change.

However, it is often noticed that measuring cultural change and ensuring its lasting impact against multiple KRIs may prove difficult. One of the main reasons for this is that a risk culture change cannot be achieved by a simple “one size fits all approach”. Seeing risk culture as simply a governance check — focussing on inputs, checklists, and frameworks, and trying to implement one way of working or thinking will drain company resources, risking company performance and opportunities.

There is unlikely to be a single right way for one person to behave, so what matters is that groups of people constructively challenge each other and check that the overall behavior is what is desired.

Towards a bottom-up approach to measure risk and influence culture

The answer to developing a robust risk culture thus lies in assessing the implementation of controls through the visible evidence of culture — conduct. Conduct is the little tip of the iceberg that floats while the vast complexity of culture remains submerged. And what better place to study and gather insights about conduct than right at the bottom — the first communication touchpoints?

Disseminating best practices in risk-based behavior across the organization demands accurate measurement of existing and potential risk factors to manage, predict, and mitigate risks before they escalate. In this regard, customer interaction from the front office — call center executives, sales agents, online agents, and chatbots, etc. can be turned into an insights hub to detect conduct risks early and use them to influence culture transformation.

As a monitoring platform, Cognitive View sees great value in using AI-driven technology to enable robust conduct risk surveillance frameworks and compliance architecture for a sound risk culture for your organization.

With a bottom-up approach, you can achieve:

– Accuracy in Measurement: Turn your traditional QA front office function into an insights hub that provides agent level, business level, and customer level insights

– Improve Organizational culture: Accurately design auditing and training procedures to begin the change from bottom-up while participating in top-down management-led behavior protocols

– Mitigate Misconduct: Understand drivers of misconduct, and act to restore trust, avoid penalties, and remediation costs. Ensure individuals and leaders are held accountable for deceptive conduct

– Resolve Conflict of interest: Understand conflict of interest at different touchpoints

– Fulfill Service Obligation: Understand regulatory obligations and avoid fines and reputational damage

Are you ready to streamline your operational processes towards the ideal risk and performance culture?


Learn and compare complaints data with the industry

A customer complaint is an excellent barometer and provides incredible insights for introspection. Many organizations already have some mechanisms to analyze internal complaints data and use that as a feedback loop for continuous improvements.  Although only a small percentage of internal complaints lands on an external dispute resolution scheme like AFCA, this is an excellent opportunity to learn and introspect.

Financial firms can compare & benchmark their complaints & process gaps against the industry peers or product lines to identify systemic risks, periodic progress made, and opportunities for improvement.

Benchmarking against the industry for a specific product line

The industry is going through a constant change because of changing market conditions and risks from various forces, including pandemics and Queensland floods. These external factors influence customer disputes directly and reflect new patterns. For example, consumer complaints about travel insurance policies have nearly tripled since this time last year, as more than half have resulted from COVID-19 disrupting holidays.

Benchmarking against the industry for a specific product line provides an opportunity for firms to learn about the industry as whole relating to top concerns for customers, compliance failure patterns, systemic issues, AFCA decision outcomes, and trends.

Comparing against industry peers

Comparing and benchmarking against the industry peers allows firms to learn and correlate top reasons for disputes, type of compliance failed, and AFCA’s decision outcomes. The insights provide an excellent opportunity to find areas to differentiate.

ASIC’s RG 274 product design and distribution, target market distribution principles require product feedback and complaints about internal and external disputes. Expanding the scope of learning to external data points helps identify emerging patterns from the industry peers, introspect and improve them.  


Reach out to to receive a complimentary industry benchmark report.