Banks must consider staff relations when turning to 'big data' to identify potential misconduct, says expert

Out-Law News | 03 Dec 2014 | 11:12 am | 2 min. read

There are legitimate reasons why banks would wish to monitor staff behaviour through the latest in 'big data' analytics, but they should consider employee relations issues before using that technology, an expert has said.

According to a report by the Financial Times, some banks have begun monitoring traders' performance against the number of times they use internal communications systems. The purpose of this monitoring is to identify whether traders are covertly contacting clients and illegally profiting from doing so, it said. Banks are also monitoring mobile phone use and using data to log the number of times traders take a break to smoke outside to identify suspicions patterns that hint at insider trading, the report said.

Financial services litigation and compliance expert Michael Ruck of Pinsent Masons, the law firm behind Out-Law.com, said that it is understandable that banks would turn to big data for staff surveillance because of the penalties they could face for insider trading. However, he said that the scope of surveillance needs to be tempered by consideration of legal and employee relations issues.

"Whilst it is clear that banks and other institutions must be able to evidence they are taking appropriate steps to monitor and supervise their employees to meet their regulatory requirements, increasingly large financial penalties and the threat of criminal prosecution will only intensify the internal and external level of scrutiny on the activities of individuals at the same institutions," Ruck said.

"This must be balanced with the potential negative impact this may have on the morale and performance of the vast majority of individuals who are acting properly but may get caught up in an investigation as a result of certain triggers, for example, using a landline less than their colleagues.  Firms may well find themselves on a tightrope surrounded by regulators waiting for a mis-step and should seek advice on avoiding such pitfalls," he said.

One such pitfall that banks face is the legal risk that any such use of employee monitoring technologies is non-compliant with privacy and data protection laws.

Privacy and data protection specialist Kathryn Wynn of Pinsent Masons said that banks must be open with staff about the monitoring techniques they will use and the purpose of doing so.

"From a privacy and data protection perspective, it’s all about doing what is in line with employee expectations around the extent of monitoring, unless the banks have an existing suspicion of underhand behaviour," Wynn said. "Thereafter, it’s about ensuring that the monitoring is proportionate to the risk, is targeted and carried out in the least intrusive way possible."

"If the monitoring is of a sophisticated nature and looking at things like the frequency of communications and does not involve surveillance of the content of those communications then that kind of monitoring is easier to justify from a privacy and data protection law compliance perspective. The notable danger of relying on those surveillance techniques, however, is that the wrong inferences are drawn from the data analysed, such as the employee who suddenly increases frequency of smoke breaks due to stress," she said.

Paris-based technology and privacy law experts at Pinsent Masons, Annabelle Richard and Guillaume Bellmont, last month explained that businesses using employee monitoring technology need to notify the data protection authorities about their use of those tools.

They said that a judgment issued in October by the Court of Cassation in France highlighted the potential for employers to lose cases brought against them for unfair dismissal if they fail to declare an employment monitoring system as a personal data processing tool to data protection authorities.

Selwyn Blyth, employment law consultant for Pinsent Masons, said that banks should have a "clear cut policy which makes it explicit what employee monitoring is going on and why". He said there are many ways in which banks can publicise the policy to staff, including by getting the signed consent to the monitoring by staff, through training or induction programmes or verbally at team meetings.