Martina Rejsjo, our VP of Product Management, shares insights into the latest industry trends, surveillance updates, and product developments. Her updates dive into new features, best practices, and strategic roadmaps designed to keep you informed and ahead of the curve.
How should you handle the noise within your surveillance system? Let’s call “noise” the alerts that don’t lead to any immediate investigation or suspicious transaction reporting. Are they False positives or should they be categorized as True positives with low value, and what is the difference? And are there benefits to the low-value alerts?
Surveillance providers have traditionally tried to define risk factors within narrow parameters, hoping to filter out noise. The logic is that fewer alerts will allow analysts to focus on the most essential risks. However, this method has inherent flaws. No system can predict how every form of market manipulation manifests itself. Over-calibration creates blind spots, where unusual but potentially problematic behaviors go undetected.
Analysts spend too much time refining thresholds, focusing more on eliminating false positives than identifying potential issues. While fewer alerts might sound appealing, this approach is risky, as it often shifts the focus from finding genuine threats to managing alert fatigue.
The better approach is to capture more data, not less, and at the same time understand the difference between false positives and low-value true positives. False positives are simply errors—alerts that flag benign activity, offering no real insight. Low-value true positives, on the other hand, are accurate alerts that don’t warrant immediate investigation but still require monitoring. They may seem insignificant in isolation, but over time, such alerts may show a different picture. False positives waste time; low-value true positives offer subtle clues.
The answer to this challenge is Automations – Validus defined logic allows users to apply internal guidelines to automatically close out alerts that do not immediately rise to a suspicious or actionable level. More importantly, leveraging automations allows the surveillance system to cast a wide net to capture more potential problematic behavior without drowning the surveillance team in alerts.
The system evaluates factors such as trade volume, prior alerts, or specific account types and can automatically close alerts when appropriate. Each step is documented, providing a complete audit trail with the data points used and the reason for closeout. Not only does this ensure consistency across the team in using the same logic for reviewing alerts, it also allows clients to use the true positives, albeit low-value alerts, to help with calibration signals and trend analytics.
The analysis of the automatically closed alerts will help identify patterns in near misses. What appears insignificant today could be a signal to a larger issue tomorrow, offering a chance to detect patterns before they escalate. They also offer valuable insights for system calibration. If a particular account triggers numerous low-value alerts, it may indicate the need to adjust thresholds or investigate further.
Trend analytics of closed out alerts will also provide valuable insights into potential risks. Repeatedly closed alerts that seem insignificant at first can become significant over time. An account triggering a low-value alert one time is very different from the same account triggering low-value alerts 50 times, highlighting the significance of repeated activity in order to detect potential manipulative trading.
Focusing solely on minimizing false positives can create a dangerous illusion of security. Firms need to think differently, embracing solutions that capture more data and provide deeper insights. Rather than simply reducing alerts, cast a wide net and shine a light on your trading.
To learn more or book a demo of Validus click here.