The passing of the Dodd–Frank Wall Street Reform & Consumer Protection Act will lead to new rules that will increase the burden and cost of compliance. Communication networks are a proxy for the relationships, interactivity and information flow that underpin how commerce is transacted. Catelas is the first solution to provide true transparency into how an organization lives and breathes, allowing compliance officers to monitor behavior, data flow, and relationships inside and outside the company without collecting a single email.

1. The new Regulatory ParadigmHow to respond to Dodd-Frank while containing costs

2. Agenda What’s the net effect of Dodd - Frank Current Challenges & How to Respond Recent Case Studies Employee Surveillance A New Comprehensive Approach Relationships Are the Key What You Can Do How Does It Work Live Demo Panel Speakers: Alan Morley Compliance, RBS Global Banking & Markets Chris Ekonomidis Director, Business Consulting, Sapient Eddie Cogan CEO and Founder, Catelas, Inc. Regulatory Fines increase every year – Clearly there is something missing in our Compliance and Risk processes and technology.

3. Net effect – significant increase in complexity

4. Net effect – more rules - 421 !!

5. Net effect – increased enforcement, number of inquiries & more surveillance rules SEC Chairman Mary Shapiro recently spoke ofthe "enormous burden" as the SEC shifts resources to create a new regulatory regime for hedge funds - 105 new rules, 20 studies and five offices. Shapiro’s “burden” will translate to increased enforcement/inquiries and additional surveillance rules for everyone involved in the Hedge Fundand Asset Management industries. “The SEC is going to cast a much broader net to include people on the edge of a fraud,” said Steve Crimmins, a former trial attorney at the agency who’s now at law firm K&L Gates LLP in Washington. “There will be legions more SEC cops on the beat and that will mean a lot more activity.” Under Dodd-Frank, which was signed into law in July, the SEC can sue an individual who “recklessly” aids a fraud even if the person isn’t aware of the wrongdoing. The provisions “increase the likelihood of litigation” with fewer quietly settled cases, said David Kornblau, who was the SEC’s top prosecutor from 2000 to 2005

6. Current Challenges & How to Respond No more “smoking gun” Keyword search monitoring – too many false positives Random sampling – limited value from a risk perspective Costs are high, process is manual and impact generally accepted as being unreliable with very few ‘successes’ Transcripts showed Ms. Chiesi talking with Mr. Kurland, quoting him as telling her in August 2008: "Don't put anything in email.... Don't email even Raj." It is no longer enough to “satisfy” compliance requirements. It is far more important to Identify Risk and to Proactively avoid adverse events

7. 3 players – only one within each firm Coded emails – not detected by keyword surveillance Strong Relationships are the indicator of collaboration – good or bad “[SEC ] charged a Wall Street investment banker, another securities professional, and one of their friends in a clandestine insider trading ring that netted approximately $1 million in illicit profits by trading ahead of at least 11 mergers, acquisitions, and other corporate deals.” “coded e-mail messagesthat referred to securities and money as ‘frequent flyer miles’ and ‘potatoes.’ “ “…Poteroba, Koval, and Vorobiev are each Russian citizens who attended college [together] in the 1990s at the University of New Haven in Connecticut. “ Recent Cases – Insider Trading

8. UBS Accuses Three Quant Traders Of Stealing Its Code “UBS has filed a lawsuit against three former quant employees alleging that they stole proprietary trading software with the intent of using it at their new employer, Jefferies & Company.“ The three were also accused of starting their new jobs at Jefferies & Co while still employed at UBS. A FINRA arbitration panel denied the injunction because they claimed that they always sent code to their personal email addresses and there was never a problem before. Compliance and Risk efforts were inadequate because they did not detect the data breach for years. Recent Cases – Employee Theft

9. FINRA Fines MetLife $1.2 Million “[FINRA} fined MetLife Securities, Inc., and three of its affiliates a total of $1.2 million for failing to establish an adequate supervisory system for the review of brokers' email correspondence with the public. …the firms relied on the brokers themselves to forward their emails to supervisors for review…But brokers were able to delete their emails from their assigned computers, thus rendering spot-checks unreliable.“ Certain employees exploited gaps in the compliance implementation and circumvented controls designed to allow MetLife to comply with securities laws. Recent Cases – Email Supervision

11. Monitor activity and behavior of departing employees

14. Physical interviews and searches are often the most powerful tool , but it must be coordinated and timed to avoid alarming those involved

16. Drive physical investigation – Who to interview? What is the nature of your relationship with X? Who is else may have relevant information?

18. Include connections outside the firm

19. Identify information flow

21. Focus the inquiry

22. Save time and reduce costEmployee Surveillance

24. Uncover who is talking to whom about which topics

26. Fast, low cost

27. ComprehensiveEmployee Surveillance

29. Information Theft

30. Email Supervision

31. Employee Surveillance & Compliance: FCPA, AML, PII

32. Other (not listed here)Audience Poll ?

34. Allows surveillance of entire email network with same manpower as sampling

36. Restricted Lists

37. Watch Lists

38. Control Room

39. Information Security

40. Trading Strategy

41. Trading softwareWho knows who? What are they saying? Relationships are the Key

43. Proactive, always-on, comprehensive monitoring and audit solution

44. View entire corporate communications network through log file analysis,not just a sample

45. WITHOUT cost & time of data collection

46. Watch Lists, Restricted Lists, Deal Rooms – native email analysis

47. Who spoke to whom; about what and when

48. identify if people are talking about issues other than the participants

49. Easy to use, deploy and support

50. Fully automated, non-disruptive

51. Don’t integrate to exchange or Archive

52. Deployed in days

53. Quick time to valueWhat You Can Do

55. Social Network Analysis identifies missing custodians & uncovers ‘friends in common’

56. Log file analysis allows ENTIRE company network to be uncovered

57. Advanced Data Analytics uncover IP theft & information flow across barriers

58. Highly scalable & comprehensive

59. Easy to use, deploy & maintain

60. Low cost of ownershipIM Email Telephony Log files How We Do It

62. No increase in resource:

63. Same resource, same time – completely audit of information barriers, watch lists etc

64. Networks of interest AUTOMATICALLY created weekly, monthly

65. Investigate Suspicious Activity Reports instantly without IT support – Always-On solution

66. Non-disruptive to Business & IT

67. No integration

68. No emails collected

70. Significantly Improve productivity

71. Cut collection costs by over 80%

72. Cut travel costs as preliminary investigations conducted centrally

73. Live Demo

74. Thank You Eddie Cogan 617 407 2967 Eddie.cogan@catelas.com www.catelas.com Thank You & Stay Tuned for Future Webinars! Alan Morley (201) 923-7214 Alan.Morley@rbs.com RBS Global Banking & Markets Chris Ekonomidis 646 207 0788 cekonomidis@sapient.com www.sapientglobalmarkets.com