MiFID II: The Final Countdown…

This year will see many organisations preparing for MiFID II, one of the most wide-reaching changes to financial market regulation that the industry has ever seen.  The new legislation is designed to tighten up Europe’s trading landscape, and will govern everything from where and how derivatives can be traded, to policing potential conflicts of interest among financial advisers. 

According to a report IHS Markit and Expand, a Boston Consulting Group company, preparations for these new market reforms, scheduled to take effect in January 2018, will cost the financial services industry more than $2bn during 2017 alone. 

One detail that has perhaps the widest implication is the change in requirements for the recording and archiving of telephone calls. The Financial Conduct Authority (FCA) currently mandates that telephone conversations of individuals directly involved in trading need to be recorded. MiFID II broadens this scope considerably to include anyone involved in the advice chain that may result in a trade. This includes conversations between both wealth managers and independent financial advisors (IFAs), and their clients and applies to conversations taking place on both fixed lines and mobile phones.  Further, since a large part of MiFID II relates to record keeping, the directive also mandates that organisations must store and secure all of these recordings of phone conversations for five years.   

Harnessing the Opportunity  

With less than 300 days left to prepare, a key challenge many organisations must address is ensuring they have the right infrastructure in place to achieve the compliance requirements.  For those that don’t have the necessary in-house resources, a variety of call recording and archiving solutions are available which can help achieve compliance right out of the box.  However, in a market saturated with technology, deciding what solution you require can be a challenge.  Whichever option you choose, a highly robust and resilient call recording solution is critical, one that will encrypt data in transit, organise it and store it in an impenetrable online vault so there is no room for downtime or margin for error. 

Here are a series of key considerations when assessing the various call recording and archiving solutions. While this list is by no means exhaustive, it should serve as a strong benchmark upon which to review potential solutions, as any offering that doesn’t meet these considerations is unlikely to completely fulfill the requirements set out by MiFID II and should therefore be avoided: 

All telephone platforms covered: MiFID II mandates that calls on both mobile and telephone platforms must be recorded, therefore a solution for compliance must have this capability.   

Easy to deploy, simple to scale: The process of deploying many new solutions will inevitably clash with day-to-day business and result in a loss of revenue. If so, this creates problems of its own. Fortunately there are various cloud-based solutions for recording and archiving that do not require any on-site installation, which eliminates any business disruption. As well as easy deployment, can the solution scale up to cover busy periods, whilst also scaling down to save the organisation money during quieter periods? Otherwise the organisation could end up paying for an unnecessarily large storage capacity or have to buy more at premium pricing on short notice. 

Easily accessible recording archives, from anywhere at anytime: With cloud computing, if you’ve got an Internet connection you can be at work.  Cloud-based recording and archive solutions offer the ability to access call recordings and archives from anywhere, at any time through a secure online portal. This is particularly beneficial to organisations sprawled across various geographic locations. In contrast, an on-premises recording and storage solution cannot deliver the same level of flexibility in terms of recording accessibility in comparison to cloud platforms. In the current regulation, calls must simply be recorded and stored, but under MiFID II it is compulsory for compliance officers to periodically review the call recording archives to demonstrate compliance. This is another major benefit of choosing a cloud-based solution that is easily accessible.   

Encrypt recordings and store securely: MiFID II mandates that all call recordings should be stored for five years after the transaction was made – an increase from the current six-month period mandated by the FCA. Not only does this increase storage pressures, but it also presents security challenges, particularly if the recordings contain sensitive financial information. Organisations should consider only solutions that offer the latest levels of data encryption and provide guarantees about who is able to access recordings. If a vendor is using outdated encryption or does not offer ongoing guarantees regarding upgrades to security as and when they become available, they should be avoided at all costs. 

Choose a solution that ticks multiple data standards boxes: In addition to MiFID II compliance, it’s definitely worth considering whether your preferred solution is also capable of complying to other pieces of legislation such as the Payment Card Industry Data Security Standard (PCI DSS) and BS10008 – governing whether recorded content is legally admissible in court if required. Selecting a solution that encompasses a wider range of data standards can bring additional return on any investment, as it will save the organisation time and money by eliminating the need for deploying various solutions. 

Conclusion 

The scale of complex technical challenges around MiFID II has meant that many companies are still unprepared for the full impact of the new regulations.  But with the deadline for compliance now less than a year away it is imperative that these companies immediately prioritise the task at hand.  Thankfully, those that are affected by MiFID II are not limited to just a few avenues that they can go down for compliance, as there is an abundance of excellent solutions available from vendors. However, the financial institutions must take great care in choosing a solution that will actually help the organisation to achieve all of its compliance goals, rather than just some of them. 

Image Credit: NakoPhotography / Shutterstock