In recent months, we have seen the introduction of a host of new regulations in relation to the communications channels used for official trading, regulated product or services sales, and data protection and data sovereignty of personal client records.
Firstly, we saw the introduction of the second instalment of Markets in Financial Instruments Directive (better known as MiFID II), at the beginning of the year in the financial sector. We also saw the adoption on the General Data Protection Regulation (GDPR) which came into place in May. I doubt anyone could have missed that one! GDPR applies to any company that handles European users’ data, regardless of where they are based in the world; and the definition of ‘personal data’ extends from basic personal contact data through to pictures, IP addresses, biological, economic or social information..
These regulations have been introduced, in part, as a result of the financial crisis a decade ago, and the changing way in which we are using technology. The EU's data protection laws have long been regarded as a gold standard all over the world. Over the last 25 years, technology has transformed our lives in ways nobody could have imagined so a review of the rules was needed.
New regulations and their effect on the industry
Not only is a lack of knowledge an issue, but the cost of complying is vast. According to estimates by consultancy firm Opimas, MiFID II will cost the finance industry more than €2.5bn to implement, with the largest banks expected to spend more than €40m each on compliance.
GDPR, which came into effect on 25th May, aims to modernise data law and give EU consumers the right to know much more about how their information is collected, stored, used, processed, transferred and deleted by organisations. The introduction of GDPR means all firms have to implement more stringent practices, ensuring data is better stored with adequate checks and processes in place to protect it. The purpose of this is to avoid personal information being accessed during cyber attacks, an ever growing issue in today’s digital society.
Now that GDPR has become law, the financial penalties for failing to comply, especially if the organisation is hacked and found to be negligent, could potentially reach four per cent of company turnover. This data must not only be properly stored, and with the owner’s permission to do so, but must be easily searchable so that it can be erased if need be. Technology can play a significant part in data management and discovery.
According to estimates by consultancy firm SiaPartners, GDPR compliance will cost companies £300 - £450 per employee to implement, with the average FTSE100 company due to pay an average of £15 million.
Early 2018 also saw the implementation of MiFID II, a European-wide financial services regulation to improve transparency in the financial services industry. One of the key mechanisms of MiFID II is around call recording of financial advisers to support regulatory compliance, protect consumers and to resolve any trading disputes cost effectively. These conversations must be kept on file for at least five years.
While many banks are already archiving landline and turret communications, they are now required to do the same for mobile, as well as capture a wide array of context for each conversation. This is notoriously difficult across telephony or voice channels like noisy trading floors, contact centres or online multi-party voice conferences commonly used by financial, legal and M&A teams. Meeting MiFID II requirements such as these presents a technical challenge that thousands of organisations are now struggling to come to terms with.
Research commissioned by Red Box Recorders, provides insight into the attitudes, preparedness and concerns around the MiFID II regulation just before it was introduced. Speaking to IT decision makers and senior compliance managers across the industry in late 2017 showed that while institutions were aware of the requirements, many didn’t have solid implementation plans ready to roll out, particularly surrounding the regulatory requirements for areas such as call recording. In fact, nearly three quarters admitted they were not ready for the MiFID II regulations and only a quarter were aware of the increased financial penalties for failing to comply to the regulation, which can go as high as 5 million euros or 10 per cent of global turnover.
Making your compliance investment work
The importance of the new regulation to all kinds of businesses, and their customers, is not in doubt. Neither is the impact its implementation will have on businesses and industries for years to come.
The question comes when we look at how companies are making their compliance investment work. Looking at where they choose to prioritise capital and the types of systems they put in place will determine how they perform in the future. Due to the nature of the new regulations,, one area of focus must be that of voice call recording.
The confidential and sensitive nature of client call records together with enterprise data protection and data sovereignty regulations prohibit the use of general-purpose cloud-based automatic speech recognition (ASR) technologies. Additionally, effective wide vocabulary ASR usage has been restricted due to limitations associated with telephony noise, multi-party accents or dialects, differing international languages, and sector-specific vocabulary constantly changing. Until now, the onus for recording voice calls has been on the call maker - to record, make notes or keep a record of what the call is about, with no requirement to include any information on the sentiment or tone of the call. But this is no longer good enough or, indeed, legal.
This is an opportunity to support firms - not only to comply with the law but to future-proof their business and protect their customers.
Businesses will need a specialist in multiple language ASR, who can enable them to convert what was recorded on a call into an accurate transcription, even in a noisy environment and across all file formats, using agile, simple to deploy, on-premise technology.
Technological solutions already exist for automating note taking, real-time monitoring, and screening and classification of calls for conduct and ethics. With in-line indexing of the call content, discovery and investigation is simple, as is retrieving historic audio archives. If a call contains personally identifiable information (PII) like credit card details or bank account and address information, these can be live screened and tagged, or retrospectively analysed to support records preservation and security classification.
This is a time of crucial change, and there is no question that firms must comply with the new regulations. But there is an opportunity for businesses to improve their performance output and reduce their overall cost footprint by using innovative technology that is already available and in use today.
Bigger organisations are in the best position as they tend to have large regulatory teams. For smaller companies, there may still be a lot of work to be done to not only comply with the MiFID II and GDPR regulations but to ensure that they are ready for future iterations of the laws and further regulation in the future.
We’ve seen large venture capital firms such as IQ Capital and Amadeus Capital investing in technology for compliance, and I am confident in saying that technology is the smartest, most efficient way to ensure your firm is compliant with all regulations. The key is to make sure that whichever supplier you choose, they understand your needs and are able to tailor their solutions accordingly.
Benedikt von Thüngen, CEO of Speechmatics
Image source: Shutterstock/violetkaipa