MiFID II is a set of reforms imposed by the European Union for the financial industry, designed to prevent history from repeating itself in light of the 2008 financial crisis. The legislation is due to come into force at the beginning of January 2018 and it will place stringent requirements on call recording, transparency and disclosure in financial services. As the implications of Britain’s exit from the European Union remain undecided, there is evidence that many businesses are confused over compliance requirements post-Brexit.
There are less than five months until MiFID II legislation comes into force. Despite it being one of the most significant updates to financial oversight in the European financial sector, a recent Aeriandi survey suggests that 25% of IT managers and decision makers and Risk & Compliance managers within UK financial services businesses believe that leaving the EU will mean that their organisation will be exempt from MiFID II compliance. Additionally, 14% stated that they have no idea how Brexit impacts their requirement for compliance.
What are the major impacts?
A key aspect of the new legislation is the changes in requirements relating to the recording and archiving of telephone calls. The Financial Conduct Authority (FCA) currently mandates that only the telephone conversations of individuals directly involved in trading need to be recorded. However, MiFID II broadens the scope considerably for a range of firms to include anyone involved in the advice chain that may result in a trade. Naturally, this has a significant impact regarding the scope of whose conversations must be recorded once the new law takes effect.
Conversations between the likes of wealth managers or independent financial advisers and their clients will now all fall under this scope, and the legislation applies to both fixed line and mobile conversations. All calls must be stored and accessible for a minimum of five years after taking place (seven in some instances), and capabilities monitored on an ongoing basis.
This particular portion of MiFID II is causing a certain degree of consternation. Perhaps unsurprisingly, before MiFID II was announced, few financial institutions had the right infrastructure in place and many are still working on how best to achieve the new compliance requirements. Fortunately for those that do not have the necessary in-house resources, a variety of call recording and archiving solutions are available from third party organisations, which can help to achieve compliance right out of the box. However, choosing the right one can prove difficult without the necessary knowledge of what to look for in a solution.
Call recording requirements
For those firms covered by the legislation, MiFID II mandates that call recordings relating to a financial transaction must be stored for five years after the transaction was made, a significant rise from the six month period currently mandated by current FCA legislation. Not only does this impact heavily on storage resources, but it also presents security challenges, particularly if the recordings contain sensitive financial information.
After all, five years is a long time to keep data safe. Only recording and archive solutions that offer the latest levels of data encryption and provide guarantees about who is able to access recordings should be considered. If a vendor is using out-dated encryption or does not offer ongoing guarantees regarding upgrades to security as/when they become available, they should be avoided at all costs.
Whilst the primary driver for implementing a suitable call recording and archiving system is to achieve MiFID II compliance, many of the solutions available also offer additional layers of compliance such as the Payment Card Industry Data Security Standard (PCI-DSS) and BS10008 – which governs whether recorded content is legally admissible in court if required. These data standards can bring additional return on any investment made and should be considered when choosing a suitable solution.
Now is the time to act
Almost a quarter (22%) of those surveyed by Aeriandi stated that although they feel they understand MiFID II legislation, they are not sure how it applies to their organisation. Firms must realise MiFID II is no longer a distant dot on the horizon. The deadline on 3rd January 2018 is now rapidly approaching and will have far-reaching implications for any firm dealing with and processing financial instruments.
Compliance and IT teams will need to work together and determine whether they have adequate systems in place to implement the required processes and procedures for MiFID II compliance. When addressing the call recording and archiving aspects, thankfully there are a number of avenues that organisations can go down.
For those not choosing the in-house route, there are numerous excellent solutions available from third parties. However, great care must be taken to ensure that the solutions on offer will actually help the organisation to achieve all of its compliance goals, rather than just some of them. Many organisations will need to procure and roll out a new set of tools or risk significant financial penalties.
Guest Blog by Matthew Bryars, Co-Founder and CEO at Aeriandi
