There are significant changes afoot in the regulation of financial instruments. There’s a section of MiFID II (The Markets in Financial Instruments Directive), which comes into force in January 2018, which stipulates that any firm providing financial services to clients linked to ‘financial instruments’ will have to record and store all communications intended to lead to a transaction.

[easy-tweet tweet=”There are significant changes afoot in the regulation of financial instruments. ” hashtags=”cloud, tech, IT”]

This means anyone in the advice chain must record and store their conversations with customers, which is a big escalation of current obligations. Recording of conversations between traders and their clients on fixed and mobile phones, including voice and SMS, has been mandatory since 2011, and the current mandate applies to about 30,000 traders. From January 2018 however 300,000 individuals in the UK alone will be subject to the new regulation. It means many more firms will need to be ready to meet the explosion in data that will accompany MiFID II enforcement.

All forms of communication

In fact, the MiFID II regulations will extend into all forms of communication; including face to face meetings. Face to face conversations won’t necessarily need to be recorded but they will at least need to be captured in written minutes or notes and then stored for up to five years – or seven years if requested by the authorities.  It’s down to an individual firm how they save conversations, but relying on manual notes alone potentially creates more work and incurs more risk than taping conversations (following the customer’s permission of course).

In the financial services industry experience shows that the authorities nearly always favour the client in the event of a complaint, so access to proof of innocence is paramount. The UK’s PPI misselling scandal is a prime example.  The Financial Ombudsman found that unless a firm can provide irrefutable evidence that PPI was not mis-sold, it would conclude that the company involved was culpable. It’s a decision that so far has cost the UK financial services sector more than £35bn in compensation.

Quality counts

Given that conversations often continue over phone, email, SMS, a company will need a holistic view of compliance across all channels. When it comes to face-to-face, scribbled notes on a pad probably won’t cut it. Rather a network-based call recording service should enable organisations to meet MiFID II mobile voice recording requirements and achieve FCA compliance without compromising the user experience. As long as it’s not reliant on an app, conferencing or streaming, the service should be robust and tamper proof.

[easy-tweet tweet=”Being able to intercept GSM calls will guarantee clear playback of calls.” hashtags=”tech, comms, cloud”]

Naturally, the quality of the recordings is outstanding. Should a query arise, the content must be of sufficient quality to hold up to scrutiny. Being able to intercept GSM calls will guarantee clear playback.

A big mess of data

The implications for the recording of conversations are far-ranging. The regulations don’t just infringe on conversations across all devices and locations ( to cover remote working), they also infer that a business must put in place processes for the routeing, reviewing and monitoring of these conversations on both company-provided and privately-owned devices (if the latter is ever used for work purposes). This in return could create a big mess of data.

Marie Kondo’s bestselling book, The Life-Changing Magic of Tidying Up: The Japanese Art of Decluttering and Organising, helped people create order from chaos. Some of the methods Kondo outlines can be applied to MiFID II: her transformative one-time organising event against clutter can be likened to using a high availability infrastructure, in which data is indexed with rich metadata for quick discovery to reap results very quickly. To paraphrase Kondo, a company’s data should ‘spark joy’. While indexing can help to create this spark, a security breach will snuff it out immediately. This makes encryption imperative for all data.

Stronger data protection

[easy-tweet tweet=”While indexing can help to create this spark, a security breach will snuff it out immediately.” hashtags=”tech, cloud, IT”]

The General Data Protection Regulation (GDPR) Act comes into force about the same time as MiFID II. GDPR will strengthen the 1998 Data Protection Act and will penalise companies who fail to protect an individual’s data – so any recording policies under MiFID II will need to be considered within the context of preventing possible intrusions into privacy. For instance, firms will need to find a viable way of ensuring business calls are recorded on a device, without also recording personal calls – given that merely the act of recording them (let alone listening to them) would infringe GDPR.

In short, there’s a great deal for businesses to consider in the new regulations, and currently not nearly enough information to provide meaningful guidance. The burden to comply with MiFID II and the GDPR Act will rest solely on the firms involved, so I would urge companies to start on the necessary preparations now. The changes will be upon us before we know it.