The Markets in Financial Instruments Directive, commonly know as MiFID II, is the latest in a series of new rules and regulations that govern electronic communications, regardless of type and where they occur. MiFID II impacts all manner of financial services firms from investment banks, retail banks, insurance firms and market infrastructure providers. It is due to come into force in January 2018.
Some consider MiFID II to be one of the most sprawling pieces of financial legislation ever devised, and as a result will present numerous challenges for those looking to achieve compliance ahead of the deadline in early 2018. One thing is for certain - achieving compliance won’t happen overnight.
Of all the new requirements included in the new legislation, one of the more contentious aspects is the change in requirements relating to the recording and archiving of telephone calls.
The Financial Conduct Authority (FCA) currently mandates that only the telephone conversations of individuals directly involved in trading need to be recorded, but MifID II broadens the scope considerably to include anyone involved in the advice chain that may result in a trade. Naturally, this has a significant impact regarding the scope of whose conversations must be recorded once the new legislation takes effect. Conversations between the likes of wealth managers or independent financial advisors and their clients will now all fall under this scope, where previously they did not. Furthermore, the legislation applies to both fixed line and mobile conversations, and all calls must be stored and accessible for a minimum of five years after taking place (seven in some instances).
This particular portion of MiFID II is causing a certain degree of consternation. Perhaps unsurprisingly, before MiFID II was announced, few financial institutions had the infrastructure in place to meet it and many are still working on how best to achieve the compliance requirements. Fortunately for those that don’t have the necessary in-house resources, a variety of call recording and archiving solutions are available from third party organisations, which can help to achieve compliance right out of the box. However, choosing the right one can prove difficult without the necessary knowledge of what to look for in a solution. Below are a series of key considerations when assessing the various call recording and archiving solutions available today. While this list is by no means exhaustive, it should serve as a benchmark upon which to review potential solutions. Any offering that doesn’t meet these considerations is unlikely to fulfil the requirements set out by MiFID II and should be avoided:
1. Recording of calls across all platforms
MiFID II mandates that calls must be recorded across both mobile and landline platforms, so it is critical to ensure any solution being looked at has the capability to do this, as many out there cannot. The best solutions are also capable of recording SMS and instant messenger channels as well, so be sure to check this as well during any consultation periods if it is required.
2. Scalability and ease of implementation
Will implementing the new solution result in business down time and therefore, loss of revenue? If so, this creates problems of its own. Many cloud-based recording and archiving solutions no longer require any on-site installation, eliminating disruption incurred as a result. Scalability is also a major factor. Can the solution scale up to cover busy periods, whilst scaling down to save the organisation money during quieter periods? If not, a company may end up overpaying for recording capacity they aren’t using, or having to buy additional capacity at premium pricing on short notice.
3. Easy access to call recording archives
Cloud-based recording and archive solutions offer the ability to access call recordings and archives from anywhere, at any time via a secure online portal. This is particularly beneficial to organisations spread over multiple sites or countries. Vendors specialising in on-site recording and storage often cannot deliver this same level of flexibility in terms of recording accessibility, so be careful to ensure any solution being considered can match the needs of the organisation.
4. Protect recordings with secure storage and encryption
MiFID II mandates that call recordings relating to a financial transaction must be stored for five years after the transaction was made, a significant rise from the six month period currently mandated by current FCA legislation. Not only does this impact heavily on storage resources, but it also presents security challenges, particularly if the recordings contain sensitive financial information. After all, five years is a long time to keep data safe. Only recording and archive solutions that offer the latest levels of data encryption and provide guarantees about who is able to access recordings should be considered. If a vendor is using outdated encryption or does not offer ongoing guarantees regarding upgrades to security as/when they become available, they should be avoided at all costs.
5. Additional ROI through compliance with additional data standards
Whilst the primary driver for implementing a suitable call recording and archiving system is to achieve MiFID II compliance, many of the solutions available also offer additional layers of compliance such as the Payment Card Industry Data Security Standard (PCI DSS) and BS10008; governing whether recorded content is legally admissible in court if required. These data standards can bring additional return on any investment made and should be considered when choosing a suitable solution.
With the final implementation deadline for MiFID II now just a little more than a year away, financial organisations affected by it should already be well on their way to ensuring compliance. When addressing the new legislation related to call recording and archiving, thankfully organisations have a number of avenues that they can go down. For those not choosing the in-house route, there are numerous excellent solutions available from third parties. However, great care must be taken to ensure that the solutions on offer will actually help the organisation to achieve all of its compliance goals, rather than just some of them.