There’s quite a pithy saying which goes: “Words are free. It’s how you use them that may cost you.” Words can certainly incriminate a person – if they’re used to persuade, cajole and misrepresent a situation. For this reason, a section of MiFID II (The Markets in Financial Instruments Directive), now stipulates that any firm which provides financial services to clients linked to ‘financial instruments’ will have to record and store all communications that intend to lead to a transaction.
This is a considerable escalation of existing compliance obligations. Since 2011, there’s been a mandate in place to record conversations between traders and their customers, whether on fixed or mobile phones, including voice and SMS. However, the increased scope of MiFID II is such that, from January 2018, 300,000 individuals in the UK alone (compared to 30,000 traders previously) will now fall under the new regulation; meaning many more firms will need to scale-up to manage an expected explosion in data.
In fact, MiFID II won’t just affect more people, it will also extend its tentacles into all forms of communication; including face to face meetings. These conversations won’t necessarily need to be recorded but, at the very least, they will need to be captured in written minutes or notes, which would then be stored in a durable medium for up to five years (seven years if requested by the authorities).
How a firm chooses to chronicle these face-to-face conversations is down to them, but relying on manual notes alone could create more work and incur more risk than simply taping the conversation in the first place (following the customer’s permission of course).
Given the likelihood of being drawn into a customer complaint, ready access to proof of innocence is a lifeline (and now a legal prerequisite). In the financial services industry, the assumption of guilt is such, that the authorities will nearly always favour the customer. The PPI scandal is a case in point. The Financial Ombudsman stated that unless a firm can provide irrefutable evidence that PPI was not mis-sold, it would conclude that the firm involved was culpable. The decision so far has cost the UK financial services sector more than £35bn in compensation.
Given that conversations often continue over phone, email, SMS, a company will need a holistic view of compliance across all channels. When it comes to face-to-face, scribbled notes on a pad probably won’t cut it.
Thanks to advances in technology, the act of making the recording can be very straight-forward. A network-based call recording service should enable organisations to meet MiFID II mobile voice recording requirements and achieve FCA compliance without compromising the user experience. As long as it’s not reliant on an app, conferencing or streaming, the service should be robust and tamper proof.
Naturally the quality of the recordings is important. Should a query arise, the content must be perceptible enough to hold-up to scrutiny. Being able to intercept GSM calls will guarantee clear playback.
Keep it tidy
The stipulations pertaining to the recording of conversations is only captured in a small section of the directive. However, the implications are far-ranging. The regulations don’t just infringe upon conversations across all devices and in all locations (i.e. to cover remote working), they also infer that a firm has to have processes in place for the routing, reviewing and monitoring of these conversations on both company-provided and privately-owned devices (if the latter is ever used for work purposes). This could prove a colossal undertaking and lead to an almighty mess of data.
Marie Kondo’s bestselling book, The Life-Changing Magic of Tidying Up: The Japanese Art of Decluttering and Organising, made decluttering an international conversation. In a bid to keep things tidy, Kondo helps people create order from chaos. Thinking creatively, some of her methods can be applied to MiFID’s implementation.
Firstly, the war on clutter should require a rapid, dramatic and transformative one-time organising event. Using a high availability infrastructure, in which data is indexed with rich metadata for quick discovery would equally reap results very quickly, ushering a Marie Kondo inspired sea of calm.
Let it spark joy
Continuing the Marie Kondo theme – a company’s data should ‘spark joy’. While indexing can play a major role in creating this spark; a security breach will quickly extinguish it. This is why encryption is an imperative, for all data - in transit, as well as in rest.
The General Data Protection Regulation (GDPR) Act will come into force around the same time as MiFID II. GDPR will strengthen the 1998 Data Protection Act and heavily penalise companies for failing to protect individuals’ data – meaning any recording policies under MiFID II will need to be considered within the context of preventing potential intrusions into privacy. For instance, firms will need to find a viable way of ensuring business calls are recorded on a device, without also recording personal calls – given that simply the act of recording them (let alone listening to them) would infringe GDPR.
In short, there’s an awful lot to consider, and not nearly enough information in the regulation to guide companies accordingly. Given that the burden to comply will rest solely on the firms involved, I would urge companies to make the necessary preparations now. The clock is ticking.
James Foley is vice president of customer experience at BT smartnumbers.