On the 3 January 2018, MiFID II (the second Markets in Financial Instruments Directive) will come into effect. It stipulates that anyone involved in the advice chain for an intended trade, must record and retain their mobile communications for five years.
In the second instalment of our MiFID II blog series, Alex Phillips, Head of Mobile at Adam Phones, discusses the current situation with the official deadline less than a year away.
January 2018 isn’t that far off, how prepared are these organisations for mobile voice recording?
Hedge funds are typically smaller in headcount than banks, so their view can be more reactive to large-scale change – simply as a result of the operational requirements, as many may not have dedicated compliance teams or officers. The cost of recording alone for them can be high, which can also bring about delays in implementation until absolutely necessary. But they know it’s coming, and there’s overall acknowledgement to ensure solutions are in place ahead of regulatory deadlines.
The operational overhead for some of these firms will be significant. They’re currently in a world where they probably need to record information for a small number of employees and store that data for a relatively short period. However, they’re facing a move to a place where more of their staff will need recording, the storage durations will be far longer, and monitoring a proportion of that data will be introduced. All of this put together will represent a massive operational uplift for many firms.
The challenge will be greater for those implementing call recording for the first time. Hedge funds will already have regulated personnel in their organisations so call recording – and the notion of MiFID regulation overall – is a known quantity. However, some companies will be experiencing MiFID regulation for the first time and so will be operating from more of a “standing start”.
For traders, how will this affect the trading floor?
It’s always been the rule that you can’t take personal mobiles onto the trading floor or trade over mobile phones. When the MiFID I came into effect in 2011, many organisations just stipulated that everything had to be conducted over fixed line communication – and this was used to avoid implementing Mobile Voice Recording (MVR) at some organisations.
What’s changing with MiFID II is the reference to “anyone involved in the advice chain” and “potential trade” rather than “conducting trades themselves”. In terms of working practices it will no longer be a viable solution to say “don’t use your mobile to discuss a trade”, people simply wouldn’t be able to do their jobs this way in 2018.
How will firms handle the increased duration of data retention?
It’s a big change. Under MiFID I organisations were looking at six months, and now they’re facing 60 months as a minimum. Five years sounds like a long time, and some firms will focus very heavily on the storage element – viewing it as potentially a major headache, but there are also many benefits.
If we look back to MiFID I, the costs of storage were far higher than they are today. Additionally, cloud storage is now something of a defacto standard – whereas a few years ago many firms still wanted their storage solely on-premise. Had the five-year data retention come into force in 2011 rather than today then it may have been a different story. However, the flexibility of cloud storage -with no equipment to install and maintain and the options of where your data can be stored geographically – makes the five-year storage period far more manageable, both from a cost and operational perspective.
There are also benefits to be realised from retaining data for longer periods. The longer you retain records, the more business intelligence you have to draw from and ultimately the more protected you are as an organisation.
There can be no denying companies face an uplift in some areas with the move from six months to five years, but the requirements of the regulators are not unrealistic and can be met with today’s technology.
There’s an increased use of instant messaging in business, such as WhatsApp. How does an organisation cope with these forms of communication under MiFID II?
Many instant messaging solutions are now used in business. However, an enhanced consumer need for privacy has led to all the popular instant messaging platforms encrypting their data so that it cannot be monitored by internal systems. So while organisations cannot monitor these communications, they can prevent the installation of these applications via Mobile Device Management (MDM) solutions for company-controlled devices.
There also needs to be a delicate education lesson. Letting personnel know why they cannot use some of the applications they would normally wish to and are accustomed to, in assisting with compliance and protecting company reputation is a worthwhile exercise.
Ultimately organisations need to close as many loopholes and conversation streams as possible to prove – in the instance of an indiscretion – that the user went so far out of the way that the blame lies solely with them, and not the company.