It’s now less than six months until the deadline for companies to be compliant with MiFID II. The new directive will apply to many more organisations than before, while there are still deliberations taking place on the unbundling of research.
For some organisations, the deadline of January 2018 is encouraging them to view the end of the year as the time to implement. But with the Christmas break and the inevitable seasonal staff exodus, this could represent a significant risk to those not looking to deploy and test earlier. For those that wait, the cost may be higher with compliance teams working overtime to get to grips with the many elements of MiFID II – not just mobile and fixed line call recording.
So how should you avoid the rush? Starting your project earlier will, naturally, help. Looking specifically at call recording then, on the basis you have defined the solution(s) you’ll be deploying, you need to document (phase 1) and then implement, test and refine (phase 2).
You’ll need to set out all your policies and procedures for your mobile and fixed line call recording and data retention. This will require the involvement of technical and compliance teams. Among other things you’ll be documenting where data is stored, how long for, how you’ll retrieve it, who has access to it, how you’ll manage regulatory requests and who will be informed and involved internally, your processes for the proportional review of call data, which personnel will be recorded, and the mechanisms you’ll employ to inform your clients that calls will be recorded.
While it’s possible to document much of this before you implement your chosen solutions, it’s likely that refinement will be required post deployment and testing, and so you should build a buffer here in your project timeline for fine tuning.
The implementation is generally the part that can be underestimated by firms, especially those looking at hosted mobile and fixed line call recording solutions. It’s true that deployment is greatly simplified with hosted solutions when compared to on premise fixed line recording or application based mobile recording. Hosted means there’s no end user training required, simplifying what firms need to do to achieve compliance. Because we make the deployment so easy, testing sounds like it should be the simplest area – it is. But it’s also one of the most important because while end users don’t require training or testing in a hosted scenario, compliance teams always will, regardless of the solution.
Compliance teams need to ensure solutions are implemented ahead of the legal requirement to enable them to carry out reviews of call records and fine tune the practices and aforementioned documentation. After all, it’s the compliance teams, not the end users that will be called upon initially where a regulatory request is concerned.
Many of the firms we’re working with are in some cases overstating the time their compliance teams may need to plan and document their processes and become familiar with them – it’s a sound strategy, and those that prepare now will be in a far stronger and safer position at the turn of the year. Our advice to firms looking at their call recording requirements would mimic this outcome – don’t get caught in the December rush and instead plan your deployments across Q4.