The original Markets in Financial Instruments Directive (MiFID) was introduced by the European Union (EU) in response to the 2008 financial crisis. It is a set of reforms for the financial industry, designed to prevent history from repeating itself in the same way. The successor to this legislation, MiFID II, is due to come into force in January 2018 and will place stringent requirements on call recording, transparency and disclosure in financial services.
However, with less than six months to go before the legislation comes into force, there is evidence that awareness about the impact of Brexit on MiFID II is, at best, no more than patchy. Despite this being one of the most significant updates to regulatory legislation in the European financial sector, recent research by Aeriandi suggests widespread misconceptions: one in four IT managers and decision makers and risk and compliance managers within UK financial services businesses said that they believe that leaving the EU means that their organisation will be exempt from MiFID II compliance.
Impacts to business
A key aspect of the new legislation is the changes in requirements relating to the recording and archiving of telephone calls. UK regulator the Financial Conduct Authority (FCA) currently mandates that only the telephone conversations of individuals directly involved in trading need to be recorded, but MiFID II broadens the scope considerably to include anyone involved in the advice chain that may result in a trade.
Naturally, this has a significant impact regarding the scope of whose conversations must be recorded once the new legislation takes effect. Discussions between the likes of wealth managers, or independent financial advisors and their clients, will now all fall under this scope – where previously they did not. Furthermore, the legislation applies to both fixed line and mobile conversations, and all calls must be stored and accessible for a minimum of five years after taking place (seven in some instances).
This particular portion of MiFID II is causing a certain degree of consternation. Perhaps unsurprisingly, before MiFID II was announced, few financial institutions had the infrastructure in place to meet such a requirement and many are still working on how best to achieve compliance. Fortunately for those that don’t have the necessary in-house resources, a variety of call recording and archiving solutions are available from third party organisations, which can help to achieve compliance right out of the box. However, choosing the right one can prove difficult without the necessary knowledge of what to look for in a solution.
Compliance with call recordings
The MiFID II mandate that call recordings relating to a financial transaction must be stored for five years after the transaction was made represents a significant rise from the six- month period mandated by current FCA legislation. Not only does this more demanding requirement impact heavily on storage resources, but it also presents security challenges, particularly if the recordings contain sensitive financial information. After all, five years is a long time to keep data safe.
Only recording and archive solutions that offer the latest levels of data encryption and provide guarantees about who is able to access recordings should be considered. Where a vendor is using outdated encryption, or does not offer ongoing guarantees regarding upgrades to security as/when they become available, they should be avoided at all costs.
Whilst the primary driver for implementing a suitable call recording and archiving system is to achieve MiFID II compliance, many of the solutions available also offer additional layers of compliance such as the Payment Card Industry Data Security Standard (PCI DSS) and BS10008; governing whether recorded content is legally admissible in court if required. These data standards can bring additional return on any investment made and should be considered when choosing a suitable solution.
Firms need to act now
Firms must realise that MiFID II is no longer a distant dot on the horizon. Its deadline on 3rd January 2018 is now rapidly approaching and will have far-reaching implications for any firm dealing with and processing financial instruments.
Compliance and IT teams will need to work together and determine whether they have adequate systems in place to implement the required processes and procedures for MiFID II compliance. Many organisations will need to procure and roll out a new set of tools or risk significant financial penalties.