MiFID II will change businesses call recording policies

Most Financial Firms, both Sell and now Buy Side Firms, have a phone call recording policy. Many of them, however, are still unclear about what aspects of call recording are legal. This lack of clarity can have potentially damaging financial, legal and reputational consequences.

From regulatory compliance and dispute resolution to training and quality control, businesses have different motivations to record its employees’ phone calls. Such recordings are governed by a number of regulations, many of which are aimed at regulating the financial services sector. In particular, business call recording must adhere to the Data Protection Act 1998 (DPA) and the Regulation of Investigatory Powers Act 2000 (RIPA). The DPA applies because call recording generally results in a business obtaining personal data on someone, while RIPA places limits on when telephone calls can be made.

Call recording regulations for financial services businesses are also going to tighten massively in 75 days time. The revised Markets in Financial Instruments Directive (MiFID II) comes into force in January 3rd,2018 and it will regulate the financial services sector with a new, much stricter set of rules around call recording. The regulation will also be applied more widely than the current requirements for recording phone calls, which apply to about 30,000 City traders.

Instead, MiFID II will apply to all firms that provide financial services to clients whose business is connected to ‘financial instruments’ including Buy Side Firms. This includes shares, bonds, units in collective investment schemes, commodity trades and derivatives, as well the venues where those instruments are traded. MiFID II also includes anyone in the advice chain that may lead to a trade, so the number of individuals falling under the regulation could go up tenfold, to 300,000 in the UK alone. It also includes premises in which these calls or conversations take place, and requires that all “communications that are intended to lead to a transaction” be recorded and retained. Recordings will also need to be stored for longer – for a minimum of 5 years for client and 7 years for regulator data, against the six months currently required.

MiFID II also introduces more robust rules around how businesses should record and store their conversations. It requires all records be kept in a durable medium that allows them to be replayed or copied but which prevents the original being altered or deleted. Orders placed by clients must be made in a durable medium such as mail, fax, email or audio recording of client orders made at meetings. MiFID II also states that businesses must ensure the quality, accuracy and completeness of these records, and they must be stored in a medium that is accessible and readily available to the FCA on request with in  72  hours  of that request. Under MiFID II businesses will also need to review their recordings from time to time to ensure compliance. The FCA suggest 20% of all calls  should be monitored.

Moreover, the new European General Data Protection Regulation (GDPR) comes into force at shortly after MiFID II, on 25th May 2018. The GDPR will supersede national laws such as the DPA and strengthens the protection given to individuals on the data held about them. The GDPR will require firms to pay attention to recording of conversations in the context of data privacy. Businesses will face greater penalties for data misuse under the GDPR – from the current maximum of £500,000 to potentially 4% of worldwide turnover. And re- member that the UK’s eventual departure from the EU will have no impact on any of this legislation. If your customers are in the EU – you must comply. Businesses will need a comprehensive view of their compliance across all communication channels – phone, email, SMS and in person – to meet these new regulations. They will need to demonstrate the policies, procedures and management oversight

of the MiFID II recording and monitoring rules are in place. Non-compliance is serious – in both the financial sense, and the sheer amount of time it takes to resolve if a business is found to be at fault. The good news, with respect to both MiFID II and GDPR, is that compliance is still achievable – in time – if firms take action today.

For help & guidance to prepare & advise Hedge Fund, Wealth Management, Asset Management, Private Equity & Alternative Investment firms on IT, MiFID II Call Recording Compliant Solutions, data storage & management, disaster recovery, back up, cybersecurity, managed solutions, FCA, MiFID II & GDPR regulatory & compliance technology, please  contact Storm IT Financial for more information.

Storm IT Financial FinTech News & Trends picks: Week 16th October – 20th October 2017

‘Striking’ rise in FCA investigations found

There’s been a significant rise in the number organisations subjected to a claim or investigation by the FCA involving senior managers:

http://www.theactuary.com/news/2017/09/striking-increase-in-fca-investigations-against-senior-managers-found/

Industry pushes for a second Mifid II delay

After countless delays, financial institutions are lobbying quietly to have the rules take effect on a Monday:

https://www.fnlondon.com/articles/industry-pushes-for-a-second-mifid-ii-delay-20171013?lipi=urn%3Ali%3Apage%3Ad_flagship3_feed%3BUtvtz42aSs20fq5GyU1UJQ%3D%3D

Fund houses and national regulators battle to be Mifid ready

Widespread uncertainty over complex new regulations linger ahead of
January 3 deadline:

https://www.ft.com/content/5bcaafdc-b022-11e7-beba-5521c713abf4?mhq5j=e5

Mifid II will definitely come into force next January as EUcommissioner rules out further deadline extensions

The EU’s financial services chief has today ruled out any further delay to an apprehensively awaited array of securities market reforms:

http://www.cityam.com/274076/mifid-ii-definitely-come-into-force-next-january-eu

FCA rolls out asset management authorisation hub

The Financial Conduct Authority (FCA) has launched the first phase of its new asset management authorisation hub:

http://bit.ly/2yx7Sm9

FCA issues sandbox progress report

90% of firms that tested products & service ideas in first cohort of the FCA’s regulatory sandbox have progressed towards a wider market launch:

https://www.finextra.com/newsarticle/31224/fca-issues-sandbox-progress-report

5 Predictions on MiFID 2’s Legacy by BBH

Brown Brothers Harriman’s five perspectives on the legacy of this massive MiFID II regulation:

https://ontheregs.com/2017/10/16/5-predictions-on-mifid-2s-legacy/

Duff & Phelps: MiFID II 75 days and counting…

With 75 days until the introduction of MiFID II, there is a palpable sense of panic as the deadline looms:

http://bit.ly/2gqPBMh

UK meets its obligation to transpose MiFID II into UK law on time

Brexit notwithstanding, the UK implemented MIFID II locally on time:

http://bit.ly/2yAMvOc

US finance industry bemoans ‘massive headache’ of Mifid II

Finance trade bodies worry the SEC has been too slow in responding to new European rules:

http://on.ft.com/2yBjWlg

Cheyne Capital Management selects Red Deer for MiFID II research compliance

Red Deer announces Cheyne Capital has selected it’s MiFID II solution to manage its research consumption:

http://bit.ly/2zCVFKj

Why Amazon Won’t Catch #1 Microsoft In The Cloud: Because It’s All About Software

Microsoft will continue to reign over Amazon due to it’s 42-year history of deep immersion in software:

http://bit.ly/2yC2KMJ