Our experience as a global compliance IT services integrator to major banks globally for nearly 50 years shows us that Banks & Financial institutions have historically used a silo based structure to organise their business.
Within these groups you would then normally see subsections of products that would organically align with the main product.
But with the influx of new regulations and banks coming under increasing pressure to adapt to these new rules, we anticipate that a new organisation structure could start materialising to cope with these demands.
The current structure of silos of responsibility has been in place for many years. With the arrival of new rules under MIFID II in 2016, I believe that Compliance will have a greater role to play in the future of the Information technology in the Financial Markets. My experience in running Voice for Tier one banks for many years with a goal of 100% availability rates is that this can now largely be achieved with the right application of knowledge, process and support from your integrator. So what’s next?
The Draft technical oversight issued by ESMA, in June of this year, could have a profound impact on the way that banks organise their technology. To begin with, the advice requires "Ownership" of the records management process for telephone conversations and electronic communications at a senior level. The current silos of responsibility for Networks, Market Data & Data Centres etc. may not be the optimal arrangement for achieving this.
The advice goes further in requiring a "Written" policy that lays down how the firm establishes, implements and maintains an effective policy for keeping these communications. Given the complexity of most organisations communications infrastructure, this might signal a change to allow firms to better identify communications used in their business. A new silo responsible for compliance records retention could take on many of the responsibilities that have been given to other silos out of convenience.
The Compliance infrastructure Silo might, for example, take over the responsibility for the “Vendor”, “Technology” & “Data” management of those solutions used by the firm. This new organisational Structure would be the "Go To" place for any kind of discovery in the firm and would have a high level responsibility for the implementation and maintenance of services that came under its remit.
A current example of where this would help is in mobile call recording. All too frequently the addition of mobile recording is done as an afterthought to a much larger mobility purchasing decision, even when the provider has no immediately available solution. This leaves some firms having to shoe horn in a sub-standard solution that can leave records outside of the firms normal records retention policies and increase the total cost of retention. Recordings maintained outside of a firm's normal systems and procedures are prone to being left out of discovery requests, costing more to recover and expensive to bring in line with retention policies.
An approach that fragments records retention through each different silo increases risk. A compliance infrastructure area would be the knowledgeable single point of responsibility for your records retention to reduce the risk of allowing communications to go unrecorded, different retention policies implemented and access to inaccessible records costing more, or taking longer, than it should. If you are able to achieve 100% availability of your voice network then you also need to achieve this with your recording infrastructure. We all know that losing a turret is bad. What about losing a recording or a day of recordings? Recent fines show how important it is to maintain a complete and accurate record of your firm's communications.
As a consequence, the wake of the “less than anticipated” impact of records retention in Dodd-Frank, the requirements of MIFID II for records retention are much wider. They may force some firms to look at their organisational structure and decide that Compliance needs to play a commanding role in the procurement, implementation and on-going management of these systems.
At IPC, we can help to expose these issues and suggest solutions that put you in control, make you aware of system outages or failures, and ensure that you know how robust your record keeping is before the regulator comes knocking.