By Robert Powell, Global Director of Compliance at IPC for bobsguide – first published March 29, 2017
With MiFID II implementation high on financial firms’ agenda, there is going to be a major change in the way that trading communications are recorded and stored. Both mobile and electronic trading communications have increased significantly over the last few years, which is reflected in the new rules that extend the scope of communication recording and surveillance to include all types of interactions, including text, IM, email, mobile, and social media. This is an ever-growing challenge for financial firms who must capture data from all their regulated users involved in pre-, during and post-trade activities and include communications from far beyond the trader’s turret.
Under MiFID II, records will also need to be retained for a period of five years, which will push firms to review and update their retention strategies. In the United States, the Commodities Futures Trading Commission’s (CFTC) rules require voice calls to be retained for one year while text communications are retained for five years.
One of the biggest change for businesses is that these new interactions are creating significantly greater volumes of data from disparate sources that must be retained and managed for potential regulatory requests and review. Unsurprisingly, most firms want to manage this data holistically as opposed to using a resource-intensive and siloed approach to each type of data source. It’s becoming increasingly important for firms to rely on a platform that stores and catalogues both e-communications and voice communications – seamless capture, archive and analytics through a convenient and cost-effective cloud-based system instead of one requiring more onsite infrastructure and people to manage.
Record retention and voice recording
With regards to voice recording, MiFID II stipulates that firms must conduct surveillance of key communications to ensure that they are compliant with market rules. In order for this to be effective, clever technology will need to be deployed; technology that can identify the context and impact of what is being spoken about, and can deliver insight into risks to ensure no wrongdoing is occurring.
Most financial markets records retention regulations also demand electronic communications and voice recordings be preserved, as far as possible, in their original form. This can be challenging when managing voice recordings should the quality of audio recordings not be good enough. Furthermore, voice recordings take up a lot of space so firms will need to ensure that they have adequate storage to hold this data. The good news is that the market is responding and newer communication devices are offering pristine audio for compliant call capture, retrieval and analytics to meet regulator requests.
Another challenge firms are facing is that many have legacy platforms that were built to meet the initial demand for WORM (write-once, read-many) storage at the advent of Dodd-Frank’s records-retention requirements. However, these systems are aging, and many are, or soon will be, end-of-support or end-of-life. Businesses are subsequently facing a costly hardware refresh and many are looking to outsource their archival.
Reducing risk holistically
As the European regulatory environment becomes more complex – and upcoming regulations such as General Data Protection Regulations (GDPR) will only add to the complexity – there is a growing need for a unified archiving platform for customers providing a single pane of glass into all of their communications. Increased regulatory requirements have also added several important reasons to automate the archiving process which should be heeded for customers to remain competitive. Firstly, customers must attest that records have not been altered at any point in the archiving process, and they must remain tamper-proof for the duration of their retention. Secondly, customers must have tighter control over enforcing their retention policies across all forms of communications, and further ensuring that they are not over-retaining data – something GDPR refers to – by having a defensible set of policies and procedures for deletion. Finally, when needed, customers must be able to quickly reproduce all communications leading up to a specific transaction or in a given time period.
The increasing breadth and complexity of record-keeping and record-delivery guidelines is pushing firms to find a way of holistically managing all communication data from the point of origination through capture, archive and transaction analysis. Indeed, this will be a competitive advantage for financial services firms that want to ensure that they comply with regulatory requirements, such as MiFID II, as efficiently as possible and improve their risk management capabilities.
With less than a year to go until MiFID II is enforced, firms need to be taking steps – if they aren’t already – to put tools and processes in place that will meet the new regulations around voice recordings and archiving. They should be focusing on finding means of capturing calls more efficiently and effectively, and implementing a unified archive that will guarantee the safe keeping and easy access of their data for the following five years. It’s crucial that businesses remain compliant without the risk of any misunderstandings – the repercussions of failing to do this are just too high.