MiFID II - Is your business technology compliant?
What is MiFID II?
MiFID stands for the Markets in Financial Instruments Directive. The directive is part of a package of European Union laws aimed at creating a single, more competitive financial services market across EU member states. In particular, MiFID aims to consolidate rules governing the activities of financial services firms, to promote cross border business, increase market transparency and improve investor protection.
Does MiFID II apply to you?
MiFID II directly applies to investment firms with registered offices in an EU state and financial services doing business in the European Economic Area. It will affect all participants in the EU's financial markets, whether they are based in the EU or elsewhere, including providers of asset management and custodial services. MIFID II also applies to European providers of MiFID services in the European Economic Area (EEA), such as investment managers of pension funds, European firms which provide MiFID services and to a certain extent credit institutions.
There are exemptions but the scope covers investment banks, portfolio management firms, stockbrokers and broker dealers, corporate finance firms, most asset management and advisory firms, futures and options firms and commodities firms. Retail banks and building societies will be subject to MiFID for some parts of their business.
What do you need to do to be compliant?
The Financial Conduct Authority (FCA) currently mandates that only the telephone conversations of individuals directly involved in trading need to be recorded, but MiFID II broadens the scope considerably to include anyone involved in the advice chain that may result in a trade. Furthermore, the legislation applies to both fixed line, mobile conversations and messaging, and all calls must be stored and accessible for up to 7 years after taking place.
Article 16(7) of the Directive states that: “Records shall include the recording of telephone conversations or electronic communications relating to, at least, transactions concluded when dealing on own account and the provision of client order services that relate to the reception, transmission and execution of client orders.”
Article 16(7) also makes it clear that: “Such telephone conversations and electronic communications shall also include those that are intended to result in transactions concluded when dealing on own account or in the provision of client order services that relate to the reception, transmission and execution of client orders, even if those conversations or communications do not result in the conclusion of such transactions or in the provision of client order services.”
What conversations need to be recorded?
Conversations involving transactions and those intended to involve transactions, must be recorded and kept. Telephone conversations to include mobiles, landlines and softphones. Electronic communications to include email, fax, SMS, video conferencing, chat, IM and all mobile device applications and B2B devices. This is left deliberately open to encompass all future technology developments, as all conversations that fit the criteria need to be captured. To ensure you are fully compliant, your business needs to invest in a unified communications solution for recording and storage of all interactions and conversations.
1. High Quality Call Recording
“A firm must take all reasonable steps to record telephone conversations, and keep a copy of electronic communications” in relation to in-scope activities. In-scope conversations include conversations:
- directly related to the conclusion of the transaction
- intended to result in a transaction insofar as those calls are linked to a reasonable prospect of the firm bringing about a transaction
- on equipment provided by the firm to employees and contractors, or where use has been permitted or accepted by the firm.
2. Storage for at least 5 years
All communications and conversations need to be stored for five years from the date it took place, unless the FCA requests a period of seven years. Any amendments to records must have an audit trail. Investment firms need to keep and regularly update a record of those individuals who have firm devices or privately owned devices approved for use by the firm. Records need to be stored in a durable medium which allows them to be replayed or copied, and they must be retained in a format that does not allow the original record to be altered or deleted.
3. Need to accurately and quickly reconstruct conversations
All communications and conversations need to be accessed readily and each key stage of the transaction process can be reconstructed. This is easier with search and replay functions, call authentication and event reconstruction.
4. Accurate information confirmed and reported to regulators
Firms need to ensure the quality, accuracy and completeness of the records of all telephone recordings and electronic communications. Records shall be stored in a durable medium, which allows them to be replayed or copied and must be retained in a format that does not allow the original record to be altered or deleted.
5. Evaluation and monitoring of recording processes
Firms need to monitor compliance of recording procedures in place and the adequacy of these procedures. Firms need to ensure records are readily accessible and records accurately reconstruct the audit trail of a transaction.
In summary, requirements your company needs to meet:
- Storing calls for five to seven years
- Communications are stored in a durable medium
- Communications are readily accessible and available to clients
- Monitoring the quality, accuracy and completeness of telephone recordings
Technology for MiFID II compliance - that's where we can help. Our MiFID II technology solutions provide:
- Integration of a comprehensive suite of call recording and PCI compliance services, SIP trunking and cloud telephony to provide a holistic voice security solution to meet MiFID II requirements.
- Network based mobile and fixed line recording capabilities, with a 7 years storage inclusive option.
- A single secure portal and cloud security for all your call recordings.
- We can secure all legacy call recordings in the only VISA Europe approved solution on the market today.
- Telefonix can consult on which solutions are best for your business depending on size and requirements for full compliance to MiFID II and other regulations.
Call recording provides other business benefits. These include monitoring and measurement, employee training, dispute resolution and ongoing compliance with the broader legal and regulatory environment. We’ve discussed the business benefits of call recording on the Telefonix blog.
You need to get the right recording software to ensure you are fully prepared for the MiFID II implementation. We can offer a range of bespoke solutions to connect your entire business and we provide maintenance, helpdesk and quality checks. Our dedicated support team is experienced in the indepth implementation and testing of call recording across all telephony and IP systems, to ensure we have the right technology for MiFID II compliance.
Conclusion: Beyond compliance.
Regulatory compliance is linked to the wider and more urgent issue of cyber security to defend against increasing data breaches and cyber attacks. This is set to come into play with MiFID II for the financial services industry. MiFID II consolidates and focuses requirements around the protection of customer data and the process of transactions.
How your financial organisation guards against future threats comes down to the call recording and compliance solution you choose ahead of MiFID in January 2018 in addition to the more broad-ranging GDPR in May 2018. This technology decision can be overwhelming. There are a lot of options out there and all of them have versions in response to MiFID II.
Telefonix can guide you on all of these connected industry issues and put together a bespoke solution for your specific needs. We provide so much more than just the latest compliance software. We become a partner that helps your business grow through technology transformation.
Contact Telefonix today to discuss your financial services organisation’s needs and find out how we ensure compliance for our clients across a range of legal and regulatory requirements.
For more see the FCA: https://www.fca.org.uk/mifid-ii