CITY AM Newspaper Article

The EU’s MiFID II financial regulations come into force in just four months and around the world financial institutions remain confused and challenged about how to comply.

MiFID – the “Markets in Financial Instruments Directive, Phase II” – introduces a raft of new rules for the finance industry, above all covering trades and transactions.

THE CLOCK IS TICKING

Among the most onerous is a new requirement that all electronic communications and phone calls that possibly relating to financial transactions must be recorded and logged.

They also have to be stored and retrievable with perfect recall.

Capturing emails is one thing, but no International banks or hedge funds I know of are geared up to record all calls. And time is running out.

COMPLACENT ABOUT COMPLIANCE

Recent discussions with friends in very different institutions reminded me again how under-prepared even the biggest firms are.

Many have only recently understood that MiFID II does not just affect businesses in Europe, but firms based anywhere but doing business in the EU.

Any bank anywhere in the world which is trading with an EU partner has to record and store communications to be compliant.

TRYING TO NEGOTIATE THE MINEFIELD
Across the board firms say that capturing mobile phone communications in particular has become a minefield.

The impact of BYOD –“bring your own device” – means that more and more employees now routinely use their personal phones to make unrecorded business calls.

UNAUTHORISED APPS

It gets worse.

Some rogue employees are using employer-banned consumer apps like We Chat and WhatsApp for doing business, in full knowledge that voice calls on them cannot be recorded.

Ephemeral messaging apps like Snapchat are even more difficult as they leave no permanent record of what’s been said, by who, or even to whom.

Banning it seems is not enough.

THE BIG BOMBSHELL
When the new regulations come into force on 3 January 2018, a lot of financial institutions may hope that logging and recording fixed line communications will at least give the semblance of compliance, despite knowing that employees using their own Apps could prove to be a compliance bombshell.

DRACONIAN DEMANDS
As a regulated Broker myself, I witnessed the looming clash between the draconian demands of the new rules and the reality of a world in which people are so attached to the functionality of their smartphones that they can’t be persuaded to use less cool enterprise software.

That awareness shaped the way VENNCOMM developed its mobile platform and App to automatically record and log every business text or call globally while also being reliably compliant.

Banks and hedge funds are now urgently seeking this type of service.

Whatever vendor solution they choose, the banks have woken up to the realities of a world in which business is increasingly done on BYOD mobile devices.

Banning use of unauthorised apps is one vital step. The other is to make use of enterprise apps which let you use your own phone but log and record every business call in compliance with the new rules.

Lee Stonehouse is the Founder and Chief Executive of communications firm VENNCOMM.

 

As MiFID II and GDPR loom the top tier financial firms are relatively clear on what they have to do in getting new policies and technology in place, but worryingly the smaller firms often are not.
Some of the most concerning scenarios are smaller firms seemingly looking to avoid rather than adhere. A risky strategy to be sure.
The worse case I know of is a tier 2 investment bank COO, that while paying for over a hundred new company mobile phones said his firm was “exempt from recording because the bank’s policy bans the use of mobiles for business“. The question begs “so; why buy the phones?”

*  In 2013 in response to scandals, including LIBOR fixing the Parliamentary Commission for Banking Standards (PCBS) made recommendations on how to improve standards in the banking sector, including a new accountability framework focused on certification of senior management (including the Senior Managers’ Regime (SMR) and Certification Regime (CR) for senior bankers) for better standards of conduct at all levels. The SM & CR carries heavy penalties for poor oversight as its purpose is to;

*  encourage a culture of staff at all levels taking personal responsibility for their actions.
*  make sure firms and staff clearly understand and can demonstrate where responsibility lies.

My best advice when asked “can my firm can avoid compliance?” is “if you are responsible as a managing partner, board member or governance professional, its best to be conservatively prudent and adopt a ‘belt & braces’ approach to clearly show that you are embracing the spirit of the regulations, and technology is your friend.”

From my own observations and discussions with regulatory consulting firms there are three obvious steps to take in complying with MiFID II communications recording.

1.  Ban Consumer Apps and record all Authorised and Controlled Business Communications Channels
2.  Provide your employees with best in class Mobile Business Communication Apps as this is the lowest control modality
3.  Implement strong punitive outcomes for policy breaches

Our best advice is that unless a reputable regulatory specialist law firm offers written proof of your firm’s exemption citing an actual provision within MiFID II that they are using as the basis of their analysis, it is risky to assume exemption.

Lee C. Stonehouse is the Founder & CEO of VENNCOMM a City based Compliant Communications Firm.