Are you exempt?
My firm works closely with the Senior Regulatory and Financial Crime Specialists at the biggest consulting firms. We also work with First Line of Defence and Compliance Officers from investment firms of all sizes.
As MiFID II and GDPR loom the top tier financial firms are relatively clear on what they have to do in getting new policies and technology in place, but worryingly the smaller firms often are not.
Some of the most concerning scenarios are smaller firms seemingly looking to avoid rather than adhere. A risky strategy to be sure.
The worse case I know of is a tier 2 investment bank COO, that while paying for over a hundred new company mobile phones said his firm was “exempt from recording because the bank’s policy bans the use of mobiles for business“. The question begs “so; why buy the phones?”
* In 2013 in response to scandals, including LIBOR fixing the Parliamentary Commission for Banking Standards (PCBS) made recommendations on how to improve standards in the banking sector, including a new accountability framework focused on certification of senior management (including the Senior Managers’ Regime (SMR) and Certification Regime (CR) for senior bankers) for better standards of conduct at all levels. The SM & CR carries heavy penalties for poor oversight as its purpose is to;
* encourage a culture of staff at all levels taking personal responsibility for their actions.
* make sure firms and staff clearly understand and can demonstrate where responsibility lies.
My best advice when asked “can my firm can avoid compliance?” is “if you are responsible as a managing partner, board member or governance professional, its best to be conservatively prudent and adopt a ‘belt & braces’ approach to clearly show that you are embracing the spirit of the regulations, and technology is your friend.”
From my own observations and discussions with regulatory consulting firms there are three obvious steps to take in complying with MiFID II communications recording.
1. Ban Consumer Apps and record all Authorised and Controlled Business Communications Channels
2. Provide your employees with best in class Mobile Business Communication Apps as this is the lowest control modality
3. Implement strong punitive outcomes for policy breaches
Our best advice is that unless a reputable regulatory specialist law firm offers written proof of your firm’s exemption citing an actual provision within MiFID II that they are using as the basis of their analysis, it is risky to assume exemption.
Lee C. Stonehouse is the Founder & CEO of VENNCOMM a City based Compliant Communications Firm.