MiFID II comes into effect on January 3rd 2018. By then Financial Services providers will need to be able to –

1. REACT TO cases of (potential) malpractice
2. Implement procedures and COMMUNICATIONS’ AUDIT TRAILS that reduce the risk of such occurrences in the first place

The collation of data will also be broadened to INCLUDE ALL COMMUNICATIONS relating to actual and potential transactions.

The penalties for non-compliance will be severe!

In summary –

Reporting
ORGANISATIONS MUST BE ABLE TO SUPPLY REGULATORY AUTHORITIES WITH ACCURATE, COMPREHENSIVE AND CLEARLY INDEXED DATA on specific trades and/or time-frames in an accessible medium on request. (TYPICALLY WITHIN 72 HOURS.) And of course, like its predecessor, MiFID II applies on an EU-wide basis, putting the onus on financial institutions to comply in all territories where they operate, whether that requires a complex, multimarket, multi-vendor solution or not.

Personal / Work Use Overlap
Financial institutions must BAN THE WORK-RELATED USE OF (CONSUMER-FACING) COMMUNICATIONS CHANNELS that cannot be recorded – for example, WhatsApp, WeChat, iMessage and similar. On a related note, employees are also prohibited from ‘advertising’ their personal mobile numbers in a work-related context. (While such measures may be sensible and necessary in compliance terms, they are extremely difficult to police by policy guidelines alone. And for companies looking to benefit from the cost-savings and convenience of BYOD adoption, such restrictions create a real headache on economic and employee-satisfaction grounds.)

Content & Catchment
Under the revised Directive, recordings must be made of any communications linked to an actual or potential trade. This means that ADVISORY CONVERSATIONS AS WELL AS ACTUAL DEALS are now covered by the legislation. In effect, anyone involved in the ‘advice chain’ connected to an actual or putative transaction should now have their communications recorded and retained. Simply put, basically, EVERYTHING NEEDS TO BE RECORDED.

Retention
The new Directive stipulates that ALL DATA RECORDS MUST BE RETAINED IN A DURABLE MEDIUM such as hard-copy, email, fax or audible recordings of telephone conversations and/or face-to-face meetings. Firms will be held responsible for the QUALITY AND COMPLETENESS of their data caches, ensuring that they are made available to regulatory authorities as required. (Typically within 72-hours.)

Duration
Previously held for six months, data must now be retained for a mandatory period of five years rising to a term of SEVEN years if so requested by the relevant marketplace authority.

Audit & Review
Under the new Directive, organisations not only have to record and retain communications’ data as described but undertake REGULAR REVIEWS TO ENSURE ON-GOING COMPLIANCE. This means that FS providers have to prove they have EFFECTIVE PROCEDURES IN PLACE AT ALL TIMES, rather than reacting to specific incidents of potential compliance abuse. This is one of the most important implications of MiFID II, reversing the current ‘burden of proof’ equation. Rather than regulators needing to find evidence of malpractice, financial entities must demonstrate –

(a) their innocence if challenged
(b) that they have the ability to safeguard against such non-compliance incidents in the first place

And this increased onus on proactivity by Financial Service providers goes well beyond ‘management by policy’ alone. Such corporate guidelines will have to be supported by employee training and the INTRODUCTION OF TECHNOLOGIES THAT ENSURE CLEAR AND COMPREHENSIVE CAPTURE of all electronic data relating to actual or potential transactions, INCLUDING THOSE MADE ON MOBILE DEVICES! (And as a footnote to the above, if shortcomings in data collation and retention procedures are apparent, companies must also retain records of such shortcomings and remedies for a further five years.)

Are you ready?

At VENNCOMM, we are…

VENNCOMM TALK can solve all of the above. It is a super-fast, OTT corporate dialer and chat app which puts YOU in control.

• Automates MiFID II call compliance
• Protects employees’ personal privacy
• Matches or outperforms native dialers
• Works globally
• Ensures eight degrees of separation between work and personal use of the same mobile device

So, if you’re looking to avoid compliance abuse fines, increase productivity and make significant cost-savings at CAPEX and OPEX levels…

It’s time to talk!

Call us on 03450 582 313 or email us at enquiries@venncomm.com

www.venncomm.com

“Having reviewed the competing technologies, we chose VENNCOMM TALK as it was also the only solution that could provide the total separation of personal and work numbers needed to support GDPR and MIFID II”.

Fredrik Ohlsson, Compliance Officer, Prosperity Capital Management (UK) Limited

“We are delighted to welcome Prosperity Capital Management (UK) Limited and Russian Analysts from their Affiliated companies onto our platform. This agreement enables our platform and application which already covers over 120 countries worldwide to expand into the Russian Federation and provide Russian dual persona work numbers for the first time. We look forward to working with Prosperity going forward.

Lee Stonehouse, CEO, VENNCOMM Ltd

 

AIMA Journal Article

The changes introduce a raft of new rules but amongst the most onerous are new requirements that all text, IM, social media, email and phone calls potentially relating to financial transactions must be recorded and logged. To be sure this is subjective and the only risk free solution is to record everything. Anything less means unacceptable risk of big fines and even personal prosecution.

Capturing emails is one thing, but few banks or hedge funds are geared up to record all comms and to add to the burden; regulations not only affects businesses based in Europe, but also those doing business here.

To be prudent then, any firm trading with an EU partner, or even another outpost of their own firm, should record & store all communications.
The impact of BYOD and employees using banned consumer apps like We Chat and WhatsApp for doing business are also profound. Voice calls VoIP services like on WhatsApp cannot be recorded technically or perhaps legally under imminent data protection laws like GDPR.

Moreover, ephemeral messaging apps like Snapchat leave no permanent record of what’s been said, by who, to whom, so its clear they have to be stamped out with harsh penalties.

When the new regulations come into force, on 3 January 2018, this could prove a compliance bombshell.

As a former regulated money manager, I worried about the looming clash between the demands of the new rules and a world in which people are used to powerful consumer Apps.
To respond to these trends while being compliant isnt simple but banning the use of unauthorised apps is one vital step. The other is to make use of OTT enterprise technology – deployed on employee’s own and company devices – that logs and records every business communication across all authorised channels to meet the new rules.

Lee C. Stonehouse; Founder of VENNCOMM

 

VENNCOMM has both Android and iOS solutions that work today and here are some of the key ways our platform is always compliant and how it differs from other solutions on the market.

All Work calls are always recorded, even calling a number for the first time… no exceptions, ever.
When a regulated user makes call through the VENNCOMM TALK application, the call is always automatically connected over our own telecom network which records the call and then delivers it to the intended destination, automatically and transparently to both the calling and called party.

Some of our competitors use network technology which works fine if you have a data connection or have called the number before, but otherwise the call will not work if there is poor or no data connection at call time. If this happens the user has a choice, make a non-compliant call or try and hunt out a good data connection, something that can be difficult even in London! We all know what the user will do.

VENNCOMM’s technology works so that if there is a GSM voice signal, the call will be recorded, no if’s no but’s.

ALL Regulated calls and SMS are always recorded, wherever you are in the world.

Wherever they are in the world a regulated user using the VENNCOMM App is guaranteed to make a compliant, recorded call. This is because calls or SMS from VENNCOMM TALK always route over our network, which mean we always record the call or SMS no matter where in the world the user is and no matter what mobile network the user is on. (For the more technical reader I can confirm we can do this because, unlike other solutions, we do not rely on other mobile networks being GSM “CAMEL” compliant to record).

Network based recording solutions from all the major providers cannot guarantee calls are always recorded wherever the user is in the world, as they rely on the local mobile carrier operator to provide the recordings, which many cannot. This means that unlike VENNCOMM TALK, other solutions allow important calls to be made that are not recorded and are not compliant.

Other networks can record roaming calls but cannot provide recordings in sufficient time to allow the 72-hour case reconstruction required by MiFID II. VENNCOMM guarantee that every call made by a regulated user from the VENNCOMM TALK application is recorded in real time regardless of where the user is the world and what network provider they are connected to.

Carrier grade call recording over GSM, every time

Some of our competitors think VOIP calls over mobile phones are MiFID II compliant. This is not correct as MiFID II requires that all calls need to be recorded in a format that is usable by the regulator.

VOIP calls on mobiles cannot be made everywhere there is a phone signal, so users can only make unrecorded non-compliant calls outside of data coverage.

Even if there is data coverage sufficient to initiate a VOIP call, data contention with other users on the mobile network or internet often mean poor quality calls. Add to this the high compression used to make VOIP calls in many circumstances then it can be difficult to understand what is being said on a call, resulting in the call recording quality being very poor and unusable and non-compliant. This also makes it is impossible to run voice to text analytics for more detailed searching and automated case reconstruction.

Of course, VOIP does work very well in some circumstance, for example in the office connected to the regulated user’s high quality corporate wifi results can be promising, but go walking around town, or go driving or using a hotels free wifi and quality soon drops.

Only VENNCOMM TALK can ensure that recorded calls are done so at full GSM carrier grade quality and recorded in HD, guaranteeing fully compliant playback and helping to deliver accurate voice to text analytics.

Who said what when.

In a court of law it’s important to have evidence that is non-refutable. The same is true for compliance enforcement. To do this properly this means the recording supplier must not only have the technology that proves if a recording has been tampered with, but also having a separate recording for each participant in a call so that it is non-refutable who said what when.
Unlike our competition, we can do this, guaranteed. We have our own network and recorders where we can record each individual speech path in HD quality. This means even on group calls it is clear and unambiguous who said what when.

Full MiFID II compliance with BYOD

There is myth that MiFID II compliance is incompatible with corporate BYOD programs as it is not possible to record calls on employee owned devices on multiple networks. Telecom companies erroneously use this message to try turn the tide of migration to BYOD and win back customers and in the process, reverse the considerable savings companies have made at the expense of the telecom provider by adopting BYOD.

VENNCOMM TALK enables a company to deliver a separate regulated work number onto an employee’s BYOD or COPE device with guaranteed recording of work calls and SMS every time to full MiFID II compliant standards, enabling companies to maintain the cost saving of BYOD whilst delivering both MiFID II and GDPR compliance.

Full GDPR compliance: Work calls and SMS are always recorded, personal calls and SMS are never recorded.

The VENNCOMM TALK application has full separation of work and personal identities. Personal calls and SMS are neverrecorded, for regulated employees Work calls and SMS are always recorded.

Simply use VENNCOMM TALK for Work and native dialler for personal calls.

This means our application fully complies with GDPR as it ensures that the user can have full control of when they make a personal call and when they make a regulated work call, just like if they had two mobile devices. 100% separation.

Without this capability, all personal calls on corporate owned devices will be recorded, as no option exists to separate work and personal personas.

On VENNCOMM TALK there is no way a work call can be made without it being recorded, even if a work caller is dialled back from the native call logs or voicemail! In other similar applications this is not always the case and re-dialling a missed work call in the native dialler will result in a call that is not recorded and therefore not compliant.

VENNCOMM TALK can deliver this total separation on the either BYOD or COPE devices. Only VENNCOMM guarantee this level of separation of personal and work personas required to meet GDPR requirements and MiFID II compliance at the same time.

 

CITY AM Newspaper Article

The EU’s MiFID II financial regulations come into force in just four months and around the world financial institutions remain confused and challenged about how to comply.

MiFID – the “Markets in Financial Instruments Directive, Phase II” – introduces a raft of new rules for the finance industry, above all covering trades and transactions.

THE CLOCK IS TICKING

Among the most onerous is a new requirement that all electronic communications and phone calls that possibly relating to financial transactions must be recorded and logged.

They also have to be stored and retrievable with perfect recall.

Capturing emails is one thing, but no International banks or hedge funds I know of are geared up to record all calls. And time is running out.

COMPLACENT ABOUT COMPLIANCE

Recent discussions with friends in very different institutions reminded me again how under-prepared even the biggest firms are.

Many have only recently understood that MiFID II does not just affect businesses in Europe, but firms based anywhere but doing business in the EU.

Any bank anywhere in the world which is trading with an EU partner has to record and store communications to be compliant.

TRYING TO NEGOTIATE THE MINEFIELD
Across the board firms say that capturing mobile phone communications in particular has become a minefield.

The impact of BYOD –“bring your own device” – means that more and more employees now routinely use their personal phones to make unrecorded business calls.

UNAUTHORISED APPS

It gets worse.

Some rogue employees are using employer-banned consumer apps like We Chat and WhatsApp for doing business, in full knowledge that voice calls on them cannot be recorded.

Ephemeral messaging apps like Snapchat are even more difficult as they leave no permanent record of what’s been said, by who, or even to whom.

Banning it seems is not enough.

THE BIG BOMBSHELL
When the new regulations come into force on 3 January 2018, a lot of financial institutions may hope that logging and recording fixed line communications will at least give the semblance of compliance, despite knowing that employees using their own Apps could prove to be a compliance bombshell.

DRACONIAN DEMANDS
As a regulated Broker myself, I witnessed the looming clash between the draconian demands of the new rules and the reality of a world in which people are so attached to the functionality of their smartphones that they can’t be persuaded to use less cool enterprise software.

That awareness shaped the way VENNCOMM developed its mobile platform and App to automatically record and log every business text or call globally while also being reliably compliant.

Banks and hedge funds are now urgently seeking this type of service.

Whatever vendor solution they choose, the banks have woken up to the realities of a world in which business is increasingly done on BYOD mobile devices.

Banning use of unauthorised apps is one vital step. The other is to make use of enterprise apps which let you use your own phone but log and record every business call in compliance with the new rules.

Lee Stonehouse is the Founder and Chief Executive of communications firm VENNCOMM.

 

As MiFID II and GDPR loom the top tier financial firms are relatively clear on what they have to do in getting new policies and technology in place, but worryingly the smaller firms often are not.
Some of the most concerning scenarios are smaller firms seemingly looking to avoid rather than adhere. A risky strategy to be sure.
The worse case I know of is a tier 2 investment bank COO, that while paying for over a hundred new company mobile phones said his firm was “exempt from recording because the bank’s policy bans the use of mobiles for business“. The question begs “so; why buy the phones?”

*  In 2013 in response to scandals, including LIBOR fixing the Parliamentary Commission for Banking Standards (PCBS) made recommendations on how to improve standards in the banking sector, including a new accountability framework focused on certification of senior management (including the Senior Managers’ Regime (SMR) and Certification Regime (CR) for senior bankers) for better standards of conduct at all levels. The SM & CR carries heavy penalties for poor oversight as its purpose is to;

*  encourage a culture of staff at all levels taking personal responsibility for their actions.
*  make sure firms and staff clearly understand and can demonstrate where responsibility lies.

My best advice when asked “can my firm can avoid compliance?” is “if you are responsible as a managing partner, board member or governance professional, its best to be conservatively prudent and adopt a ‘belt & braces’ approach to clearly show that you are embracing the spirit of the regulations, and technology is your friend.”

From my own observations and discussions with regulatory consulting firms there are three obvious steps to take in complying with MiFID II communications recording.

1.  Ban Consumer Apps and record all Authorised and Controlled Business Communications Channels
2.  Provide your employees with best in class Mobile Business Communication Apps as this is the lowest control modality
3.  Implement strong punitive outcomes for policy breaches

Our best advice is that unless a reputable regulatory specialist law firm offers written proof of your firm’s exemption citing an actual provision within MiFID II that they are using as the basis of their analysis, it is risky to assume exemption.

Lee C. Stonehouse is the Founder & CEO of VENNCOMM a City based Compliant Communications Firm.

 

Three examples come from talks with senior friends, one at a global tier 1 eighty-country bank; one at a Hedge Fund centred in London with offices in Hong Kong & the US, and the last a US Investment Bank with operations in London and some mainland European countries. The trend convergence I first noticed in 2015 at JPMC’s annual New York tech conference included: obsolescence of Blackberry Handsets; the fast growth in BYOD and tougher regulatory requirements. Someone called it “an unholy trinity“.

Here’s the thing; Firms have to record ‘all electronic communications for business conducted within the catchment of ESMA’s Regulatory net and this means that being domiciled outside the catchment isn’t the proxy for exemption many assume. Employees outside the EU dealing with those inside are caught by the requirement, meaning their business related communications must be recorded and stored compliant with MiFID2. This is not easy to do..

Mobile communications in particular have become a minefield. Many employees are anecdotally using banned consumer apps like We Chat for doing business using their own personal subscriptions. This means personal messages are mixed in with business exchanges. This happens on work phones and personal ones alike and employers can’t record them no matter what. To make it worse ephemeral messaging apps like Snapchat are booming and there’s no permanent record of what’s been said, by who, to whom! Messages dissolve and anyway you can’t record, even if technology allowed, Personal data protection laws like GDPR see to that. A person under investigation could just legitimately delete the questionable content personal app account without recourse.

There have been some attempts to promote easy solutions as a panacea ( in mobile network recording; sim swap, poor apps ) but this is a thorny problem that has to be resolved once – emphatically and globally.

When the VENNCOMM Software Strategy Group worked through a decision tree on the optimal way to make mobile text and voice communications context-neutral-compliant it went something like this; BYOD or Corporate Owned Phone ? / Corporate owned phone and SIM – or just phone, or just SIM ? / iOS or Android or Other? / All employees on one mobile network or a mixed network estate ? / All domiciled in one home country or people in different home countries ? / Calling home country only, or calling International ? / Phone managed by MDM or Not ? / One to one calls or conferences sometimes ? / Party inside EU or Outside ? Caller or Called ? Both ? / On VoIP or GSM Connection ? / In work Hrs or outside ? / Call occurring when in the decision or advisory timeline ? ie, under 5 yrs or over 5 yrs ? / Conference Call Parties all under one Regulatory Jurisdiction or two, or many (eg Singapore, USA, France ) ? / Ability to scrub device remotely or de-provision via calling app ? / Communications kept in jurisdiction ? / On premise or in cloud ? / In multiple jurisdictions in real time within conflicting constraints of International Regulatory Rules ?

Firms “must record conversations related to the reception, transmission and execution of client orders” and the latter is an investment service within the scope of MiFID II and that doesn’t only apply if you live and work in a European based office. A third country firm would not be in a position to conduct this regulated activity in the UK in the absence of authorisation which subjects it to all MiFID II requirements. The only exemption would be FSMA Art 72 reverse solicitation/overseas person exemption where the client initiates contact with the third country firm which does not have a location in the UK. In this case the scope of the transaction would be limited to the specific product which is the subject of the client’s inquiry.

MiFID II Organisational requirements 16(7) Records shall include the recording of telephone conversations or electronic communications relating to, transactions concluded when dealing on own account and the provision of client order services that relate to the reception, transmission and execution of client orders. Such telephone conversations and electronic communications shall also include those that are intended to result in transactions concluded when dealing on own account or in the provision of client order services that relate to the reception, transmission and execution of client orders, even if those conversations or communications do not result in the conclusion of such transactions or in the provision of client order services.

Adding GDPR rules that often directly oppose MiFID2 is not going to help! But in fact the solution to the original problem also elegantly resolves that too but only when combined with definitive policy banning unauthorised apps at work.

VENNCOMM resolves compliant mobile communications while bettering end user mobile productivity irrespective of context or context-neutral.

Lee C. Stonehouse is the Founder & CEO of VENNCOMM

 

#VENNCOMM
#MiFIDIIOrganisationalRequirements16(7)
#ContextNeutralCompliant
#VENNCOMMTALK
#VENNCOMMSoftwareStrategyGroup

 

Really?! MiFID 2 Communication Recording Requirement Reaches Further Than You Think

 

LinkedIn article by Rob Weston, Managing Director at KPMG

ESMA, European Securities Markets Standards, has provided more clarity on the need for monitoring of phone calls under MiFID II stating that:

“The monitoring of records of relevant telephone conversations and electronic communications is necessary to assist the firm in ensuring that it is meeting the recording requirements and also adhering to its wider regulatory obligations under MiFID II”

ESMA goes on to give examples of the need for call monitoring ” ..it will assist the firm in meeting its wider regulatory obligations which include but are not limited to having policies and procedures in place in respect of its client order handling, best execution, own account dealing obligations and the deterrence and detection of market abuse.”

ESMA also concludes that the recording of the calls should be considered “critical or important infrastructure” and Monitoring should be “conducted regularly and when necessary on an ad-hoc basis. Due regard should also be given to any emerging risks.”

Details are available on the “ESMA – Questions and Answers on MiFID II and MiFIR investor protection topics

 

VENNCOMM TALK was designed for organisations looking to provide regulatory compliance for all communications across all devices, including personal devices used for work under BYOD policies, while minimising costs through our proprietary least-cost-routing technology.

With significant challenges around time stamps and recording, one of the largest headaches for compliance managers has been how to ensure that SMS messages between employees and clients remain compliant, and that messages on personal devices are also captured.

To answer that conundrum, we have launched a messaging feature, VENNCOMM TALK Chat which offers users the chance to send messages, including images and files, via our app to other individuals or groups who are also using VENNCOMM TALK. Unlike SMS, the communications are time stamped and captured in the compliance pack for alerts and/or compliance analytics fully meeting MiFID II requirements.

This new feature behaves in the same way as SMS, although there are no SMS charges as all communications are sent via the app using your data allowance.

This means there are no more extortionate MMS charges for sending images, and all communications are sent via our unique least-cost-routing technology keeping the costs down, even if messages are sent from abroad.

Critical to the new feature is the ability for compliance managers to search messages for keywords when reconstructing cases to meet regulatory criteria.

Compliance managers can also set up alerts which are triggered when messages with keywords are sent between users ensuring that organisations are compliant with the strictest financial regulations including MiFID II – which comes into force in January 2018.

VENNCOMM TALK chat has been specifically designed to act like the messaging tool on the user’s device, so there is nothing new to learn or understand.

Drive your BYOD User numbers up while complying with the latest regulatory requirements and least cost routing all your employee’s (mobile international, domestic and conference) calls without changing any existing mobile contracts or infrastructure.

VENNCOMM TALK is one of the world’s leading MiFID II compliant, Mobile Voice & IM & file sharing platforms, offering technology departments a cost efficient BYOD policy and significant capex savings as the organisation will no longer be required to purchase expensive handsets for each employee.

All of this is possible whilst also providing compliance departments a way to solve forthcoming regulatory hurdles in a fast efficient way.  VENNCOMM TALK IM deploys as an OTT app inside the pre-eminent Regulated Enterprise MDM Software on both corporate owned and BYOD Mobiles.

 

Roaming charges being banned by the EU will compound the already huge declines in mobile operator voice revenues – while providing an opportunity for an innovator to break out of the pack and steal a march on the slower, less hungry Operators.

To be meaningful and effective in the short term – the Operator’s strategic responses must allow for the set-up of partnering units that don’t have the ‘die on the vine’ procurement rules and cycles that see so many promising technology partnerships between big & small collaborators fail.

The investments needed are tiny but as the biggest technology successes of the past decade show, they all rely upon mobile infrastructure for their success. Opportunity knocks for those who are listening.

For sure, the biggest mobile operators need to find, fund, and fast track  innovative small companies. Old rules and unimaginative gatekeepers to the corporate cash & resources must be removed by the leaders of these massive companies. Buying-in innovation is – a dirt cheap, low-risk, strategic option.

There will be start ups that play a crucial role in the outcome of the the creative destruction brought about by the competitive and regulatory dynamics of a maturing industry and deep down the CEO’s of the Operators know that the best corporate strategy cannot be to eat your competitors without figuring out how to deploy new innovation.