While BYOD policies are becoming commonplace, within highly regulated financial services organisations, banning personal devices can be seen to be the safest approach. It doesn’t have to be this way, here’s how you can implement a compliant BYOD policy in a regulated industry.
As regulations surrounding electronic communications within trading environments of financial services organisations tighten, are personal devices about to be banned to avoid potential breaches and heavy fines.
Over the past few years, a number of regulations have been introduced by governing bodies, including Dodd-Frank in the USA and a number regulatory requirements introduced by the FCA in the UK, all with the purpose of decreasing the opportunity for market abuse.
While these regulations are far reaching, one of the areas which attracts most attention is the capture and archiving requirement surrounding trades, including all electronic communications
Some of these regulatory changes have been phased in by the UK and US, MiFID II will come into force in January 2017, requiring all financial services organisations within the EU to capture trade related communications regardless of platform or device.
With the ever increasing number of communications channels available, ensuring compliance with the regulations has become difficult even before taking into consideration the requirement to be able to create complete case reconstructions within 72 hours of an investigatory request.
All the while, organisations are investigating BYOD policies which balance regulatory requirements with enabling employees to use their own mobile devices for business reasons.
For regulated industry firms, such policies are often severely limited by the complexity of capturing all conversations.
This burden is so great that some firms are considering banning the use of all personal devices at or for work, as well as blocking social platforms such as Twitter, Facebook and WhatsApp – to ensure regulations aren’t breached.
In many way’s the approach is actually sound. Unless firms ban SM Platforms and personal devices in the workplace and issue corporate owned handsets on a single global mobile contract, some argue that they cannot see how to completely capture & archive the feeds necessary to be compliant with regulations, and the 72hr case reconstruction test.
In many cases, firms have looked at what is best from a set of incomplete solutions, backed by a robust communications compliance policy. Some think the logical response is to simply ban all personal devices at work. However, it is possible to have a single, complete solution which incorporates all feeds, channels and devices – whether personal or corporate.
What to look for in a compliant solution
When looking for a single solution to enable a compliant, BYOD deployment that satisfies key financial regulations, a number of elements must be incorporated.
OTT deployment on corporate and BYOD handsets
Any solution should be deployed OTT (over-the-top), across both the corporate owned and BYOD handsets, without disruption to your/your employees existing mobile contracts. This is fundamental to timely satisfaction of MIFID2 as firms cannot afford lengthy, disruptive, complex deployments.
CRM integration with call recording
Useful for both employer and employee, a solution which integrates with your CRM minimises time taken to write, type and capture notes from calls with counterparties and clients – while also ensuring completeness, context and accuracy of call history.
Automatic call recordings
Recording calls isn’t a subjective requirement and it’s better to capture all calls rather than be reliant on allowing someone to decide whether to record a call or not. Therefore it’s imperative that all calls and communications via a device are captured, with recordings being controlled, monitored and available centrally – not recorded on the device.
Least cost routing without losing quality
While not an essential component for regulatory compliance reasons, it’s always good to keep your costs low. However, this must not mean a reduction in call quality. This means it’s best to avoid VoIP as recording quality may suffer for evidentiary interrogation while anything less than mobile carrier grade for enterprise really fails the fit for purpose test.
Powerful search and recover tools
Firms cannot be compliant with the regulations unless they can reconstruct cases quickly and, in most cases, within 72 hours. This requires keyword searches to be conducted across all forms of communication (including calls, SMS, feeds and social media), with the option to review, check for context, and recall each call into the case for submission to the investigation.
Robust and enforceable BYOD policy to support any technology
It’s all well and good implementing technology to enable BYOD, but without a robust policy which can be enforced, it may still be difficult to ensure regulatory compliance. That may include banning certain social media which could being used either directly or indirectly to transact or influence the transactions of others in any traded financial instrument or security.
It will also need to ensure all employees know their obligations and set out programmes of education in accordance with the policy. Providing the solution is intuitive and does not require a change in behaviour, education does not need to be complex or expensive.
VENNCOMM can help implement a BYOD policy
It’s getting harder and harder to keep personal devices away from business. We don’t believe that they can or should be especially with a the potential cost and motivational benefits BYOD brings.
Through the use of our proprietary technology, we can help organisations in heavily regulated industries meet the BYOD demands of their employees – while also simplifying the cost management process, and even significantly reducing phone charges.
If you’re unsure, or would like to know more, get in touch and we can set up a demonstration and free trial for you to see for yourself.