MiFID II: The Impact on Finance Sector Comms

MiFID II is a change to the regulations informing the finance sector’s conduct and aims to improve transparency and safety in the financial markets. That means that, by January 2018, affected finance businesses must be fully compliant, or face fines of up to €5 million or 10% of global turnover.

The updates to the regulations are complex and wide reaching, affecting many of the ways finance companies will do business and conduct themselves during interactions with customers and potential clients.

While there isn’t much time left until the compliance deadline, communications are one area in which finance businesses can find a relatively straightforward solution – which is an important factor in MiFID II.

What are the communications requirements of MiFID II?

MiFID II is a regulation update with many facets, one being the requirement for businesses to record their communications in any instance where that conversation results in, or intended to result in, a transaction.

Those communications must be retained – and be accessible when called upon – for five years after the event.

Practically speaking, this means a review of all communications platforms within a finance business. And there are complexities to overcome.

“While there isn’t much time left until the compliance deadline, communications are one area in which finance businesses can find a relatively straightforward solution – which is an important factor in MiFID II.”

In the days of working from one location and with one telephone system to communicate, compliance would be relatively straightforward. But in today’s multi-device, flexible working environment, teams in the finance sector could be communicating with their clients in a wide variety of ways, across a wide variety of devices – including telephone, mobile, Skype and instant messaging.

Those teams aren’t necessarily all even in the same place, and may be working remotely from home, or on the road. With BYOD (bring-your-own-device) a growing trend, the devices used to communicate may not even belong to the company they’re working for, but to the individual using them – meaning that part of the compliance efforts will be a change to the contractual obligations of BYOD.

How to be communications compliant

So how can you move toward communications compliance ahead of the MiFID II January deadline?

The best place to start is with a review of your existing communications plan as a business. You’ll need to work out what platforms and devices are used to communicate, and make a record of all of those, as they will need to be included in your recording strategy. Be aware that this mightn’t be as straightforward as it sounds, and it’s likely to take time to uncover all the comms platforms in use.

The next step is then to work out how best to record those communications. On a landline, this would require hardware such as a microphone plugged into the handset. There are various apps that make it possible to record calls on a smartphone or via clients like Skype.

An alternative to this somewhat clunky process is to invest in a unified communications platform (also known as UC). This brings all your communication tools – smartphones, landlines, Skype, instant messaging, text – onto one platform which can be easily controlled from one portal, making recording and keeping those conversations a much easier, quicker process.

However, you choose to manage your communications, one thing is clear; you will need to be able to both record, and keep, those conversations from January when MiFID II comes into play.

Considering security in MiFID II compliance

Beyond MiFID II, many of you will be aware of another regulation change due to come into play in 2018; GDPR.

This update to the data protection regulation is still up in the air to an extent, in that Britain’s place in the EU means that we will still be adopting this European regulation, but with our own additions and updates – which are yet to be fully agreed.

There’s no doubt that security will be an essential consideration of MiFID II, particularly when it comes to recording communications.

There are various ways to achieve security in communications to ensure that recordings are GDPR ready. The most universally relevant and powerful is that of end-to-end encryption; with the main risk of unsecured comms being that communications could be intercepted en route, end-to-end encryption removes this risk by making the information, even when intercepted, entirely useless.

For those businesses using a unified communications platform, encryption and many other security considerations are included as standard, with large investments being made by those companies into stress testing their platforms and removing any vulnerabilities as soon as they are considered as a potential risk factor. For those using separate communications channels, a strict security testing strategy will need to be in place to ensure all communications are safe and private.

In terms of retaining those recorded conversations, security is a concern once again. Secure servers and storage areas are a must; also consider who has access to these recordings, and ensure they have a signed agreement in place that complies with data protection rules, and that your business’ data protection processes are up to date – especially as GDPR hits in May 2018.