MiFID II: a guide to recording and storing conversations ... · • The revised Markets in Financial Instruments Directive (MiFID II), due to be implemented in January 2018, aims

MiFID II: a guide to recording and storing conversations in the financial services sector

ContentsExecutive summary 3

Introduction 4

The regulation 5

The impact of MiFID II on existing call recording regulation 6

Who does MiFID II apply to? 7

Fixed line and mobile recording 8

Face-to-face recording 9

Recording: challenge or opportunity? 10

Key terms 11

About Resilient 12

MiFID II: a guide to recording and storing conversations in the financial services sector 2

Executive summary• The revised Markets in Financial Instruments Directive (MiFID II), due to be implemented

in January 2018, aims to strengthen financial stability by ensuring maximum transparency in markets. It will mean a fundamental review of business processes for financial services firms, including the recording and storing of conversations.

• The directive runs to over 150 pages, but the section that concerns conversations between regulated firms and their customers is included here for completeness.

• Under MiFID II, the scope for recording conversations between a firm and its customers broadens considerably to include a far wider range of firms and people within the financial advisor community.

• The FCA has mandated the recording of both fixed line and mobile calls since 2011 for traders, but the upcoming EU General Data Protection Regulation, coming into force at the same time as MiFID II, will require firms to pay special attention to the recording of conversations within the context of data privacy.

• There has been some contention around exactly what the directive stipulates in regards to face-to-face recording. However, accurate and consistent recording is essential to dispute resolution as both MiFID II and the Financial Ombudsman put the burden of proof firmly in the hands of the firm.

• With the audio data available to the compliance function in order to monitor the activities of the firm, it becomes a straightforward process to use this same data for market insight purposes. The investment that the firm is making in order to meet a compliance mandate can easily be applied to a far richer, broader understanding both of the market and of key customers.



With less than two years to go until MiFID II comes into force, financial services firms operating across the European Union are undertaking a fundamental review of their business processes.

Introduction

January 2018 will see radical changes to many aspects of their operations including conduct of business, financial incentives and increased governance.

The first Markets in Financial Instruments Directive was devised in 2007, just before the fall of Lehman Brothers. The post-crisis era has driven a need for a more robust set of measures to strengthen financial stability, aimed at ensuring maximum transparency in markets, increasing protection for investors through stronger due diligence and disclosures, and reinforcing the supervisory power of the regulators.

Added to this, high profile failures such as the Libor scandal and Payment Protection Insurance mis-selling debacle mean ignorance is no longer a defence for misconduct.

As such, investor protection is a key theme throughout MiFID II and firms will be required to demonstrate a commitment to it across their business, driving them to transact with customers in a more open and transparent way.

But while the intent behind the revised directive and its accompanying regulation MiFIR is clear, what is less clear is exactly how it will apply to the recording and storing of conversations.

The recording of conversations between firms and their clients is a major area of change in the new directive, aimed at both reducing the risk of fraudulent activity by members of the firm and ensuring sound advice is given.

This paper aims to give clarity to firms on the requirements and implications for the recording, storing and monitoring of fixed line, mobile calls and face-to-face meetings.

While some will look at the updated requirements for recording under MiFID II as an administrative burden, many see it as a valuable opportunity to take decisive action that will not only cement their firm’s position of trust in the market but help ensure competitive advantage in the years to come.

Article 16(7) – Directive 2014/65/EU

Records shall include the recording of telephone conversations or electronic communications relating to, at least, transactions concluded when dealing on own account and the provision of client order services that relate to the reception, transmission and execution of client orders.

Such telephone conversations and electronic communications shall also include those that are intended to result in transactions concluded when dealing on own account or in the provision of client order services that relate to the reception, transmission and execution of client orders, even if those conversations or communications do not result in the conclusion of such transactions or in the provision of client order services.

For those purposes, an investment firm shall take all reasonable steps to record relevant telephone conversations and electronic communications, made with, sent from

or received by equipment provided by the investment firm to an employee or contractor or the use of which by an employee or contractor has been accepted or permitted by the investment firm.

An investment firm shall notify new and existing clients that telephone communications or conversations between the investment firm and its clients that result or may result in transactions will be recorded.

Such a notification may be made once, before the provision of investment services to new and existing clients.

An investment firm shall not provide, by telephone, investment services and activities to clients who have not been notified in advance about the recording of their telephone communications or conversations, where such investment services and activities relate to the reception, transmission and execution of client orders.

Orders may be placed by clients through other channels, however such communications must be made in a durable medium such as mails, faxes, emails or documentation of client orders made at meetings. In particular, the content of relevant face-to-face conversations with a client may be recorded by using written minutes or notes. Such orders shall be considered equivalent to orders received by telephone.

An investment firm shall take all reasonable steps to prevent an employee or contractor from making, sending or receiving relevant telephone conversations and electronic communications on privately-owned equipment which the investment firm is unable to record or copy.

The records kept in accordance with this paragraph shall be provided to the client involved upon request and shall be kept for a period of five years and, where requested by the competent authority, for a period of up to seven years.

The regulationThe MiFID II directive runs to nearly 150 pages - well over 1,000 pages including all associated documents. The section that concerns the recording of conversations between regulated firms and their customers is below


The recording of calls on both fixed line and mobile phones has been an FCA requirement since 2011 in the UK, but until today has been limited to a relatively specialist community within the equity and bond trading sectors.

Under MiFID II, the scope for recording conversations between a firm and its customers increases significantly. It takes existing call recording regulations and expands them in a few important ways:

The impact of MiFID II on existing call recording regulation

• The requirements for recording telephone calls currently only apply to the conversations of individuals directly involved in trading, but under MiFID will broaden to include anyone involved in the advice chain that may lead to a trade.

• As a result, both the number of firms and the number of staff within the firm that need to record conversations will increase by around a factor of 10.

• It covers not only the companies and people, but also the premises in which these telephone calls or conversations take place.

• MiFID II will require all “communications that are intended to lead to a transaction” to be recorded and retained, rather than the previous, narrower mandate of “client orders and transactions.”

• These recordings will need to be stored for longer: from six months under today’s regulations to a minimum of five years under MiFID II. Although most regulated UK firms already go beyond this and retain five to seven years of records for best practice or to comply with Tax Authority rules, it will now be mandatory.

• Maintaining records of the highest voice quality is increasingly important, since market abuse is one of the most difficult offences to investigate and prosecute. Good quality recordings of voice conversations and of electronic communications can assist both firms and the regulator in detecting and deterring inappropriate behaviour.

• The mere recording of conversations is no longer sufficient, and instead firms need to proactively review the records of all transactions and orders subject to these requirements, including relevant conversations, to monitor compliance with the MiFID II requirements. Firms will be expected to demonstrate to the relevant national regulators the policies, procedures and management oversight of these recording and monitoring rules are in place. The monitoring is specified as risk-based and proportionate.


The current regulation for call recording applies to a relatively small and highly specialised market estimated to be around 30,000 traders operating in the City of London. But with the increase in scope of MiFID II, some estimate that the number of individuals that will fall under the regulation will increase to over 300,000 in the UK alone.

This is because the new requirements will apply to all firms who provide financial services to clients linked to ‘financial instruments’ (shares, bonds, units in collective investment schemes, commodity trades and derivatives) as well as to the venues where those instruments are traded.

Unlike the current FCA regulations, which are specific to those directly involved in financial trading, MiFID II will apply to those organisations or individuals who merely give advice that may lead to a trade or investment.

This may include the relationship management function within retail banks, independent financial advisors, wealth managers and others.

MiFID II’s wording is very clear - anyone involved in giving advice that may lead to a trade or investment must not only record their calls, but securely archive them for up to five years, and ensure compliance oversight of these recordings.

Who does MiFID II apply to?



The UK followed six months later, mandating from November 2011 that all conversations between traders, whether on fixed or mobile phones and including voice and SMS, were to be recorded.

Since 2011 the FCA does not discriminate between landline and mobile calls, so a good call recording solution will be able to securely store transactions made on both.

But the recording of mobile phone conversations presents some significant challenges around data privacy. At the same time that MiFID II becomes law, another piece of Europe-wide legislation known as the General Data Protection Regulation (GDPR) comes into force. The GDPR will replace the 1998 Data Protection Act, and will strengthen the protection given to individuals with

respect to the data that organisations capture and hold about them.

Under GDPR, firms face much higher fines for data misuse than current penalties under the UK Data Protection Act - a potentially vast 4% of their total worldwide turnover. For this reason, it is critically important that they consider their recording policies for MiFID II within the context of data privacy legislation to prevent potential intrusions into privacy.

In the case of mobile phones, where one device is often used for both business and person data, firms will need to carefully consider whether there is any viable way to ensure business calls are recorded without also recording personal calls. Even if the recording is never listened to, the organisation is at risk of a breach of GDPR as personal calls

could be classed as ‘sensitive personal data’.

It is therefore essential to consider the role of management oversight in all aspects of MiFID implementation, since MiFID II sets out expectations on firms having robust oversight on the infrastructure that regulated users are using to collaborate with their customers. As such, firms should maintain a record of those individuals who are using both company-provided and privately-owned mobile devices that have been approved for use by the firm.

Furthermore, it is important to note that the regulations are not simply about recording conversations on such devices, but also that the firm has processes in place for the routing reviewing and monitoring of such conversations on both company-provided and privately-owned devices.

Mobile recording While the UK was the first country in Europe to mandate the recording of fixed line calls, it was Norway that first required traders to also record conversations on mobile devices.

Earlier solutions to this requirement were based upon premises-based equipment which would connect to the firms physical voice network, or telephone switch, and record conversations where appropriate. However, as more organisations are adopting

cloud-based services, including the storage and management of call recordings, firms are looking for cloud-based call-recording services that do not require any physical equipment on site. Furthermore, as staff are becoming more geographically diverse, and

frequently work from home, the firm needs to ensure that calls to fixed-line telephone numbers are recorded no matter where staff may be working, across any location and all types of device.

Fixed line recordingIn the UK, the FCA has mandated the recording of fixed-line telephone calls since 2009, both to reduce the risk of insider trading and also to provide greater transparency to the compliance function within trading firms.

In regards to guidance on the recording of face-to-face meetings between firms and their clients, the MiFID II directive Article 16(7) states:

Face-to-face recording

“The content of relevant face-to-face conversations with a client could be recorded by using written minutes or notes. Such orders should be considered the equivalent to orders received by telephone.”

Because of the ambiguity of the wording within the MiFID directive, there has been some debate over whether there is a mandatory requirement to make audio recordings of face-to-face meetings.

The FCA clarified this in a roundtable meeting in July 2015, when it confirmed that the rules will not make compulsory the taping of face-to-face meetings.

However, the directive implies that any records made must be kept in a durable medium and able to withstand the same scrutiny as those recorded by phone.

Recital 57 of the directive goes on to state:

“Where minutes are taken of face-to-face conversations with clients, member states should ensure that appropriate safeguards

are in place to ensure that the client does not lose out as a result of the minutes inaccurately recording the communication between the parties. Such safeguards should not imply any assumption of liability by the client.”

In other words, it is essential that firms have policies, processes and safeguards in place to ensure that minutes of face-to-face conversations are accurately recorded and proactively monitored, since it is entirely the responsibility of the firm to ensure that these processes are in place, not the client.

Financial disputes between firms and their clients occur regularly - in 2015 alone there were more than 5,000 new complaints to the Financial Ombudsman service a day. Between January and June 2015 over half (54%) of those complaints were upheld.

During these disputes, the Financial Ombudsman looks for evidence that the information or advice provided by the firm was ‘clear, fair and not misleading’, and in the

absence of such evidence will more than likely rule in favour of the customer.

This was precisely what led to the decision of the Financial Ombudsman when considering the Payment Protection insurance claims - that unless a firm could provide irrefutable evidence that PPI was not mis-sold, it would conclude the firm was guilty. This decision has so far cost the UK financial services sector more than £30bn in compensation.

Under MiFID II, if the firm is unable to produce accurate records during a financial dispute, it will be seen to be at fault, and could face the real possibility of penalties or reputational damage come January 2018.

As it’s often the case that a conversation or customer engagement can carry on over the phone, via email or SMS and in person, firms need a holistic view of compliance across all channels.

While there is no FCA mandate that explicitly states that face-to-face meetings have to be recorded electronically, there is a strong argument for ensuring that meetings are consistently and securely recorded and archived across fixed line, mobile and face-to-face communications.


Many firms are understandably concerned about the cost and perceived complexity of meeting their compliance mandates for recording business conversations.

But others are finding that having an audio repository for all their client engagement could also serve as a great source of insight into customer sentiment, trends and market insight, particularly if the records are able to be searched and transcribed.

Call recording already forms a key part of any financial service firm’s business when it comes to compliance and training, but keeping secure records of the thousands of conversations taking place across all channels could lead to actionable business intelligence and deliver incremental value to the business as a whole.

For instance, marketing teams could mine their audio recordings to determine information such as:

• What level of client engagement the firm is actually achieving, and in which markets and sectors

• Which client-facing staff are more heavily engaged and which are less engaged

• What the market is saying about a particular product or service, and how this varies from region to region

• What customers are saying about a particular product or service

• How likely they are to recommend a product or service

• How effective a recent billboard advertising campaign was in a given town at raising awareness of the new product/service

• Which advisors are having the best conversations with customers – and the poorest

Sentiment analysis software could play a role in helping firms understand the outcomes of their conversations in terms of how positive or negative they happened to be.

This could have strong implications for the measurement of the effectiveness of marketing campaigns, but also presents customer relationship management with an extra tool to respond to customers in the right way should a conversation be negative.

On average, banks take 8-12 weeks to respond to a complaint. But if the issue is not resolved within 8 weeks it can be taken to the Financial Ombudsman, and the firm is charged a fee. Once with the remit of the financial ombudsman, it is more likely for the case to be ruled in the complainant’s favour. However, if picked up soon enough, an unhappy conversation could be spotted before it becomes a formal complaint.

The ability to deliver a quicker, more efficient complaints handling process could keep customers happy, ultimately helping grow a firm’s positive reputation.

Recording: challenge or opportunity?


Key terms

FCA

The UK Financial Conduct Authority (FCA) is the UK’s financial regulatory body responsible for the regulation of financial firms offering services to consumers. It does so by focusing on the regulation and conduct of both retail and wholesale financial services firms. For many years the FCA Handbook, known as the Conduct of Business Source book, has detailed the requirements for call recording under COBS 11.8 since 2011.

ESMA

The European Securities and Markets Authority (ESMA) is the supervisory authority responsible for drafting financial regulations that affect all European-wide Financial Services firms. While ESMA is responsible for the drafting of such regulations, it is up to the regulators in each country, such as the FCA in the UK, to take responsibility for administering and enforcing such regulations.

FAMR

The Financial Advice Market Review (FAMR) was established with the aim of identifying ways to make the UK’s financial advice market work better for consumers. The review had a wide scope, and looked across the entire financial services market in order

to assess the availability of advice and guidance to help people with their financial decision-making. It is relevant in this context since those individuals or firms that provide financial and investment advice, such as Wealth Managers and IFA’s, are also covered under MiFID II regulations.

GDPR

The General Data Protection Regulation (GDPR) is due to come into force at the same time as MiFID II, and is the means by which the European Commission intends to strengthen and unify data protection across the European Union. In the UK, this will replace the current 1998 UK Data Protection Act. The GDPR directly affects the ability to make recordings of personal conversations, even those made on business devices (such as company provided mobile phones) with firms facing severe penalties for non-compliance.

ICO

The Information Commissioner’s Office is the UK’s independent authority which upholds information rights in the public interest. It is responsible for policing and enforcing the various data protection regulations, including both the 1998 UK Data Protection Act and the forthcoming GDPR.

Considering MiFID II in the context of the wider regulatory landscape will help firms save time and money by avoiding multiple overlapping or conflicting change initiatives in areas such as data protection and personal privacy. Below are institutions relevant to the forthcoming changes:


Phone 020 3379 9000 or visit www.resilientplc.com

About ResilientThis eBook was created by Resilient, the company behind smartnumbers, a range of communications services that deliver mobility, continuity and compliance to public and private sector organisations.

smartnumbers are trusted by 7 of the top 10 global investment banks, 50% of the UK’s blue light services, and over 40,000 Ministry of Defence personnel. The services are available directly from Resilient and also from BT.

This eBook is not intended to be a source of legal advice, and should not be relied on as such.

Trusted Communications

Mobility | Continuity | Compliance

Documents

MiFID II: a guide to recording and storing conversations ... · • The revised Markets in Financial Instruments Directive (MiFID II), due to be implemented in January 2018, aims