An overhaul of the EU Markets in Financial Instruments Directive, commonly known as MiFID II, comes into force on 3 January 2018.The legislation requires all financial service providers that operate or deal in the EU to record telephone conversations and electronic communications that relate to the ‘reception, transmission and execution of orders, or dealing on own account’ – including on mobile phones, SMS messages and electronic communications, and store them for a minimum of five years. But what technical challenges does this pose to financial institutions? Laurent Paterac, Director Vertical Sales Finance, EUNO Region at ALE, discusses the implications of MiFID II and what affected organisations can do to get – and stay – compliant.

With the EU introduction of MiFID II legislation, the financial industry is being challenged in a period that has already seen heavy disruption from the emergence of Fintech and increasingly popular technologies such as blockchain, mobile banking and payments, and AI.

Although the new MiFID II legislation is designed to bring greater transparency, accountability and investment protection, this represents another huge technical challenge for the finance industry – especially for smaller organisations with limited IT budgets or less in-house technical support.

No channel left unmonitored
MiFID II requires all communications concerning financial transactions to be recorded and stored for up to seven years. Think of the number of communications channels currently available to customers– voice, video, instant messaging, social media, SMS, and other methods are all prevalent in business communications, and all need to be monitored.

To comply with these demands, financial organisations must put a clear compliance strategy in place, with the ultimate goal being the introduction of a comprehensive recording solution that fully complies with key MiFID II criteria –keeping clear, easily accessible and retrievable records of all conversations across all channels.

Failure to comply with the rules could result in heavy fines of up to £5 million or even a trade ban – and the potential pitfalls on the road to compliance are numerous. Forgot to monitor the text messages of a small, dozen-strong customer service team? Was the recording suite knocked offline for an afternoon due to heavy call traffic? Have stored communications been corrupted after four years? These are all potential grounds for investigation and possible punishment.

So how can organisations ensure every communications channel and every compliance angle is covered?

The five million pound questions
To ensure full MiFID II compliance, there are a number of requirements IT departments should take into account before selecting and deploying a recording solution.

1: OK for now but businesses change, is it scalable?

Firstly, any solution must have the functionality and capacity to scale depending on the size of the organisation. If all one hundred customer-facing employees were to be issued with mobile phones tomorrow, would the solution be able to handle the monitoring of an additional hundred devices? Is the capacity available to onboard more devices as the organisation grows? This partially comes down to the underlying infrastructure and whether it can handle an influx of extra recorded data, which will all need to be compiled and transferred to a secure data centre for storage.

2: Accessible, but only to the right people
MiFID II legislation not only requires records to be stored securely, but also for them to remain accessible. These records must be provided in a timely manner if requested by the customer or the financial regulator. To ensure security, the recording solution should be deployed in an encrypted environment to prevent the interception of data. Although records must be readily available for access, audit logs can be used to ensure only authorised users are accessing the specific records they require.

3: Check out the UX
Any potential recording solution really needs to be designed with the user in mind – intuitive for staff to learn and operate. This doesn’t just apply to the supervisors or managers who are monitoring calls and ensuring full compliance. Employees may opt to record additional information, such as screen captures, to improve contextual information and ensure greater accountability. If a recording suite has a complex user interface, it could potentially require large investments of time and money in training – or even not be used properly at all.

4: It’s an opportunity to enhance your customer service
It is important to look at the deployment of a recording solution not just as a necessary investment, but as an opportunity. Recording suites can be harnessed in a customer service and relationship management role, used by managers to track customer satisfaction, evaluate employee-customer interactions and silently supervise calls.

5: Look for an interoperable solution
Will Fintech developments introduce new methods of communication and transactions not covered by the recording solution? Will further regulations demand broader monitoring and accountability? These will need to be covered by the existing recording suite, which can often be adapted. The increasing availability of open APIs will allow developers to customise and tailor existing applications to fit the individual needs of a financial organisation and react to industry change when required.

If communications channels continue to overlap or threaten to escape the overview of your recording solution, the software behind the solution must be open and flexible.

Time is of the essence
As MiFID II approaches, financial organisations require a solution that is secure, rapid to deploy, and simple to operate.

If IT departments opt for a flexible recording solution that is easy to integrate with existing systems and can be scaled up or down based on regulatory demands, compliance can be a rapid and painless process. But they first need the reliable, robust infrastructure in place to support a smooth deployment.