Brian Martin, Regional Director for UK and Ireland, Spitch
For many businesses in the technology industry, 2018 is the year of the EU General Data Protection Regulation (GDPR). Indeed, many organisations will already be in overdrive to get their business ready for the 25 May deadline.
GDPR is not the only major piece of regulation kicking in next year. It’s not even the most imminent. The Markets in Financial Instruments Directive II (MiFID II) comes into law on 3 January 2018, and will fundamentally alter the behaviour, structure and transparency of financial markets. The legislation aims to provide investors with clarity of all expected point-of-sale costs and charges, including the impact on investor returns. It affects all financial institutions that deal with voice communications, meaning they should be aware of the radical and far-reaching changes MiFID II will require around voice record-keeping and discoverability.
With that in mind, it’s a little worrying that so few are prepared for this regulation. According to research by Rsrchxchange, a large number of firms are leaving compliance to the last minute, with 44% of IT and risk and compliance managers saying they would wait until the legislation came into effect in January to become compliant. This is problematic because the penalties for failing to comply will be severe, with businesses facing fines of up to five million euros or 10% of annual turnover. And the penalties will be in force immediately.
Unfortunately, businesses don’t have much time to educate themselves and act on the implications of the regulation, which is why this article explores the requirements of MiFID II, the workload that this will create for financial institutions’ IT teams, and how technology innovations formulated with MiFID II in mind can reduce the time and complexity of regulatory compliance.
The requirements of MiFID II and the business commitment it requires
MiFID II will change the way financial services businesses need to record and store calls (both landline and mobile), as well as email, social media and SMS communications. As of 3 January, firms will need to keep records of these interactions for a minimum of five years – whether they resulted in a transaction or provision of services or not. And, crucially, the regulation calls for greater rigour in the storage and discoverability of this data – all records must be stored in a durable and easily accessible format.
The problem is that few financial institutions today will have the capabilities to record and store data in this way. Transactions can be long and detailed, involving a number of different parties. And while recording calls is standard practice across the industry, maintaining this data for five years will significantly increase the data requirements of any communications solution. In certain cases, firms may have to hold onto the data for seven years.
Another challenge with the sheer volume of data involved is that it must be archived in a format that is searchable. Currently firms typically ensure compliance in this area with spot checks, but this approach is not a long term scalable solution that will meet the needs of the new regulation.
Of course, analysing so much information is an extraordinarily time-consuming, and often a manual process. Hence why so many policies go unchecked. However, this kind of approach leaves institutions open to complaints around mis-selling. If they can’t prove a conversation happened, how can they defend themselves against the proposed negative results of it?
This is the challenge that MiFID II – at least in part – attempts to address. It places an incredible burden on financial institutions to analyse thousands of conversations, featuring multiple parties communicating on numerous mediums over a long period of time.
It sounds complex because it is.
How technology can help
Luckily, technology provides solutions to help financial institutions stay MiFID II compliant. Chief among them are voice-to-text platforms that rapidly and accurately convert any recorded call into an easily-searchable text format, with advanced analytics solutions that can be applied to review each conversation.
For businesses this means being able to use a mixture of keyword spotting and trend identification to detect high risk calls that should be flagged to security officers for further action. And, as the process is carried out automatically and algorithmically, call review times will be drastically reduced to the point that 100% of conversations can be analysed, instead of just a handful.
With the regulation coming into immediate effect imminently, businesses should be seeking technology that can be implemented quickly and tailored specifically to help meet regulations straight away.
New regulations require new technology solutions
Whatever one may feel about MiFID II or the GDPR, it cannot be refuted that they represent a step towards a more transparent future for the financial services industry – and one that puts the client at the centre.
Moreover, the new regulations are a symptom of the changing times, not a cause. And organisations must invest in the right systems, technology and processes that help them stay compliant with new, positive, ways of working.