For companies in the finance sector, 2018 will be an even more troublesome year than usual for two primary reasons: the implementation of the Markets in Financial Instruments Directive (MiFID II) which came into force on January 3,2018 and the enactment of the EU’s General Data Protection Regulation (GDPR) which took effect on May 25, 2018.
With MiFID II and GDPR now in effect, many financial services firms are struggling to comply with the varying and conflicting regulatory regimes and more detailed and intrusive reporting requirements.
1. Conflicting Archiving Requirements
As mentioned in our previous post, one of the challenges facing financial firms is the apparent contradictory recordkeeping requirements between MiFID II and GDPR. MiFID II requires financial firms to capture and archive employee conversations more thoroughly than the previous version of the legislation. As directed, firms have to archive SMS text messages, Instant Messages (IMs), email, telephone calls, and video calls and other trade-related communications.
On the other hand, GDPR requires companies to have their clients’ consent first before they can collect the personal data – a requirement which still baffles many financial firms today.
However, resolving this conflict is not as difficult as most people think. Having a system in place to ensure that a client has provided his/her consent that complies with these new legislation can help address the difficulties around archiving client communications. Investing in an enterprise mobile archiving platform should also help reduce the burden of distinguishing trade-related messages from personal conversations of employees.
2. The Right to be Forgotten
Many financial firms are also concerned that their compliance with the 5-year archiving period of the MiFID II might cost them more for breaching the ‘Right to be Forgotten’ of the GDPR. However, experts have already clarified that the 5-year retention period of MiFID II trumps the requirement of GDPR.
This is because while the GDPR provides the clients with the right to require all their personal data to be deleted, the financial company with a legitimate reason to retain the information, such as trade-related conversation, can keep the data for at least 5 years. However, financial firms, of course, are obliged to inform the customer that the conversation will be recorded and archived,
It is also important to note that a client of a financial firm – under GDPR – has the right to stop the company from using their personal information for other purposes, such as targeting them with new products and services.
3. Governance Nightmare for Large Firms
For larger financial organizations, the burden that GDPR places on them is a lot more significant than MIFID II. For instance, a multinational trading firm will have a more challenging time managing IT systems responsible for keeping personal data safe and secured. Therefore, it is extremely important for large organizations to invest in new IT systems and policies that will allow all departments to oversee the status of clients’ information in real-time, as well as will help them ensure that only the authorized personnel can access such information from authorized machines and devices.
MiFID places a less logistical burden compared to GDPR in that it only requires significant changes in particular departments of a financial organization. MiFID II, in general, does not require significant investments that have to be made in back-office functions but requires substantial governance initiatives from trading operations.
4. Increased Regulatory Compliance Cost
The implementation of these two key pieces of regulations has further compounded the cost of compliance. In 2017, the declining profits have forced many global banks to slash the number of their compliance staffs, a move which many experts believe will further make it difficult for these firms to achieve compliance in 2018.
In order for companies operating with only a handful of compliance staff to minimize the costs of compliance, it is imperative to have a unified mobile archiving platform in place. A platform like TeleMessage can give financial firms the ability to control how their data is recorded, archived, and accessed according to departments or data types. Routing, storage locations, and data encryption can also be configured to ensure that communication collected are kept in a secured manner.
Implementing these kinds of controls should allow financial firms to meet the diverse and ever-changing local, regional and global regulations without sacrificing department autonomy or process efficiency. Technology also makes it easier to automate manual tasks like transcribing and reporting, therefore enabling companies to focus on core functionality and adapt to changing regulatory requirements faster.
TeleMessage is a global leader in enterprise mobile messaging solutions that offer robust and holistic mobile archiving platforms. Our Mobile Archiver is equipped with features that enable organizations to comply with both GDPR and MiFID II archiving requirements such as automatic deletion of records in case of a customer opt-out, data extraction and tagging, end-user notification in case of breach, and advanced data security options for maximum protection of customer data.
Visit our website today www.telemessage.com to learn how TeleMessage platforms can help you achieve compliance with both MiFID II and GDPR.
