Since 2011, call recording has been a central requirement of Financial Conduct Authority (FCA) in the UK, but now this requirement will become mandatory across investment firms operating across the European Union (EU) – all because of the 2018 implementation of MiFID II.
To better understand the implication of the new regulation for the financial service sector, we list here the critical changes in call recording requirements under the new MiFID II European financial directive.
- At present, the call recording requirements of MiFID only apply to the conversations of persons directly involved in securities trading. Under the new directive, the conversations that must be captured will also include those from anyone involved in the advice chain.
- According to estimates, the number of financial firms and employees within the company that need record conversations will increase by approximately a factor of ten.
- The new call recording requirement covers not only investment firms and individuals, but also the locations in which these conversations – in-person or electronic – take place.
- The regulation will also require all communications that are intended to lead to a transaction to be captured and archived. This broadens the scope of the previous, narrower mandate of “client orders and transactions.”
- Firms are required to maintain records in their original format; communications cannot be altered or deleted.
- Financial firms need to retain these recordings longer: from 6 months under the current regulation to a minimum of 5 years under MiFID II. While most regulated UK firms already retain five to seven years of records for best practice, it will now be mandatory across EU.
- Under the new regulation, it is also the responsibility of the firm to maintain call records of the highest voice quality, to make the investigation and prosecution process of potential market abuse more efficient.
- Merely recording conversations is no longer sufficient. Firms need to take a more proactive approach in reviewing the records of all transactions and orders, including relevant communications to monitor compliance with MiFID II requirements.
- Firms will be expected to demonstrate to the relevant national regulators the policies, procedures and management oversight of these recording and monitoring rules are in place.
MiFID II Face to Face Recording Requirements
Regarding the recording of face-to-face meetings between firms and their clients, the MiFID II directive Article 16(7) states, “In particular, the content of relevant face-to-face conversations with a client may be recorded by using written minutes or notes. Such orders shall be considered equivalent to orders received by telephone.”
This ruling has been viewed as too vague by many firms, which led to some debate over whether a company or a broker agent should make use of an audio recording device during face-to-face meetings. The FCA clarified this in a roundtable in July 2015, when it confirmed that the rules would not make the audio recording of face-to-face meetings compulsory.
Nonetheless, it is vital that firms have the necessary policies and processes in place to ensure that minutes of face-to-face meetings are accurately recorded and efficiently monitored. Under MiFID II, if a company cannot produce accurate records during a financial dispute, they will be at a disadvantage and could face significant penalties with the implementation of the new directive.
Fixed Line and Mobile Recording Implication to Privacy
The FCA has mandated the recording of both fixed line and mobile calls since 2009. In the UK, financial firms were able to meet the fixed-line and mobile communications recording requirement by implementing on-site solutions which would connect to the firms’ network.
However, the recording of mobile phone conversations presents some privacy issues that would mean potential non-compliance with another Europe-wide legislation known as the General Data Protection Regulation (GDPR) which will come into effect in May 2018.
Under GDPR, non-compliant firms face much higher fines for data misuse than the current UK Data Protection Act – an equivalent to a whopping 4% of their total worldwide turnover. In the case of mobile phone recording of MiFID II, firms will need to find a viable way to capture business communications without also recording personal calls. It is also worth noting that even if the company never listened to the recording, they are still at risk of breach of GDPR as personal calls could be classified as “sensitive personal data.”
MiFID II Voice Recording
These conflicting mandates highlight why it is exceptionally crucial for financial companies to implement the right enterprise mobile phone archiving solution that will provide them quick access to complete historical data on transactions without breaching the privacy regulations stipulated in GDPR. A MiFID II-compliant platform should be able to help the firm follow the archiving best practices, and build a capability to respond to emerging recordkeeping requirements with relative ease and cost-efficiency.