Regardless of the implications over Brexit, the spectre of MiFID II still remains. For some organisations, it will just require a strengthening of processes and procedures already in place to ensure communications data is compliant. But for others such as
commodity traders who are now no longer exempt, it’s a much larger remit.
The five points below look at the key areas in ensuring communications data is compliant and provides an overview of the challenges organisations should consider.
Record-keeping: Firms must capture records, in context, across multiple channels from all approved devices. Content—not channel—is determinative.
Whilst content drives the compliance factor, the sheer volume of different communication tools can make it seem like an overwhelming task to capture everything. Determining who can access what services on which devices, educating users about policies and
procedures, and implementing technology to enforce policies as well as record authorized channels will help to control the amount of record-keeping required.
Supervision: Firms must demonstrate effective oversight and control over policies and procedures relating to firm communications.
It’s easy to think that if you have already implemented supervision of all communications data that MiFID II won’t affect you. However the new regulations expand the mandate to include communications that are
intended to lead to a transaction. For some firms this will vastly increase the amount of communications data required for review, creating new problems both in terms of resources and potentially missing market abuse. You can read more about the issue
Reconstruction: Firms must be able to supply regulators with communications associated with a specific trade.
Being able to reconstruct past events accurately is crucial to MiFID II. Who said what, and when, is suddenly far more complicated to reconstruct if a trader has been using several different communications tools, as opposed to the few email exchanges that
was typical of the past. Consider ways to store interactions as conversation threads, instead of separate messages. This will make it easier for reviewers and auditors to quickly grasp the meaning of a conversation, saving you time and money in the long run.
Retention: Firms must make records available to clients for five years and for up to seven years for regulators.
Many legacy email archive systems have been expanded to included retaining social content and other communications data by running a back-up a couple of times a day. But do they really capture the conversation as it happened? Today’s communications tools
are no longer static messages. People can delete, alter and generally manipulate conversations all too easily. Without a real-time archive of interactions as they take place, organisations are leaving themselves open, not just to compliance issues, but potentially
legal ones too. You can read more about the problem here:
Storage: Records must be maintained in a durable medium that cannot be altered or deleted, but must be searchable and readily available upon request.
The problem with storage is that each time a request is made on archived data it increases the risk of introducing a point of failure. Organisations need to consider maintaining a full copy of data in a permanent place or using legal hold features within
archiving technologies to ensure the integrity of the data.
Ultimately, comprehensive record keeping is critical to maintaining communications compliance. By following best practices, firms can communicate and collaborate with partners and customers in a way that suits their business, regardless of MiFID II or other
future regulatory requirements.