With MiFID II looming, finance businesses across the UK will be reviewing their practices to ensure the way they work complies with the new regulations. Here, Alex Tebbs, Founder at VIA, explains what the regulations mean for the way we communicate as businesses, and how your business can comply come January 2018.
MiFID II is a targeted regulation update that aims to improve transparency and better protect both providers and customers of the finance sector.
In that sense, it exists to make things better for everyone; but with the January deadline looming and uncertainty still rife around the impact of Brexit on the update, many in the finance industry are still considering the best way to achieve compliance in their business.
It’s a regulation update made up of many facets, one being the requirement for businesses to record their communications in any instance where that conversation results in, or intended to result in, a transaction. Those communications must be retained – and be accessible when called upon – for five years after the event.
Creating a post-MiFID communications plan
In many ways, the communication requirements of MiFID II make a lot of sense. By recording our conversations, we can be sure that we are serving our customers in the best way, and that they are protected from any potential misunderstandings or misdemeanors.
But in today’s multi-device, multi-location business landscape, compliance isn’t so simple. While once we would have communicated on one device (likely a landline) and from one office, the reality of business today is that we often use multiple devices (and even encourage colleagues to bring their own devices) and operate across multiple locations, including remote working from home, offices in different countries and communications on the move.
This presents a challenge for finance professionals. How do we achieve compliance in this complex communications landscape?
The best place to start is with a review of your existing communications plan as a business. You’ll need to work out what platforms and devices are used to communicate, and make a record of all of those, as they will need to be included in your recording strategy. Be aware that this mightn’t be as straightforward as it sounds, and it’s likely to take time to uncover all the comms platforms in use.
The next step is then to work out how best to record those communications. On a landline, this would require hardware such as a microphone plugged into the handset. There are various apps that make it possible to record calls on a smartphone or via clients like Skype.
An alternative to this somewhat clunky process is to invest in a unified communications platform. This brings all your communication tools – smartphones, landlines, Skype, instant messaging, text – onto one platform which can be easily controlled from one portal, making recording and keeping those conversations a much easier, quicker process.
However you choose to manage your communications, one thing is clear; you will need to be able to both record, and keep, those conversations from January when MiFID II comes into play.
Security considerations in communications
It certainly won’t have passed by your attention that another sizeable regulation update is taking place in 2018; namely, GDPR, an update to data protection rules.
With GDPR putting renewed emphasis on security – and with MiFID’s requirements for comms recording – security should be placed firmly atop the agenda of financial firms.
There are various options on how we achieve security in communications. The most universally relevant and powerful is that of end-to-end encryption; with the main risk of unsecured comms being that communications could be intercepted en route, end-to-end encryption removes this risk by making the information, even when intercepted, entirely useless.
For those businesses using a unified communications platform, encryption and many other security considerations are included as standard, with large investments being made by those companies into stress testing their platforms and removing any vulnerabilities as soon as they are considered as a potential risk factor. For those using separate communications channels, a strict security testing strategy will need to be in place to ensure all communications are safe and private.
In terms of retaining those recorded conversations, security is a concern once again. Secure servers and storage areas are a must; consider also who has access to these recordings, and ensure they have a signed agreement in place that complies with data protection rules, and that your business’ data protection processes are up to date – especially as GDPR hits in May 2018.
MiFID II and the communications landscape
There is much left unknown about how MiFID II will affect finance businesses in the long run, and it’s likely that the implementation of its regulations will uncover complexities that need to be clarified as we move into the new year.
With that said, the communications element is prescriptive; finance professionals must record and maintain a record of all communications, regardless of device, platform or location. Is your business ready?