On June 7th, the chair of the European Securities and Markets Authority (ESMA) confirmed there will be
no further delays in the implementation of MiFID II. With the date now set in stone – January 3, 2018 – compliance teams are scrambling to get ready.
And for the record, it’s no small task.
To understand the full breadth of this new regulation, you’d have to read thousands upon thousands of pages, which outline far-reaching compliance requirements covering everything from trade reporting, capital requirements and recordkeeping to security, monitoring and surveillance.
But for the purpose of this blog, I’m going to focus solely on the aspects related to financial communications compliance.
MAR (effective since 3 July 2016) and now MiFID II, have significantly broadened the scope of employees, asset classes, communication channels, and devices that need to be recorded and monitored, while also mandating proof of compliance and imposing escalating fines for compliance lapses.
Under MiFID II, all “communications that are intended to lead to a transaction” will need to be recorded, rather than the previous, narrower mandate of “client orders and transactions.” Additionally, every channel and mode of communication used by regulated users to conduct business – whether internal or external, inbound or outbound, pre-, during- or post-trade, front-office, back-office or mobile phone – must be recorded. This includes: voice calls, instant messages, emails, social media, SMS messages, chat, and unified communications platforms like Cisco and Skype.
In addition to recording these interactions, firms must also monitor 100% of these communications for market abuse, and provide clear, precise evidence of surveillance to regulators. Also notable, it’s no longer sufficient to just monitor for actual fraudulent trading practices; firms also need to monitor communications for ‘intent to commit market abuse.’
In short, this means firms will need to record more conversations, for more regulated users, across more modalities, and provide proof of compliance that they are doing so. They also will need to monitor for all types of market abuse – whether intended or actual.
Here are some best practices to consider as your firm gets ready:
Replace manual, human monitoring of calls with automated surveillance: As the monitoring requirements continue to expand, it will be virtually impossible to keep up by simply relying on manual methods you’ve historically used. You’ve probably heard a new buzzword – ‘unsupervised supervision.’ Basically, it means using automated analytics to identify potential risky conversations as a first line of defense against market abuse. The results are presented to an analyst who then continues the review process. Analytics engines can be trained to search for specific key words, or combinations of words, that could signify trader misconduct, or intent to commit market abuse. For example, a trader communicating in a chat platform might say ‘we need to take the conversation off-line…’ or ‘we need to have a face-to-face conversation…’ Through the use of analytics, the automated surveillance system would trigger an alert when these red flag words or phrases appeared in recorded communications.
Replace silos with a centralized, holistic solution: Today, regulated personnel have more ways to share information on financial transactions. A conversation that begins in a chat room can continue offline via some other communication device or method. The problem is – in today’s world, these communication silos might be managed by different people in your firm. There’s no one place to pull everything together. Under the new, more stringent and expansive requirements of MiFID II, it’s really critical for firms to have one centralized place where they can monitor and manage all communications, for all modalities, for all regulated users.
Beware of ‘garbage in, garbage out’– The use of advanced analytics for financial communications compliance has many advantages, but the output is only as good as the data on which the analytics run. Fortunately, technology can help here too. For example, through the use of new automated assurance solutions, firms can apply scheduled, automated recording tests to validate that every step in the recording process is working flawlessly, and to verify that all regulated personnel are in the system and being recorded, regardless of the mode of communication. In fact, whether this is done in an automated fashion or manually — compliance assurance is a requirement of MiFID II anyway. Financial institutions must be able to provide proof that recordings are being captured for all regulated users, and properly retained.
Regional regulatory requirements points to need for centrally managed, configurable solutions: Large financial trading firms need to manage compliance on a global level for a whole host of regulations. These regulations can impact different firms in different ways, because of the way global and regional banks are intertwined and connected. Regulations like MiFID II layer new complexities on top of an already-complex regulatory landscape. Banks may need to maintain certain global standards across all communications channels, while also complying with regionally specific regulations. This intersection of regulations and geography points to a need for centralized compliance solutions that can be easily configured to support varying retention rules, and other regional requirements. Having a centralized solution also makes it easier to ensure compliance for all regulated users, especially as new modes of communication are adopted and used.
Adaptable solutions for growing and changing regulations – Around the world regulators are starting to realize they’ve worded old rules and regulations for technology that’s now outdated. As a result, now, regulators are starting to
issue technical guidance that’s more agnostic. This means regulators are more inclined to tell firms
what they need to do to be in compliance, but not technically
how they have to do it. This is beneficial for firms because it means they have more leeway to select compliance solutions that can adapt to changing regulations, without becoming antiquated and outdated. Another aspect of adaptability that’s also critical is the ability for firms to leverage data from their compliance assurance system, for example by using an API to feed this data into a more comprehensive enterprise reporting system.
Ready or not – the countdown to MiFID II is on. Getting ready won’t be quick or easy, but if you follow the pointers above toward financial communications compliance, you’ll be on the right path.