How to prove your regulated users are being recorded

Blog Post by Linda Haelsen on

Part 2 of a 3-Part Blog Series on Compliance Assurance

Financial services organizations worldwide are under increasing pressure from mounting global regulations, including MiFID II. MiFID II significantly broadens the scope of employees, asset classes, communication channels, and devices that need to be recorded and monitored, while also mandating proof of compliance. Under MiFID II, all "communications that are intended to lead to a transaction" will need to be recorded, rather than the previous, narrower mandate of "client orders and transactions." More significantly, under MiFID II, it’s no longer sufficient to just record these communications; financial institutions must be able to provide proof that recordings are being captured for all regulated users, and properly retained.

In our last Blog Post, NICE Financial Communication Compliance Marketing Director Arno Sybrandy provided insights into "how to ensure you're recording the right communications." In this blog, he discusses the complexities around the second requirement of MiFID II which involves providing evidence of compliance.

What are the new MiFID II requirements around proof of compliance? And how can I provide evidence of my firm’s compliance?

Arno Sybrandy: While MiFID II broadens the scope of regulated users and asset classes that need to be recorded, the biggest change is around assurance of communications compliance. Essentially, banks need to be able to prove that every regulated user is in the system and being recorded. So not only are banks under pressure to make sure they’re recording the right people, they need to provide evidence that all of these people are being recorded.

  • Article 16(6) of the MiFID II regulation specifically states: "An investment firm shall arrange for records to be kept of all services, activities and transactions undertaken by it which shall be sufficient to enable the competent authority to fulfil its supervisory tasks and to perform the enforcement actions under this Directive, Regulation (EU) No 600/2014, Directive 2014/57/EU and Regulation (EU) No 596/2014, and in particular to ascertain that the investment firm has complied with all obligations including those with respect to clients or potential clients and to the integrity of the market."

Basically, this means that the old “record it and forget it” mode of business is no longer acceptable. MiFID II exerts a requirement on banks to prove their recording estate is not only operational, but that it is in fact capturing all communications for each and every regulated user on a continuous basis. As you can imagine, for most banks (which rely on manual reporting and recording checks) this new mandate has the potential to create some huge headaches.

That is one of the very reasons NICE created NICE COMPASS. In fact, we’ve built entirely new applications around "evidencing" to help banks automate compliance assurance processes and when necessary, provide evidence of compliance.

To prove compliance, NICE COMPASS offers automated reports that answer these key questions for compliance officers and regulators:

  • Are all regulated users in the system?
  • Are they all being successfully recorded?
  • For each regulated user, are all of the correct devices being recorded (turret, desk phone, mobile phone, unified communications)?
  • Are all the retention periods configured correctly for each regulated user, and are recordings being retained for the proper amount of time?

Compliance officers no longer need to waste time manually compiling data to get answers to these and other compliance questions. NICE COMPASS’ automated reports provide a thorough, step-by-step reconciliation of the entire recording process for all regulated users as proof of compliance.

How can I be 100% confident that my firm’s recording system is functioning as it should, at all times?

Arno Sybrandy: There are two elements of assurance: the first is reporting (or proof of compliance); the second is ongoing monitoring to ensure that systems are operational. Today, financial institutions employ small armies of people who literally walk the floor, pick up trader turret phones and do test calls. This is a daily, or in some cases, weekly practice.

Of course there have always been a lot of headaches around this process. But it wasn’t until MiFID II that firms had a real catalyst for change. Faced with a mandate to record more regulated users, more asset classes, and more modalities of communications, the prospect of walking around and performing manual recorder checks has suddenly lost its appeal.

Fortunately, NICE COMPASS has replaced this error-prone, inefficient manual assurance process and in its place injected more control, better processes, and an element of automation that didn’t exist before. Now, scheduled, automated recording tests check every step in the recording process to verify that all regulated personnel are in the system and being recorded with good audio quality. COMPASS also checks to ensure that recordings are being properly secured and retained. It can even simulate calls to make sure that all system elements (the network, gateway, PBX, recording, audio quality, archiving, and retention) are fully functional.

All of this information is easily visualized on a compliance assurance dashboard so your firm’s IT team can proactively monitor compliance status across the global enterprise, and instantly be alerted to any problems.

Another requirement of MiFID II is that all outside parties are aware their conversations are being recorded. Does NICE COMPASS address this too?

Arno Sybrandy: With interbank trading, it has always been common practice to put fine print in the bank contracts that stipulate that calls between traders are to be recorded. But with MiFID II expanding the scope of regulated users to any person within the firm involved in any communication that could result in a transaction, including for example advisors, consultants and those involved in back-office operations – there are new complexities around what and who needs to be recorded. This also throws the once-implicit understanding of which calls were being recorded out the window.

NICE COMPASS provides fool-proof compliance of this new requirement of MiFID II by automatically playing a recording announcement at the beginning of each call for every regulated user, regardless of the device they’re using to communicate (for example a turret, desk phone, or mobile phone).

Where can I find more information?

Arno Sybrandy: Below are some links to resources that compliance and IT managers can explore to learn more on this subject: