2018’s calendar of financial activity is already looking very busy, but for a large number of industry practitioners there is one date writ large. 3rd January 2018 sees the European Union’s (EU) revised Markets in Financial Instruments Directive 2014/65/EU, known as MiFID II, come into force.
At the heart of the new regulations, the first update to the initial directive since 2004, is a desire from the EU to further safeguard the workings of financial markets in the region.
Very few firms will be unaffected by the new rules with investment banks, private banks, asset managers, custodial service providers, retail banks, broker-dealers, financial advisers and market infrastructure providers all directly impacted.
The cost of implementation for many, in terms of both time and money, has been well-documented. But what has been largely been ignored by many covering the impact of new rules is the extent to which those affected can turn the changes to their advantage over the competition.
This is particularly pertinent when it comes to a critical piece of the MiFID II puzzle – the effective monitoring of communications at affected firms, whether it be interactions between individuals within a single organisation or communications with clients and other external parties.
Smarsh is a market leader in the monitoring and archiving of communications, working with many leading financial organisations seeking to turn the perceived threat of new regulations, such as MiFID II, into opportunities. And while there are many facets to the new regulations, we believe there are three central principles for communications monitoring that affected firms should consider when implementing the new rules.
1. Capture it All
MiFID II starts with the need to reliably record, store, supervise and reproduce all transaction-related communications — whether or not, ultimately, they lead to a transaction — from the channels being used today…and tomorrow.
There has been an explosion in the number of the number of ways we communicate with each other in the workplace. These include traditional electronic communications such as email, text messaging, social media and instant messaging, but increasingly wider enterprise collaboration tools such as Slack and Workplace by Facebook.
MiFID II requires firms to record a range of telephone and electronic communications over any business or personal device. Yes, that iPhone you pay for out of your own pocket but which you occasionally use for work purposes is within the scope of the new rules too.
The minimum period for record retention is five years, but national authorities can extend the period for up to seven years. Firms are also required to maintain records in their original format; communications cannot be materially altered or deleted.
Recordings must be archived and kept available to satisfy requests from EU regulators. “Relevant” communications can take place using any medium, relate to any category of customer, and even includes communications that do not ultimately result in a transaction.
2. Reveal the Risk
Under the new rules, firms must establish supervisory policies and procedures to ensure that permanent employees and contractors comply with MiFID II. These policies and procedures must be fit for purpose, work and include an appropriate degree of senior management involvement.
To get to the core of the risks being faced, firms need to filter out the noise and focus on the communications that pose the biggest threat. Policies are only as good as your ability to enforce them.
3. Respond Now
If the regulator comes knocking — or your internal supervisory team want to investigate a matter — the faster and easier you can find, retrieve and reconstruct conversations, the faster you can take pre-emptive actions. And the less resource you will spend in the process.
Firms that capture and index communications can respond smartly, mining their newly collected information wisely, can quickly gain valuable data-driven insights and trends that can power new business successes.
Regulators such as the Financial Conduct Authority (FCA) in the UK have stated that they will be understanding of firms that have not implemented policies yet, but only to the extent they have made all reasonable efforts to be compliant by the deadline and, where there are gaps, they have a demonstrable plan to ensure compliance as soon as possible thereafter.
After months and, in some cases years of work, January 3rd, 2018 might be viewed as the end for those grappling with the implementation of MiFID II.
But for those firms looking to go further and leverage new and emerging communications to flourish in a corporate environment – enabling compliant productivity – the opportunities are only just emerging.