MiFID II; Ensuring Compliance Across the Financial Sector

By Ralph Awad, Director of Cloud Operations, Calabrio

New MiFID regulations taking effect in 2018 will impose further restrictions on the financial sector. The directive requires all financial sector employees directly involved in trading to record their calls. But in an industry as extensive as finance, how can we hope to ensure compliance for every conversation, across every channel?

In the past, MiFID was almost entirely focused on arbitrage within the finance sector proper, but new legislation expands the directive to cover anyone providing advice that may lead to a trade. MiFID II states that regardless of the original intent of the call, if any conversation evolves into a trade, the whole conversation must be recorded and stored.

Policy makers are confident the new policy will eliminate the means to conduct insider trading. The guidelines make this a measurable, defensible initiative. All recorded conversations must be stored for five years with the captured files searchable to the extent any record can be sourced and analysed immediately upon request.

For many cloud industries this directive is an exciting opportunity, as financial companies will need a system with substantial storage capabilities to comply with the new rules. However, a noticeable absence in much of the new regulatory discussion is that the conversations we want to capture aren’t necessarily taking place on recorded channels.

This is challenging even for technology to govern. So what are the finance sector’s options right now and how can we help to ensure compliance where calls might happen outside of mapped and compliant channels?

Ensuring longevity and innovation

Faced with impending regulation changes, larger companies may opt to go it alone and rely on systems and hardware of the past.

Legacy call recording solutions will require additional hardware installation, expert personnel, software licenses and the hardware itself—a costly proposition. The average lifespan of hardware is three-to- five years and then the cycle starts again.

Equally, in a traditional business environment the average server is only used up to approximately 15 percent of its total capacity. The rest of the time, servers are consuming power, producing heat and occupying data center space. It takes more power to cool the equipment and restart the cycle. Studies suggest that only about 40 percent of data center power is actually used to fulfill the IT requirements, not to mention the environmental impact.

However, armed with their own compliance officer and the means to store a vast amount of data, multinationals may still consider sticking with their incumbent storage solutions.

One important consideration for these operators will be customer concerns over security and confidentiality when recording their calls. Equally, the means of retrieving data through these legacy solutions forgoes smart searching, making it nearly impossible to locate certain call information.

Shared ownership

Alternatively, companies can choose a cloud path, thus reducing storage footprint and the cost of IT labour, and transferring a portion of responsibility to the cloud provider.

The cloud provides all the scalability required by an enterprise, along with the service value of a chief compliance officer. And with utility-based billing, in the long run the cloud is often more economic and uses green, environmentally friendly technology. A well-architected cloud computing environment can have average server utilization as high as 85 percent.

Lastly, many agree that the best part of going cloud is the ease of use—cloud services can be delivered over the internet with an intuitive user interface. However, the technology provider simply delivers cloud computing and storage, it’s still up to the enterprise to comply with relevant regulations. For instance, providing the services that can adhere to the law but if the client doesn’t set their retention to five years, they are not compliant.

Time for due diligence

Lawmakers have an objective to create a level playing field. All companies will have to dedicate time to govern communication within their ranks using officially issued devices, applications loaded to personal devices or policies not to use personal devices when conducting official business.

But of course, regardless of whether the cloud is used, the kinds of conversation that MiFID has been created to monitor don’t necessarily take place on compliant channels. There are still thousands of ways of these conversations can take place that enterprises don’t catch or track.

In that case, they need to turn to new analytics technologies that have the power to track not only what is said and how it is said in recorded conversations, but also what’s not said and what’s not recorded. For MiFID to work, due diligence involves identifying those employees who fall off the radar. For instance, if tools haven’t recorded any calls from an employee in two or three days, alerts can be sent to management to warn them business calls may not have been recorded.

Whether conversations are recorded on-premises in legacy systems, or in a modern cloud contact centre, an enterprise’s best defence is to set clear paths for MiFID II compliance and educate employees on best practices to stay on track.