It is 6 months since the Markets in Financial Instruments Directive (Mifid II) came in to force and two months since the General Data Protection Regulation (GDPR), which means you are probably feeling the effect of regulation exhaustion. It is undoubtedly a long and tiring road to get to a stage where you can say, with confidence, that the organisation is compliant with these landmark pieces of European regulation.
Now is the time to look at how you, as a Compliance Officer, can make life simpler for yourself when it comes to satisfying your internal and external stakeholders. You may be surprised to know that Mifid II has the potential to make the day job just a little bit easier.
As Compliance Officers led the charge in readying their organisations for Mifid II, there was a strong onus placed on ensuring voice recording (this was already standard for the vast majority of financial institutions) and electronic communications could be captured, indexed and archived for the required five-year period. However, as you are well aware, Mifid II is about far more than storing communications and being able to retrieve it upon request. There is a clearly defined expectation within the regulation that organisations must be proactive in the detection and deterrence of market abuse and possess the ability to reconstruct communications for investigative purposes and demonstrate Best Execution.
Capturing Cross-Channel Communications
This can present a major challenge with just one communication channel, but today in our work and private lives we take an omni-channel approach to interactions and transactions. A communication thread linked to a trade may start on SMS or instant messenger app, switch to a land-line or turret call, then voicemail on a mobile phone and be followed-up with a chain of emails. What’s more, it may involve more than two parties. It is a world away from a time not so long ago when everything would have been done via the turret.
In our eyes moving from one channel to another is seamless and natural way of communicating, in the eyes of the Financial Conduct Authority (FCA) it should be easy to makes these accessible to them should they request it, but for organisations that store data in siloes in disparate format it isn’t so simple.
Research conducted by TeleWare in late February 2018 (after Mifid II came in to force in January) found that… “40% of firms are risking non-compliance with Article 16 of MiFID II.” This despite the huge publicity in the financial industry media that surrounded the former Investment Banker, Christopher Niehaus, being fined £37,198 by the FCA in March of last year, for using WhatsApp to share confidential client information.
RegTech Is Good News For Compliance Officers
The truth and good news for Compliance Officers is that despite the perceived roadblocks of siloed data held in different formats etc, it can be a very straightforward procedure to reconstruct cross-channel interactions, well within the 72-hour deadline that the regulator typically sets.
The challenge for the Compliance Officer is that not all RegTech solutions are made equal, yet all purport to offer the same return-on-investment – to deliver compliance. RegTech is a relatively new buzzword, as are the myriad of the technologies that fall under its umbrella.
Enterprise Ireland has recently published a report entitled ‘Regtech: Beyond Compliance – How are companies using regtech to meet growing regulatory demands in financial services?’ and its author, Frost & Sullivan’s ICT Senior Analyst, Deepali Sathe is quoted saying: “RegTech solutions are agile, secure and automated, thus simplifying the adherence procedures. These solutions can be integrated with existing systems and complement the current compliance teams. The impact is visible with better compliance, reduced costs and enhanced decision-making.”
However, be careful in your selection! Some do not cate for ‘all’ electronic communications (a prerequisite for Mifid II) whilst others can be unsympathetic to the plight of large financial institutions that have invested heavily in and continue to use tried, tested and trusted legacy systems. As such the deployment and use of some of these all singing and all dancing systems can be slow and cumbersome, as the organisation finds itself at the solutions ‘my way or the highway’ model.
So, How Do You Know How To Make The Right Choice?
The one question to ask of a RegTech solution. Look for a system that is agnostic to the numerous different data formats that are in use within the organisation today but may also be present in the future. And ask this simple question…
“Will the system enable me to quickly create a definitive, accurately time-stamped reconstruction of an entire interaction, irrespective of the channels used, which I can easily use for internal investigation and submit to the regulator to meet their requirements?”
However, it is important to stress that such a capability should not be purely viewed as a compliance cost, as the benefits can be much farther reaching. As important as it is to safeguard the organisation again the fines that can be levied by the FCA (which are just as eyewatering as the headline grabbing sums the ICO can apply), the value of being able to detect instances of intentional and unintentional malpractice, that could cause financial harm and reputational damage to the business, has a substantial benefit to safeguarding the future prosperity of the entire organisation.
As with any regulation you can view it as a time consuming and expensive resource drain or take the positive that it nurtures accountability and transparency, not only with the regulator, but also ensuring and evidencing best execution to the wider organisation and its customers. What’s more, there are anecdotal reports circulating that the right RegTech solution can result in efficiency gains of at least 30% through automating and streamlining key aspects of the compliance process. Now imagine what you could do with that extra day each week!