Trading Communications Become A ‘Mammoth’ Challenge

Blog entry

The volume of securities trading communications that requires recording and the amount of time that regulators mandate that information be retained have become a “mammoth” challenge for financial services firms, according to speakers in a webinar hosted by Intelligent Trading Technology on April 25.

MiFID II goes far beyond the UK Financial Conduct Authority’s rules for recording voice communications about securities trading, covering “anything potentially related to a transaction — advisory discussions, post-transaction or cancellation of trades,” says Paul Liesching, global head of financial markets at Truphone, an electronic communication provider whose products include mobile device recording. “The scope of the subject matter has massively increased.”

Webinar Recording: Voice recording for communications surveillance under MIFID II/MAR

The FCA minimum required storage time for communications is six months, while MiFID II sets a minimum of five years for storage and a maximum required retention of communications of seven years. “What needs to be recorded and the time it needs to be held for has exponentially grown,” says Liesching. “This is very much a work in progress for MiFID II. It’s a problem that isn’t going to be perfectly solved anytime soon.”

Recording Solutions and Specifics

Time-stamping comes into play for communications records, as well. Regulators will demand that records of voice calls have time stamps as precise as those in instant messages or text message, according to Andy Mather, financial services and emerging markets technology at Telstra, an Australian communications network company.

Featured Download: Poll results on Voice recording for communications surveillance under MIFID II/MAR from our recent webinar audience

“If you want to reconstruct a transaction to regulators’ satisfaction, they have to be able to see whether an IM or text came before or after a voice call, to get the correct context,” he said. 

Just as time-stamping is being recognised as a key element for responding to regulators’ inquiries   about trades, issues around “bring your own device” (BYOD) policies can figure into producing records at regulators’ request. As firms increasingly have mandated that employees use their own mobile communication devices for company business, they are liable for the content of communications on those devices. This legal obligation is increased when the phone number for a personal mobile device is listed on the employee’s business card or in any contact details the company lists for that employee.

Voice communications or SMS text messages made using a private device with a SIM card (the identification chip for a device) registered to a company for recording purposes effectively are no longer private, observed Liesching. To avoid this legal grey area, BYOD could be done with applications on that device. 

“The challenge of having an application on a device is ensuring that the user is using that application when conducting a conversation around a transaction or potential transaction,” said Liesching. “Many firms have chosen to go down the ‘it’s always recorded’ route when they have users who need to be recorded. They have chosen to give them a device and enable that to be recorded rather than even try to deal with BYOD and recording.”

According to an informal poll of audience members conducted during the webinar, attendees are more concerned with having a means to record communications than trying to ban the use of mobile devices outright. Asked how their firms are addressing voice surveillance requirements, 62% said they were implementing recording solutions, while 36% said they were banning the use of mobile devices. The most challenging part of voice surveillance regulation is making records available for retrieval, said 45% of respondents, and implementing surveillance technology, said 40% of respondents. Only 10% said setting mobile phone use policies was the most challenging aspect of voice surveillance rules.

Readiness To Explain Activity

As MiFID II standards broaden the scope to include more communications related to possible or eventual trades, the mandate for recording and retention covers more communications overall, according to Mather. 

“You can’t say you’ve made 15 phone calls to customers but you didn’t talk about work on any of them,” he said. “You would be called out and told you have to record everything — and the regulator will decide what’s relevant or not. The fines are punitive and you want to err on the side of caution. … We need to capture everything. If you don’t record everyone in the network, you have to record them in the app.”

Voice and text communications are not the only possibilities subject to surveillance and attention, however. Skype and other video chat services, if they are being used for matters relevant to trading, are a new concern, as Hugh Cumberland, principal in the Cumberland Caine consultancy, explained.

“The [MiFID II] definition is electronic communication pertaining to a trade or potential trade, so if in Skype or in another form of video, you convey information about a trade, transaction or order — or potential ones — the dogmatic answer is ‘yes, that should be recorded,’” he said.

Management Pre-Requisites

Before a firm can effectively manage communications technology and related surveillance and recording technology, however, personnel and departmental responsibility must be clarified, according to Cumberland. 

“Compliance will tell you it’s the trading floor and the trading floor will tell you it’s somebody else,” he said. “It’s something to still be discussed but it’s effectively it’s the cost of doing business. If you’re not going to comply with MiFID II and MAR [Market Abuse Regulation], you won’t be doing business in this space. It’s as simple as that.”

Furthermore, whether firms use a BYOD policy or are providing devices to staff that they can monitor, human resources policies should be precise and clear about mobile device use and recording, according to Cumberland. “You also need regular education and re-education for the users so they know what’s expected of them,” he said.