Streamlining your compliance efforts requires a detailed and actionable plan. Here are five reliable steps you can follow to optimize your efficiency, based on our own experience from the industry and experiences shared by our clients.
This article is part 5 of a 6-section whitepaper on ensuring proactive compliance in an increasingly rigid regulatory environment. Fill out your details below to download the complete whitepaper.
This article is part 5 of a 6-section whitepaper on ensuring proactive compliance in an increasingly rigid regulatory environment.
Step 1: Get an overview of available channels
To ensure compliance with MiFID II, Dood-Frank, and other regulations, you must get a complete overview of all channels your company uses to communicate with customers and verify that your internal regulations and routines for recording and storing data include these channels.
You may manage communication channels in one of two ways:
- You can make sure that all relevant communication through a specific channel is recorded and stored appropriately.
- You can make these channels inaccessible as a means of communication.
Keep in mind that the regulations specify that the requirements for recording data include all communication that may lead to the provision of investment services or the exercise of investment activities.
Step 2: Store data from multiple channels in one central system
One of the main challenges for compliance officers is to get an overview of all contact points between multiple people on both sides of a transaction, spread across a wide array of communication channels.
This is especially true if that information is stored in different systems depending on what channels have been used to communicate.
The only sustainable solution to get a complete overview is to have one central system that enables you to collect, store, search and replay all forms of communication.
A centralized system makes it easier to create a complete audit trail because compliance officers can search across multiple channels to verify that all interactions have been handled appropriately.
Step 3: Record all interactions with stored data
Data security – and more specifically how data is stored and processed – is central to both financial regulations and the GDPR. According to the regulations, no one should be able to change or delete data in an audit trail.
Sensitive information shall only be available to the person, or persons, who constitute the company’s control function. Therefore, you must use a system that can document who has access to what information, how the data is stored, and for how long this data will be stored.
Additionally, your system should offer a "Data Life Management" function that ensures that the data is stored for exactly the period specified by the regulations, and tracks who has accessed and/or retrieved data throughout its life cycle.
Step 4: Automate risk management and reporting
By using a centralized system for recording all communicating channels, you have the option to prioritize and automate communication monitoring based on data-driven risk assessment. The system should be able to identify deviating trading patterns, or particularly exposed transactions, such as first-time purchases or high-volume agreements.
Additionally, you should have access to standard information about your customer, which broker he spoke to, when the conversation took place and what they talked about across all channels, in one single interface, enabling you to add comments, tag important segments and classify the different conversations for quick retrieval at a later date.
The system should also enable you to generate templates for compliance reports that provide additional information and contribute to more efficient reporting.
Step 5: Whitelist surplus information
Regulations require you to avoid storing surplus information. To comply with these requirements, compliance officers need smart whitelisting features that enable them to easily define what to record, and what not to record.
There are two main types of whitelisting:
- Global whitelisting: This includes communication with local services such as car services, takeaway restaurants, and the café on the corner. Additionally, recording calls to emergency services is prohibited.
- Private whitelisting: Communication with friends, family, and relatives.
These are typical examples of surplus information that should be filtered out before recording, and not deleted afterward. This can be achieved by entering phone numbers, email addresses, chat IDs, and employee IDs.
Questions to reflect on:
- How can you implement these steps to streamline your compliance efforts?
- Do you have access to a system that offers smart tools and functions to aid your proactive compliance work?