MiFID II requires that you have a good overview of all communication between your company and your customers. That can be a challenge when the conversations take place across multiple channels.
The customer journey has changed significantly the last few years, and as a result of this we now communicate with customers and leads in a different way than in the past.
Imagine the following scenario:
A brokerage firm publishes an ad for investing in a new fund on Facebook. A customer reports his/her interest, and requests a prospectus. A broker confirms the interest and sends the customer an SMS.
The customer replies, and the broker follows up by calling him on his mobile phone. A while later, the broker receives an email from the customer who wants to further discuss a possible investment over Skype.
We communicate in many different channels
The scenario above is a typical example of a modern customer journey. A long time has passed since all communication happened over phone or fax. Today’s brokers are likely to have many contact points with the customer - distributed across a wide range of channels.
Brokers and salespeople communicate with customers through:
- Landline
- Mobile phone
- SMS and MMS
- Web conferences and online events (e.g. Skype Meeting Broadcast)
- Chat (on own websites or via services such as Symphony)
- Social media (e.g. LinkedIn)
According to the new MiFID II regulation companies are required to record all communication that could lead to a transaction, and in May this year GDPR will also introduce new requirements as to how this information is stored and handled.
As the company's compliance officer it is your task to have a complete overview of how the brokers interact with customers, while also making sure that all rules and regulations are complied with.But how do you resolve this task efficiently?
– Extremely important with clear guidelines
– The legislation requires you to have an overview of the channels that your brokers and salespeople use. That’s why it’s extremely important to have clear procedures and guidelines for internal communication within the company, and a systematic setup of allowed channels that give you, as compliance officer, full control, believes Business Developer Bjørn Loe in GuardREC.
In order to resolve this in an efficient manner, it is absolutely essential to have a centralized system for recording and storage of data.
With a system like that it will be easy to record all communication in all approved channels. Furthermore, the company’s compliance officer will easily get visibility into all the relevant information - in addition to a complete audit trail for each individual customer relationship.
Ensure good information flow
With a solid system in place that provides you with a full overview, the next step is to ensure good information flow within the company.
– All brokers and salespeople need to be aware of the guidelines and know which communication channels they can and should use, emphasizes Loe.
He also points out the importance of following up everyone who communicates with customers to ensure that they act according to the guidelines.
– As the compliance officer you often end up being stuck between a rock and a hard place. You need to satisfy the board, the management, the brokers and the salespeople who want to sell as much as possible, but you also need to deal with the legal requirements, laws and regulations. Your job is in many ways to keep control of it all.
Although the responsibility for compliance according to the legislation ultimately falls on the management, it's the responsibility and task of the compliance officer to ensure that laws and regulations are followed in practice.
– To summarize, it’s the responsibility of a compliance officer to make sure that the ones in charge always have control of everything that happens, says Loe.
Read: How will GDPR affect your initiatives to stay MiFID II compliant?
Avoid saving unnecessary and additional information
MiFID II clearly states to record all relevant communication between broker and customer, across all channels. But what about the information that should not be saved and stored?
– We often use these channels for private communication as well. That’s why it’s important to have clear guidelines in place for what should be considered additional, surplus information, and for the company to define what kind of communication that should not be recorded, emphasizes Loe.
The mobile phone is a classic example of this issue.
– A broker probably uses his or her mobile phone a lot, both at work and in private. All communication a broker has with a customer needs to be logged, but when a husband, wife or child calls then this information is of course not supposed to be saved. After all, the employees have a right to privacy, without constant surveillance.
Is your company really as compliant as you think it is? Take our quick test to find out!
What is not supposed to be recorded?
According to the regulations you are required not to save any additional information. In order to tackle this issue, each compliance officer should work in a system with good whitelisting features, making it easy to define what information to record and what not to record.
We primarily use two types of whitelisting:
- Global whitelisting:
This includes communication with suppliers such as taxi services the company has used, food deliveries and the coffee shop around the corner. In addition, it is not allowed to record calls to emergency numbers. - Private whitelisting:
Communication with friends, family and relatives.
These are typical examples of excess information that should be filtered out through a central system. This can be done by entering the phone number, email addresses, Chat IDs and employee IDs, followed by a descriptive comment.
– It’s not good enough to delete this type of information from the system afterwards. There need to be guiding principles in place that ensure that those calls won’t be recorded in the first place, states Loe.
Risk indicators give added security
A risk with whitelisting is that brokers can go in and mark a call as private, without it actually being so.
– If a broker wants to communicate without the call being logged, it’s actually a really simple thing to ensure. This also emphasizes the importance of good guidelines even more, believes Loe.
It is a compliance officer’s task to have control of the whitelists, and assess the risk related to all communication. That’s why the system you use should also be able to give alerts if information is added or changed for numbers and IDs with existing calls.
– By having risk indicators in the system that select all numbers and calls according to risk levels you get an additional layer of security, and avoid making expensive errors, says Loe.
A hectic schedule
MiFID II and GDPR are only two examples in a long line of new rules and regulations that set out ever stricter requirements for companies in the banking and financial industry.
In line with this development, the demand for compliance officers has increased considerably - while the number of tasks and responsibilities related to the role have done the same.
– A compliance officer’s day can be extremely hectic. Ensuring that all relevant communication between a broker and customer is recorded is only a small part of the job description, remarks Loe.
– The more regulations, the more you have to deal with and take into consideration. In addition, you need to keep track of all new changes and updates, you need to ensure that all policies get implemented and followed, and you often get included in a number of different projects.
In other words, the compliance officer role requires you to work smart and efficiently.
– And in order to be able to work efficiently, you’re dependent on having a system that gives you complete overview of recorded communication and storage of data, finishes Loe.
Is your company really as compliant as you think it is? Take our quick test to find out!
