Since the implementation of MIFID II, we are constantly hearing about challenges related to recording of client dialogue and staying compliant with regulations.
We have made this video where we talk about the five recommended steps to help you and your organisation work more effectively with proactive compliance:
Step 1) Get a complete overview of available communication channels your company uses to communicate with clients.
The first step we recommend is to get a complete overview of available communication channels your company uses to communicate with clients.
With MIFID II, it is no longer enough to only record landline calls, you must also record all electronic communication which includes email, SMS, Skype for Business, chat services and so on.
The new legislation also results in a considerably larger amount of information that needs to be stored in a safe and secure way.
With the enormous quantity of data that exists in multiple channels, it is inefficient to store the data in multiple locations. This will make it more challenging to document and verify that all processes is complying with the legislation.
Step 2) Implement a solution that can record and retrieve info across multiple channels
Our recommendation for step two is to implement a solution that can record and retrieve info across multiple channels. This will make the work of verifying that everything complies with the legislation much easier.
Step 3) Register all interactions with the data to prove regulatory compliance
The third step is to register all interactions with the data to prove regulatory compliance.
Data security is a central theme in both MIFID II and GDPR.
In MIFID II, classified information must never be accessed by unauthorised, and no one should be able to modify or delete data in an audit trail. This is why it is critical that you can track who has seen, listened, or retrieved data through the whole lifecycle.
This gives you a comprehensive audit trail, which in turns complies with the requirement in MIFID II.
Step 4) Automate risk management and reporting
The fourth step is automating risk management and reporting. If there is one task that is time-consuming for compliance officers, it is listening to calls and creating compliance reports
If you have followed step two, and you have all the data you need in one system, you can receive suggestions for which calls that should be prioritised based on a data-driven assessment of risk.
The system will then be able to identify deviations in purchasing patterns or high-risk transactions.
If you also have followed step three to register all interactions with the data, you can, on this basis, generate automatic compliance reports with comprehensive information about what has been audited and by whom. This will save a considerable amount of time.
Step 5) Whitelist “norec” devices and numbers across communication channels to avoid recording unnecessary information
The last step is to whitelist “norec” devices and numbers across communication channels to avoid recording unnecessary information.
According to the legislation, you are required to not record and store surplus information.
An example of this is emails between brokers and their private insurance company.
Remember, it is not sufficient to delete this information afterwards, you must avoid recording and storing it in the first place.
Thank you for watching this video.
If you recognize yourself in some or all of the challenges we have discussed in this presentation, or if you are just interested to see how the future of compliance work can be done, feel free to watch more videos under Resources.
If you want a personalised video demo of GuardREC, please submit the form and we’ll be in touch shortly.