Every day, around 124,5 billion business e-mails are sent worldwide, according to Campaign Monitor.
An average office worker receives 121 and sends 40 e-mails during a workday, and even if a large part of what is received is most likely spam, a great deal of important information is also sent to and received from customers, suppliers and partners.
If you are a broker or advisor in the bank and finance industries, this is probably just a natural part of everyday work. You read, reply to, categorize, archive and delete e-mails.
However, if you are a Compliance Officer in an investment firm, e-mails have most likely become a significant pain point and concerns during the past year.
Why has e-mail become a problem?
On January 1, 2018, the MiFID II directive came into effect, and this extensive EU directive was followed by new and stricter requirements for the recording and storage of communication between customers and advisors in the many investment firms in Europe.
Despite the fact that the industry has been required to record all telephone calls connected to a transaction ever since the Securities Trading Regulations were introduced in 2007, three small words in paragraph 2.8 of the MiFID II regulation paragraf 2.8 has impacted the investment firms’ compliance routines greatly:
«... and electronic communication ...»
This little subclause determines that it is no longer just phone calls that must be recorded and stored safely, but all communication in all channels – including SMS and MMS, online meetings, chat, social media … and e-mail.
Extended requirements for recording and storage
Another important redefinition in MiFID II is that it is no longer enough just to record conversations specifically concerning a transaction.
The new regulations require you to record and store all communication that may lead to a transaction, and you must be able to document a complete audit trail for each customer.
In other words: As compliance officer, you need to have access, and control of, all e-mails that are sent and received by all brokers, advisors and managers in the company that contain information about a possible transaction.
For many, this leads to several great challenges, and forces you to think differently than before.
Enormous volume distributed on several units
Perhaps the most obvious challenge is the enormous volume of the communication that is now to be recorded and stored.
If an average office worker sends and receives around 160 e-mails per day, this will constitute hundreds, if not thousands, of e-mails daily for medium-sized to large investment firms.
Furthermore, you as compliance officer must consider that these e-mails are opened, read and sent via several different units. Statistics show that around two thirds of all e-mail activity currently occurs on mobile units, but tablets, laptops and desktop computers are also frequently used.
Many people often prefer to read e-mails via mobile, but like to reply from their computer if they are able to do so.
An e-mail can disappear in many different ways
The developments do not stop here.
E-mails can be stored on a local e-mail server, but also on external servers that belong to the e-mail client. Some may read e-mails from a desktop shortcut, while others log in via a cloud-based service.
People also use e-mail in very different ways. Some delete all e-mails as soon as they are done with them, some categorize and archive them while others never delete anything at all. In addition, custom spam filters may catch e-mails containing relevant information by mistake.
As an extra bonus, some choose to delete or export their entire inbox if they leave the company, something that goes against the requirement to store all information safely for five years before it is deleted.
So, there are many different ways for an e-mail to disappear, something that leads to considerable digging for you as a compliance officer if the FSA asks for access to customer relationship.
If you do not have full control to start with, documenting a complete audit trail may quickly become a major challenge.
Must consider privacy
Last but not least, you need to consider the privacy of each employee.
Even if you, as compliance officer, need to access all relevant information about a potential transaction, this does not mean that you should have access to all e-mails that a broker or advisor sends and receives.
It is not rare for employees to receive private e-mails to their work e-mail, and the General Data Protection Regulation, GDPR, sets its own requirements for how to process personal information.
This division may be very challenging to relate to, and requires good systems and routines to be in place to ensure that both MiFID II and GDPR are followed.
Many people choose a simple solution
There are several ways to solve these challenges.
In my experience, many people try to implement routines where each broker and advisor is supposed to save all relevant e-mails to a specific location, or synchronise their inbox daily with a CRM system.
The problem with this solution is that a great deal of manual work is needed, and a great deal of responsibility is put on the individual employees.
In addition, it will be very challenging for a compliance officer to verify that all information is included, that each e-mail is exactly like the original and that all data is stored in a safe and secure manner.
Automate parts of the recording and storage process
A far better solution is implementing one central system for recording and storing all relevant communication across units and channels.
Such a system can automatically extract and store e-mails when one of the company advisors sends or receives an e-mail, and then store it safely in the same place as all other communication.
When using such a system, you can rest assured that:
- All information is available in one place
- You have complete control and overview over all relevant communication
- You get the same metadata that follows phone call recordings
- All saved e-mails are identical with the original
- Nobody can change or delete the e-mail content
- The e-mails are automatically deleted after five years, according to the regulations.
By automating parts of the recording and storage process, you will minimize the risk for errors, you improve the company’s ability to follow the regulations, and you streamline your own compliance efforts.
Automatic control, word detection and whitelisting
GuardREC has developed a recording and storage system offering all benefits mentioned above.
In addition, our system has a number of features that will contribute to solving your concerns regarding e-mail:
- Automatic control of the recordings ensures that all relevant information is stored.
- Word detection searches for and stores all e-mails containing specified keywords and phrases
- Risk detection makes it easier to prioritize which customer relationships to control.
- Whitelisting enables you to exclude private e-mail addresses and newsletters, in order to ensure GDPR compliance and minimize storage of irrelevant information.
The system allows you to search across all channels, and easily provides access to all relevant information for each specific customer relationship. This way, you can easily find one specific e-mail, or get a complete overview over the entire customer journey and a complete audit trail.
A time-saving and cost-effective solution
By implementing GuardREC’s system for storage and recording, you can take on a proactive role in your compliance efforts.
You can label all read e-mails, use smart tags and categorize the content, enter challenges and solutions and put together a complete compliance report in a single system.
In short, this is a solution that is both time saving and cost effective, while simplifying your workday significantly.