Complete control over all your data is the key to efficient and proactive compliance work in a complicated regulatory landscape.
This article is part 1 of a 6-section whitepaper on ensuring proactive compliance in an increasingly rigid regulatory environment. Fill out your details below to download the complete whitepaper.
This article is part 1 of a 6-section whitepaper on ensuring proactive compliance in an increasingly rigid regulatory environment.
The first prerequisite to keeping up with the changes in customer communication, tackling the biggest compliance challenges we face today, and identifying how to work proactively to ensure compliance is to have a core understanding of the most important regulations and laws that affect how we work.
MiFID II, Dodd-Frank, MAS, SYSC, FINRA, SEC, and a range of other regulators, acts, and directives are designed to improve customer rights, increase transparency across financial markets, and improve competitiveness by standardizing regulatory requirements for accessible information.
This complicated landscape of requirements and regulations challenges institutions to find new and effective solutions to ensure compliance, and many organizations struggle to adapt and adhere to changes in their operational environment.
Proactive monitoring of your processes
An important change that has been introduced in recent years is the requirement that all companies that provide investment advice must employ proactive monitoring of their processes and compliance with the regulations.
Previously, companies were only required to collect the necessary information and provide this data at the request of internal sources, a customer, or the financial supervisory authorities.
Now, you are obliged to prove that all processes are monitored, show that all information is recorded, inform the customer about admission and ensure that the customer can easily gain access to all relevant information you may have.
Regulations apply to customer communication across all channels
Banking and financial institutions have long been required to record and document all calls made with broker phones. However, the introduction of directives such as MiFID II expands this requirement to include all customer communication across all channels, including:
- Mobile phone
- SMS and MMS
- Online meetings (e.g. via Microsoft Teams, Zoom)
- Chat (on own websites or via services like Bloomberg, Refinitiv Eikon, Symphony, WhatsApp)
- Social media (e.g. LinkedIn, Facebook)
You must record all communication that may lead to a transaction
Additionally, current regulations emphasize that the requirements for recording do not only apply to conversations concerning the transaction itself, but rather to all customer communication that may result in a transaction.
For investment companies offering advisory services, this may result in a very long audit trail – from the very start of the customer journey until the actual transactions are completed.
The most important criterion for proactive compliance
Regulatory changes and updates have created and will continue to create major upheavals in how banking and financial institutions handle customer data. This particularly affects the workday of one specific group: Compliance officers.
According to current directives, companies must have full control of rules and regulations – a responsibility that ultimately falls on the company's compliance officer. As such, compliance officers are dependent on working efficiently to verify and document all steps within the customer journey.
The most important criterion for working effectively with proactive compliance is complete control over all data, ensuring the recording and documentation of all required communications.
If a compliance officer has to extract information from several systems, and in several formats, it will make the process of providing relevant information time-consuming and unnecessarily complicated. If, on the other hand, all data is securely stored in one central system, COs can segment specific segments and offer customers or financial authorities insight into exactly the datasets that they request.
Questions to reflect on:
- Which communication channels does your company record and store today?
- Is the data stored in one central system or fragmented across multiple systems?