MiFID II… Prepare to record all mobile communications
By Lee Stonehouse, Chief Executive Officer, Venncomm
Published: 30 June 2016
Dubbed the most ambitious and contentious set of reforms introduced by the European Union in the wake of the 2008/09 financial crisis, the Markets in Financial Instruments Directive (MiFID II) is proving to be a big thorn in the side of many across the broad spectrum of market participants.
With a go-live date of January 2018, the beast of MIFID II and its accompanying regulation (MiFIR) has four key objectives: (a) strengthening investor protection; (b) improving market surveillance through more transparency; (c) keeping pace with technological innovations that could result in financial arbitrage; and (d) enhanced overall supervision and enforcement.
One particular facet which should not be treated lightly is the recording of mobile communications as prescribed under ‘Organisation Requirements’ (MiFID II article 16). As part of the overall drive towards preventing, detecting and deterring market abuse, recording of voice and electronic communications is, by the regulators’ own admission, the most difficult offence to investigate and prosecute. As a result, obligations under MiFID II have been refined in the hope of increasing legal certainty between investment firms and their clients.
It is important that investment firms fully understand how MiFID II will impact their business models and the operational frameworks that will have to be created. Workstreams should now be mobilised and tasked with delivering compliant solutions, whilst allowing ample time for test phases. From a mobile communications perspective, at the highest level, firms will have to review their compliance policies and assess the appropriate technology to meet the legislation.
By providing a one-year implementation delay,  regulators will expect full compliance and as such, expectation is that a zero tolerance policy will be applied post-January 2018.
Flying under the radar?
One can form a variety of credible arguments on which specific aspects of MiFID II are the most significant and far-reaching. For example, the expansion of pre- and post-trade transparency to non-equity instruments that brings into scope bonds and derivatives. From a post-trade perspective, certain instruments will have to be publicly reported within 15 minutes for the first three years post go-live and then within five minutes. Other examples include reporting nearly triple the number of fields (65) for transaction reporting compared to MiFID I (2007), double volume caps on the use of the reference price waiver, the effective elimination of broker crossing networks, a ban on inducements and research unbundling. Whilst it may not pose the greatest impact on an investment firms’ business model, the recording of voice and electronic communications will require careful attention.
The original MIFID I framework  did not mandate the recording of telephone conversations or electronic communications. Instead, it provided member states with discretion to adopt taping requirements involving client orders if required. The Financial Services Authority  enacted new rules (COBS 11.8)  in 2009 that meant firms dealing in an agency or principal basis covering a range of ‘qualifying investments’ (equity, bond and derivatives) were required to record telephone lines used for voice conversations along with electronic communications relating to these activities. Interestingly, discretionary investment managers were exempt on the basis relevant taping would be captured by the sell-side firms. The other important point to note here and one of industry contention was centred on the recording of mobile phone conversations. Bowing to concerns that technology was not advanced enough to enable banks to record mobile conversations, the FSA postponed this particular element of the regulation until 2011.
Tightening the scope
As a means of creating a level playing field and harmonisation across member states, MiFID II eradicates any elements of discretion. Article 16 (6)(7) mandates that records be kept of all services, activities and transactions including the recording of telephone and electronic communications regardless of whether these conversations or communications lead to the conclusion of a transaction.
The term ‘mobile phone’ is not explicitly stated but like with many aspects of the legislation, the devil is in the detail. Article 16(7) further states that reasonable steps must be taken in terms of recordings and communications “made with, sent from, or received by equipment provided by the investment firm”. Provided the investment firm is able to record and/or copy the devices they issue, mobile phones would be captured within the scope. In the event recording functionality is not possible, mobile phone usage will be prohibited from use.
A couple of key contrasts to COBS 11.8 need to be called out here. Article 16 will claw buy-side firms into the net and where under COBS 11.8 taping and communications records are to be kept for a minimum 6 months, under Article 16 they will be have to be kept for a minimum of five years. National Competent Authorities will have the option to request an additional two years on top of this.
Recording of conversations and communications over various mediums is not a requirement specific to MiFID II. Heightened global regulatory focus can be seen in the US, which implemented similar legislation under the Title VII Dodd-Frank Wall Street Reform and Consumer Protection Act (2010). CFTC regulation §23.202 (daily trading records) and §23.203 (location of records) require swap dealers and major swap participants to record ‘all’ pre-execution (quotes, solicitations, bids, offers, instructions, trading) communication (including mobile) in a form that is identifiable and searchable by counterparty. Records must be kept for a minimum of one year.
According to a Reuters article  titled “Banks ignore UK’s mobile phone regulations”, analysts have estimated that as few as 33% of firms are in compliance with the mobile phone recording rules published under the FSA. Similarly, an informal Bloomberg survey  revealed only 7% of firms felt confident meeting CFTC trade reconstruction requirements.
Whilst neither a formal exemption has been granted nor a fine levied for non-compliance against an institution, there is no doubt shortcomings in this area will have to be rectified and proven well before January 2018. Detecting improper conduct and honing in on individual culpability is part of the overall MiFID II design framework. This is further evidenced by obligations under MiFIR article 26 (transaction reporting) which requires investment firms to populate for each reportable transaction the personnel responsible for ‘investment within firm’ and ‘execution within firm’. In the UK this will translate to providing a national insurance number.
It is critical that investment firms adopt long-term strategic solutions, as opposed to ad-hoc tactical ones, which enable them to seamlessly meet variations in cross-jurisdictional requirements. Given the regulatory drivers behind such measures include increasing the probability of successful enforcement in the event of an incident, investment firms should look to have solutions and internal testing models which will withstand regulatory scrutiny and support investigations. Alongside being able to capture and store data in readily accessible format that is configurable, such models should encapsulate a comprehensive, accurate and timely trade reconstruction that can be plotted against the various mediums of communication. As a standard of principle, all copies should be secure and unaltered with functionality built out to make available to regulators the raw data. Potentially even direct access should be offered if they so wish.
The use of third party solutions would be a viable option and one that may be cost effective. However, internal controls aligned to the compliance policy must prevent undue operational risk (MiFID II Article 16(5)) arising from any outsourced technology. An updated policy will also need to be rolled out to employees taking into account any material shifts in monitoring.  In summary, working in tandem, compliance and technology will need to solve for: 
Capturing and recording voice, mobile and electronic communications (FCA COBS 11.8; MiFID II Article 16; CFTC regulation §23.202)
Appropriate security and authentication (FCA COBS 11.8)
Record retention for a minimum of five years (MiFID II Article 16)
Readily accessible full trade reconstruction. Within 72 hours in the case of CFTC (CFTC regulation §23.203)
Configurable file and data formats (FCA COBS 11.8). For example, date and time in UTC (CFTC regulation §23.202)
Data search functionality (CFTC regulation §23.202)
Transmission and regulatory access to data
The industry successfully argued in 2009 that technologically it was not feasible to record mobile phone conversations. MiFID II to a large extent seeks to curb dangers arising from the financial sectors’ very own proliferation of technology and innovation. Regulators will expect investment firms to exhibit equal wisdom when meeting obligations to record across all mediums.
 Agreed in principle at time of writing between the European Commission, Parliament and Council
 MiFID I (2004/39/EC) – Article 50: Powers to be made available to competent authorities
 Predecessor to the Financial Conduct Authority
 Conduct of Business Sourcebook
 Certain policies may have been updated upon the inception of COBS 11.8 and CFTC regulation §23.202, CFTC regulation §23.203
 Overlaps will exist between jurisdictions. The points listed aim to give a view on some of the explicitly stated regulatory requirements