The channel needs to guide financial services through the 'regulatory minefield'

financial services

The European directive MiFID II, closely followed by the General Data Protection Regulation (GDPR), have required firms to overhaul significant areas of their operations, processes and controls. Technology is underpinning this significant transition for many.

Typically, financial services firms have strict policies in place at all levels to manage both financial and non-financial risk. Technology plays a key role in effective risk management and can be effective in identifying upcoming or recurring trends to help provide safeguards and reduce the reliance on manual processes.

The rise of secure cloud-based solutions has been welcomed by the sector and offers the flexibility that firms need to comply with elements of both regulations. The channel has carved out an important role in supporting firms during this turbulent time, with vendors and resellers working closely together to offer integrated cloud-based technology solutions.

Regulatory contradictions

Under MiFID II, which came into force on 3rd January 2018, communication surveillance requirements increased massively.

Monitoring and recording employee communications now provide the evidence needed for compliance purposes, while also protecting businesses and their employees in the event of any regulatory investigation.

However, employees in firms increasingly use multiple communication methods, such that a single 'conversation' will often span multiple channels, such as fixed and mobile voice, instant messaging and SMS texting - which has been a challenge for firms to manage in an effort to be compliant.

Then, add in GDPR, which came into force on 25th May 2018, which in some ways contradicts MiFID II by putting power in the individual's hands over what firms can do with their data.

It supports an individual's right to privacy and embodies principles around consent for the storage of personal data. Such consent must be freely given, specific, informed and unambiguous. Personal data should only be kept for as long as necessary, and only when it pertains to a specific transaction.

Importance of effective information management

At the heart of both MiFID II and GDPR compliance is the importance of effective - and appropriate - information management, while mitigating operational risks in relation to information misuse and misplacement in the workplace. This has required a change to existing policies.

One example is 'bring your own device' (BYOD), which has risen in popularity due to its convenience and cost, but has created complications for regulatory compliance. Installing a mandatory recording solution can provide compliance, but the solution needs to consider private as well as business use to satisfy both MiFID II and GDPR.

App-based recording solutions are therefore a current focus for the channel - for example, these can separate out business and personal calls by providing an alternative recorded number for business calls.

Also important is the use of technology to capture and store a whole host of information. Alarmingly, a recent survey of 2,000 UK employees revealed that 40% of financial services firms do not have effective processes in place to capture, record and consequently retrieve information relating to business communications.

Not only does this leave them open to regulatory penalties, but it also means significant business benefits are missed. Employees agreed that if they could record and recall information more effectively, then they could enjoy improved customer experience, better customer service, improved employee productivity and increased collaboration across the business.

Accelerating cloud migration for compliance

Cloud adoption is virtually ubiquitous in financial services. Early fears around security have largely been put to rest and the benefits are clear, including greater flexibility, reduced capital expenditure and overall cost-effectiveness. The channel now needs to ensure any advancements in cloud deployment in the sector are adequately supported in order to extract the most business value.

The finance sector has proven to be one of the most innovative and conservative markets at the same time. Due to regulation, it is often difficult for firms to introduce new technologies, so it requires doing things differently.

That said, the sector recognises the need to rely on the channel to provide technology for both MiFID II and GDPR. The channel has a critical role in enabling the finance sector to implement appropriate, cost-effective solutions in a compliant fashion.

Andrew Fawcett is product manager at TeleWare