Coming into force on 3rd January 2018.
The Markets in Financial Instruments Directive, commonly known as MiFID II, is due to come into force in January 2018. First introduced by the EU in response to the 2008 financial crisis, MiFID is a set of sweeping reforms for the financial industry designed to prevent history from repeating itself in the same way again. Replacing the original Directive in January 2018, MiFID II brings changes to many areas relating to the conduct of business, including far more robust rules around the recording and storing of conversations.
Who needs to comply?
Any organisation providing financial services to clients linked to ‘financial instruments’ will have to record and store all communications intended to lead to a transaction. Unlike the current FCA regulations, which are specific to those directly involved in financial trading, with MiFID II any organisation that’s even giving advice that may lead to a trade or investment will need to comply with this rule.
What needs to be recorded?
The new requirements stipulate that all conversations ‘that are intended to lead to a transaction’ must be recorded, broadened from the previous mandate of ‘client orders and transactions.’ MiFID II also includes other communications such as mail, fax, email or audio recording of client orders placed during face-to-face meetings that are intended to result in a trade.
How do recordings need to be stored?
With MiFID II, recordings must be stored for a minimum of five years from the date the record is created, and if requested by the competent authority for up to seven years.
All records must be kept in a ‘durable medium’ so that they can be effectively monitored for compliance, and in a way, that allows them to be replayed or copied and ensures the original record cannot be deleted or altered.
Recordings must be stored in a way that makes them accessible and readily available to the FCA on request. And organisations are required to ensure the quality, accuracy and completeness of records.
How do recordings need to be monitored?
To ensure compliance, organisations will need to review their records on a periodic basis. The monitoring is specified as ‘risk-based and proportionate.’ Organisations will also need to prove that the appropriate policies, procedures and management of recording rules are in place and that management have clear oversight of these. Organisations must then periodically re-evaluate the effectiveness of their recording procedures and adopt alternative or additional measures if necessary. Where they aren’t able to comply with recording policies, they need to investigate why the records were not able to be retained. Records of these investigations must also be kept for the same amount of time as the original record’s retention period.