MiFID II (Markets in Financial Instruments Directive) and GDPR (General Data Protection Regulation) are two
2018 Europe-based regulations that will have an impact on the call recording industry. While MiFID II
mandates all communications that lead to a transaction have to be recorded and stored for up to seven
years, GDPR says that consent must be given to store personal data and that it should only be stored as long
as necessary. With two seemingly competing directives, here is what you need to know to protect your
business.
MiFID II
MiFID II comes into force in January of 2018 and “…it will regulate the financial services sector with a new, much stricter set of rules around call recording (Information Age).” “It’s a legislative framework designed to strengthen investor protection among EU member states and improve how financial markets function, making them more efficient, resilient and transparent (European Securities and Markets Authority).”
“In a 524-page policy statement released in July of 2017, the FCA has stuck to its position that financial advisers would not have to tape face-to-face sessions, but would have to either tape telephone calls or provide an ‘analogous’ written note of them,” according to Money Marketing.
“MFID II requires firms to record telephone conversations and electronic communications that relate to the
reception, transmission and execution of orders, or dealing on own account.” According to the FCA, “the
following information would be required as a minimum under the EU rules:
• the date and time of the meeting
• the location of the meeting
• the identity of the attendees
• the initiator of the meeting
• relevant information about the client order including the price, volume, type of order and when it
shall be transmitted or executed”
However, again according to Money Marketing, “it says that when noting this information as opposed to
recording the call, just writing that information would not meet the same consumer protection standard.
The FCA says that in order to meet this,” firms should “Capture all the main points of the full conversation
that are relevant to the order.”
GDPR
GDPR is an EU-wide data protection regulation which comes into force in May 2018. Its goal is to strengthen
individuals’ rights regarding the collection, recording and use of their personal data by organizations. In doing
so, this places additional responsibility on businesses to demonstrate compliance or face increasing penalties
for not doing so.
Under GDPR, according to Commstrader.com, “businesses wishing to record calls will be required to actively
justify legality, by demonstrating the purpose fulfills any of six conditions:
1. The people involved in the call have given consent to be recorded
2. Recording is necessary for the fulfillment of a contract
3. Recording is necessary for fulfilling a legal requirement
4. Recording is necessary to protect the interests of one or more participants
5. Recording is in the public interest, or necessary for the exercise of official authority
6. Recording is in the legitimate interests of the recorder, unless those interests are overridden by the
interests of the participants in the call”
In order to help you adhere to these and other regulatory stipulations, you need a call recording system that
offers the versatility required to recording not only how you want to, but also how you need to.
Additional Resources:
MiFID II
GDPR