How can you regain control of messaging compliance?

In January, when we were awash with “2020 predictions”, no-one forecast that just twelve weeks later we would see financial services regulators, far and wide, relax requirements that are needed for customer protection.

Yet, here we are… but not without considerable implications for regulated financial institutions. Call recording is a great example of a compliance practice that the CFTC, FINRA, ESMA, and the FCA recognize is hugely challenging, in a world where everyone who possibly can is working remotely.

• On March 18th the US CFTC (Commodity Futures Trading Commission) issued a ‘no-action letter’ to brokers, dealers, and others providing temporary relief (to June 30, 2020) on call recording for audit trail purposes. However, a written record of the oral communication must be captured and maintained, including date, time, participants, and subject matter. In a separate announcement, the CFTC extended this commitment to swap execution facilities and designated contract markets.
• ESMA (European Securities and Markets Authority) quickly followed suit, with a Public Statement to credit institutions and investment firms. The watchdog acknowledged that “the recording of relevant conversations required by MiFID II may not be practicable.” It wrote: “If firms, under these exceptional scenarios, are unable to record voice communications, ESMA expects them to consider what alternative steps they could take to mitigate the risks related to the lack of recording.” Such alternative steps could include taking written minutes of phone calls (not normally valid under MiFID II), and conducting more comprehensive analysis and monitoring of orders and transactions after their execution.
• A less lenient statement from the UK FCA (Financial Conduct Authority) signalled it will give temporary relief on rules requiring bankers and traders working remotely to record calls with clients, stating that “Firms should continue to record calls, but we accept that some scenarios may emerge where this is not possible.” In such cases, due to home working, firms “should establish appropriate systems and controls to ensure it maintains appropriate records, including call recordings if required.”
• Effective Business Continuity Planning (BCP) is expected by all regulatory bodies. In its regulatory notice last week FINRA (Financial Industry Regulatory Authority) reminded member firms to consider pandemic-related BCP, including whether there is sufficient flexibility to address a wide range of possible effects, including remote or teleworking. The UK’s SMR (Senior Managers Regime) specifically calls out the need to plan for the worst, and the FCA has been conservative in the allowances offered, stating "We are conscious that coronavirus may create challenges in the convening and operation of disclosure committees. However, we continue to expect listed issuers to make every effort to meet their disclosure obligations in a timely fashion."

For some, temporary relief from call recording may be viewed as a welcome respite. In reality, it raises as many compliance issues as it solves.

1. While call recording is not required, compliance obligations remain in force. Regulators have simply given regulated firms a “get out of jail” card in relation to call recording, on the proviso that alternative, fully-compliant practices are established, which for many firms will take time and lead to compliance gaps.
2. For home-workers, maintaining complete written records of oral communications, and ensuring they are logged in the firm’s compliance archive, will prove challenging in itself.
3. Although written minutes are an accepted alternative, this may prove impractical for many. It will be challenging for individuals to be fully-engaged in customer conversations, while at the same time taking the detailed written notes that would satisfy a compliance audit.
4. Without a complete audit trail, trade reconstruction and other controls will become virtually impossible.

Fundamentally, many of the accepted alternatives to call recording rely on the diligence of home-workers to ensure compliance. And, while financial institutions are grateful to the regulators for their understanding, the majority are filled with trepidation over the compliance gaps and risk exposure that will undoubtedly arise. Few have the agility to plug compliance gaps so quickly, reverting to manual record-keeping increases the risk of human error, and conduct risk will be much harder to detect.

In the race to regain control of compliance, many are now switching to alternative channels of communication for home-workers, including mobile messaging, instant messaging and social media, which can be automatically archived for compliance, eDiscovery and litigation purposes. Recording of these channels can be switched on instantly, and they can be used compliantly to support intra-company communications, conversations with customers, and other external associates.   

Time will tell whether COVID-19 will have a game-changing impact on the way we work and communicate in the future. But for now, the priority for everyone must be customer protection, business continuity and risk mitigation.

This blog will be updated with additional regulatory updates, as soon as they arise.

Bookmark it now