How to Ensure MiFID Data Retention Compliance | Skillcast

MiFID II aims to improve the functioning of financial markets in the wake of the financial crisis of 2008 and to strengthen investor protection.

What is MiFID II and who does it affect?

MiFID II (or the Markets in Financial Instruments Directive) is a legislative framework to regulate financial markets in the European Union (EU) and strengthen protections for investors. Its aim is to standardise practices across the EU and restore confidence in the industry.

MiFID II means that bankers, traders, fund managers, exchange officials, brokers and their firms all must abide by its regulations, as well as institutional and retail investors.
This legislation places restrictions on inducements paid to investment firms or financial.

Banks and brokerages cannot charge for research and transactions in a single bundle for greater transparency. Brokers will also have to provide more detailed reporting on their trades and have to store all communications, including phone conversations.

Has your firm taken steps to ensure that you are fully compliant with the data retention rules?

The Securities and Exchange Commission (SEC), charged seven people with insider dealing after they allegedly used secure messaging apps to net $5m profits trading inside information on mergers and acquisitions. According to the SEC, former Bank of America IT employee, Daniel Rivas, passed on tips to friends and family members over a 3-year period who used that inside information to trade.

Former investment banker, Christopher Niehaus, was fined £37,000 by the Financial Conduct Authority (FCA) for disclosing confidential information on WhatsApp.

MiFID II data retention rules mean a much tougher regime and tighter controls over electronic communications. Your firm needs to comply with strict record keeping requirements, even capturing conversations, emails and instant messages.

5 steps to comply with MiFID II data retention rules

1. Assess 'current state' and conduct Impact Assessments - What happens now? Is it fit for purpose? Are there existing Codes of Conduct? What rules are currently in place in respect of encrypted messaging apps and use of personal mobile phones? What of organisational culture? What other improvements could be made, if any?
2. Gather evidence using objective criteria - To what extent do employees use electronic communications, personal mobiles, encrypted messaging apps etc in their dealings with clients? What about anecdotally?
3. Check the tech - Conduct a cost-benefit analysis to determine whether it's feasible/desirable to use other tech platforms or innovations to capture records - eg VoxSmart, EikonMessenger, etc.
4. Get the tone right - It's all about the culture and how you sell it. How are employees reacting to the news? If you're facing a backlash and Big Brother accusations, perhaps it's time to big up the positives - eg the benefits this offers in terms of dispute resolution and evidence at litigation?
5. Archiving - What retention periods currently apply and should they be extended? Records must be kept for a minimum of 5 years (up to 7 years on request by a national competent authority) or the lifetime of the relationship. Can we deliver?

Want to learn more about FCA Compliance?

If you'd like to stay up to date with FCA best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.

To help you navigate the compliance landscape we have collated searchable glossaries of key terms and definitions across complex topics including Equality, Financial Crime, GDPR and SMCR. We also regularly report key learnings from recent FCA fines.

You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.

And if you're looking for a compliance training solution, why not visit our FCA Compliance Course Library?.

Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!

If you've any questions or concerns about compliance or e-learning, please get in touch.

We are happy to help!