June 06 2016
With the regulatory landscape of today’s business world in a state of constant flux, implementing a mobile call recording solution that is robust enough to meet today’s complex compliance obligations and yet is flexible enough to absorb the legislative and technical challenges that tomorrow may bring, can be a difficult hurdle to overcome.
For firms preparing for the incoming era of MiFID II regulation, these challenges will seem all too familiar and for many, just understanding the full impact of MiFID II and the implications for their business is proving to be a daunting enough prospect. This is perhaps not surprising – MiFID II is after all the biggest shake-up of regulation that the financial markets have faced in over a decade and comprehending the myriad of Articles and recitals that make up the regulations is no easy task, which can make it seem very difficult to plan for any required changes to business practice.
Unfortunately, the new rules regarding mobile phone recording are no exception and are in fact particularly confusing. Whilst MiFID II is very clear that trade-related mobile phone calls must be recorded and retained according to the same rigid rules as all other voice and electronic communications, irrespective of whether those communications result in trade or not, the wording of the legislation regarding the use of personal devices is, at best, unclear and actually seems to contradict itself. In an industry where BYOD (Bring Your Own Device) policies means that the use of personal mobile phones is commonplace, there is no room for uncertainty – and when there is the potential for costly financial penalties for non-compliance, firms and service providers alike are feeling nervous.
So, let’s take a look at what the Directive actually says. If we examine Article 16 (7) it tells us that:
“…an investment firm shall take all reasonable steps to record relevant telephone conversations and electronic communications, made with, sent from or received by equipment provided by the investment firm to an employee or contractor or the use of which by an employee or contractor has been accepted or permitted by the investment firm.”
The Article continues:
“An investment firm shall take all reasonable steps to prevent an employee or contractor from making, sending or receiving relevant telephone conversations and electronic communications on privately-owned equipment which the investment firm is unable to record or copy.”
This seems clear enough; firms must take all reasonable steps to record all relevant (i.e. trade-related – not personal) telephone conversations and electronic communications made with, sent from or received by any equipment that is provided by the firm or that which the firm has permitted the use of. In addition, the firm must take all reasonable steps to prevent the use of personal devices which it is unable to record or copy – which implies that personal devices that can be recorded and copied are allowed.
However, if we now turn to recital 57 we find an additional paragraph, which seems to contradict the rules described in the main Article with regard to the use of personal devices:
“In order to provide legal certainty regarding the scope of the obligation, it is appropriate to apply it to all equipment provided by the firm or permitted to be used by the investment firm and to require the investment firms to take reasonable steps to ensure that no privately owned equipment is used in relation to transactions.”
So the recital appears to make it very clear that no privately owned equipment is to be used in relation to transactions. There is no reference to the caveat described in Article 16 (7) which allows for the use of personal devices that have been permitted by a firm as long as those devices can be recorded or copied. As such, recital 57 seems to completely contradict Article 16 (7) in this respect - and no guidance has been offered on which variation of the rules firms should now follow.
So what exactly is a recital and how important are they when interpreting the meaning of Directives?
We know that recitals are generally explanatory in nature and that they are often intended to provide further detail or background information to the legislation set out in the Article. Additionally, recitals sometimes perform a supplementary role and can carry their own legislative weight – in such cases recitals should be considered in tandem with, as opposed to simply an explanation of, the operative part of the Article. We also know that neither the recital nor the Article has an automatic legal precedence over the other and that Directives, along with their attendant Articles and recitals, should be considered as a whole to provide a legislative framework.
When it comes to applying the rules according to the legislative framework set out by the Directive, it is likely that a great deal of the finer detail will be left to regional administrative authorities and national judiciaries to decide - so the final decision regarding the use of personal devices may well be the FCA’s to make in the UK. Until then, without further guidance from the EC or the FCA, we simply do not know how the rules regarding the use of personal mobile devices will be applied at this stage.
Of course, in practice, all of this may well prove to be irrelevant. Even if BYOD is permitted under MiFID II, it is clear that any trade-related calls made on mobile devices, be they privately owned or not, must be recorded and retained according to the stringent compliance rules set out in the Directive - and this could create something of a policing headache for some firms. Recording solutions that use dual SIM, App-based or hybrid systems to distinguish between private and business calls effectively rely on end-user trust and as such they are open to abuse by anyone intent on breaking the law. Policing such systems with any degree of certainty is almost impossible. Unless a firm implements a system that records all mobile traffic, including personal calls, it will be very difficult to prove beyond doubt that employees are not making trade-related calls on a personal, unrecorded line. For this reason, many firms may simply opt to ban the use of personal devices altogether, or they may choose to implement a solution that records all mobile call traffic - in the long run that may well be the only way for firms to effectively mitigate the risk of unwanted trader behaviour and ensure that their businesses remain compliant.