Written by Lee Stonehouse Founder and CEO Venncomm Ltd
Here's the thing; Firms have to record 'all electronic communications for business conducted within the catchment of ESMA's Regulatory net and this means that being domiciled outside the catchment isn't the proxy for exemption many assume. Employees outside the EU dealing with those inside are caught by the requirement, meaning their business related communications must be recorded and stored compliant with MiFID2. This is not easy to do..
Mobile communications in particular have become a minefield. Many employees are anecdotally using banned consumer apps like We Chat for doing business using their own personal subscriptions. This means personal messages are mixed in with business exchanges. This happens on work phones and personal ones alike and employers can't record them no matter what. To make it worse ephemeral messaging apps like Snapchat are booming and there's no permanent record of what's been said, by who, to whom! Messages dissolve and anyway you can't record, even if technology allowed, Personal data protection laws like GDPR see to that. A person under investigation could just legitimately delete the questionable content personal app account without recourse.
There have been some attempts to promote easy solutions as a panacea ( in mobile network recording; sim swap, poor apps ) but this is a thorny problem that has to be resolved once - emphatically and globally.
When the VENNCOMM Software Strategy Group worked through a decision tree on the optimal way to make mobile text and voice communications context-neutral-compliant it went something like this; BYOD or Corporate Owned Phone ? / Corporate owned phone and SIM - or just phone, or just SIM ? / iOS or Android or Other? / All employees on one mobile network or a mixed network estate ? / All domiciled in one home country or people in different home countries ? / Calling home country only, or calling International ? / Phone managed by MDM or Not ? / One to one calls or conferences sometimes ? / Party inside EU or Outside ? Caller or Called ? Both ? / On VoIP or GSM Connection ? / In work Hrs or outside ? / Call occurring when in the decision or advisory timeline ? ie, under 5 yrs or over 5 yrs ? / Conference Call Parties all under one Regulatory Jurisdiction or two, or many (eg Singapore, USA, France ) ? / Ability to scrub device remotely or de-provision via calling app ? / Communications kept in jurisdiction ? / On premise or in cloud ? / In multiple jurisdictions in real time within conflicting constraints of International Regulatory Rules ?
Firms "must record conversations related to the reception, transmission and execution of client orders" and the latter is an investment service within the scope of MiFID II and that doesn't only apply if you live and work in a European based office. A third country firm would not be in a position to conduct this regulated activity in the UK in the absence of authorisation which subjects it to all MiFID II requirements. The only exemption would be FSMA Art 72 reverse solicitation/overseas person exemption where the client initiates contact with the third country firm which does not have a location in the UK. In this case the scope of the transaction would be limited to the specific product which is the subject of the client's inquiry.
MiFID II Origanisational requirements 16(7) Records shall include the recording of telephone conversations or electronic communications relating to, transactions concluded when dealing on own account and the provision of client order services that relate to the reception, transmission and execution of client orders. Such telephone conversations and electronic communications shall also include those that are intended to result in transactions concluded when dealing on own account or in the provision of client order services that relate to the reception, transmission and execution of client orders, even if those conversations or communications do not result in the conclusion of such transactions or in the provision of client order services.
Adding GDPR rules that often directly oppose MiFID2 is not going to help! But in fact the solution to the original problem also elegantly resolves that too but only when combined with definitive policy banning unauthorised apps at work.
VENNCOMM resolves compliant mobile communications while bettering end user mobile productivity irrespective of context or context-neutral.
Lee C. Stonehouse is the Founder & CEO of VENNCOMM