Record Keeping: Putting it to the test – A Q&A with Charlotte Malin and Matthew Chapman
A key pillar of the MiFID II regime is the record keeping requirements that underpin many of the new or enhanced obligations. Now seven months after MiFID II implementation, what challenges have these requirements created for the buy-side? We discuss this with senior compliance consultants, Charlotte Malin and Matthew Chapman.
Cordium: What kind of challenges have asset management firms experienced since the record keeping obligations came into effect?
Charlotte: The recording of communications requirement introduced a new challenge for the buy-side as, historically, it was only the sell-side that needed to record due to the reliance provision in the FCA’s own telephone taping rules. Now, asset managers need to identify who is having ‘relevant communication,’ by what method, and most importantly, implement controls and technological solutions to capture those communications.
Matthew: In terms of transaction record keeping, the challenges are in some respects more philosophical. Firms have always been required to retain their transaction data, but MiFID II introduced more onerous requirements. For example, the interplay between the requirement to retain timestamps in accordance with clock synchronization rules requires firms to identify appropriate moments in their trade workflows to capture, to the nearest second, the moment when a decision to deal and a trade execution is made. This is not always straightforward, particularly in a voice environment or in the context of manual (rather than electronic) workflows. So taking a reasonable view and applying it consistently is crucial, bearing in mind the underlying regulatory objective of identifying potential market abuse.
CM: Data retrieval is the cherry on the cake. Some firms with multiple execution methods and systems have found it extremely difficult to tie together transaction and communications data from multiple sources. There is a strong correlation between the number of disparate processes and the level of manual involvement vs. the time taken to completely reconstruct a transaction.
Q. Have you seen any new trends emerge as a result of the record keeping requirements?
MC: Behaviours have changed somewhat, but we see this as a continuation of existing trends rather than a new paradigm. For example, there’s been an increase in electronic trading vs. voice trading, which some firms were pursuing anyway, but for others has been the path of least resistance to ensuring compliance with the record keeping rules. This has tied in neatly with a push from regulators to increase market transparency, resulting in more transactions taking place on venue. This lends itself to electronic execution for some instruments.
From a compliance perspective, this electronic shift means record keeping obligations are easier to fulfill as most reputable system and solution providers have MiFID II-compliant offerings. This helps to overcome the problem of how to capture granular timestamps for investment decisions and executions. Electronic trading also supports targeted interrogation of records based on keywords, thresholds and other mechanisms, rather than having to sift through audio records. However, for many firms voice trading remains an important part of their process when executing certain instruments in certain markets.
CM: The change in behaviors and the wider adoption of the move-to-venue protocol has also meant more electronic execution of trades, but the pre- and post-trade conversations still occur away from the venue on instant messaging tools or on the phone. It’s important to ensure all of these interactions are captured, then interrogated on a sample basis.
Q. How vigilant are firms when it comes to the monitoring of their record keeping?
MC: It varies. To date, we haven’t seen a great deal of meaningful monitoring of record keeping arrangements. In some cases, this is because firms have identified bigger fish to fry in their risk-based approach, such as ironing out transaction reporting deficiencies. In other instances, there is a more practical challenge with many compliance departments not yet knowing how to access the records, let alone interrogate them effectively or undertake an end-to-end trade reconstruction exercise. Even those that have attempted testing have in some cases found it impossible to extract complete data from transaction and communication record systems.
CM: Many firms have begun to implement surveillance programmes over their electronic and audio communications that relate to the execution of a transaction, however, they need to be targeted to ensure that these are effective at identifying suspicious behaviors. Risk assessments are key to ensure that focus is given to the right time frame and communication methods, otherwise it will be a case of looking for a needle in a haystack. Firms also need to adapt their monitoring programmes to new and emerging risks to stay tuned to evolving market conditions.
Q. What problems could the lack of testing cause?
MC: Firms that have not yet tested their trade reconstruction could find themselves unable to fulfill an FCA data request often within tight deadlines. It’s important for compliance departments to regularly communicate with their technology teams and solution providers to ensure their record keeping processes are operating continuously and effectively. If a problem is identified, it needs to be resolved quickly – the longer the delay, the larger the remediation.
CM: The requirement to monitor electronic communications extends beyond conduct and market abuse risks to ensure that integrity of records is maintained, the records are readily accessible, and the recording procedures are appropriate and adequate. Without a monitoring programme to assess these fundamentals, firms could face difficulties down the line.
Q. How important is technology in helping firms meet their recording requirements?
CM: Recording, storing, retrieving and monitoring the sheer volume of communications that the new rules require would never have been possible without regulatory technology. The range and quality of providers that have come to market since 2009 (when the UK domestic recording regime came into force), has helped to make meeting the requirement easier, and cheaper.
We will continue to see further advances in technology that assist firms with monitoring. Keyword and lexicon search is available for written communications but this is still in relative infancy for voice recordings. Other technology is advancing rapidly with solutions that analyse the pattern and tone of written and verbal communications that can help identify changes in behaviour or suspicious conversations.
Q. Are there any ways that technology has hindered firms?
MC: With new and different technologies come new and different risks. Poorly implemented, understood, or utilised technology can distract firms from their primary objectives. The key is planning and due diligence – we have seen some firms going headlong into implementing MiFID II solutions without fully understanding what they are buying or how to use it. This has required considerable post-implementation time and resources to resolve.
And the story doesn’t end at successful implementation. Our world is awash with stories of data hacks and cyber-attacks on corporates and critical infrastructure and the employment of ever more sophisticated fraud techniques. Firms need to make sure their technology keeps pace with preventing such threats. Cybersecurity is a major focus for the FCA this year and is likely to remain so for the foreseeable future. We therefore encourage any firms which have not yet stress tested their cybersecurity arrangements to do so as a high priority.
Q. GDPR came into effect on 25 May. How does this impact a firm’s record keeping requirements?
CM: On 8 February, the FCA and Information Commissioners Office (ICO) published a joint update on the implementation of GDPR. The FCA noted that it did not believe that GDPR would impose any requirements that were incompatible with the rules in the FCA handbook, which included recording of communications. At Cordium, we’ve been busy helping firms with their GDPR arrangements and the review of programme implementations from a benchmarking perspective. This includes ensuring that there has not been an unintended impact on a firms’ compliance with FCA rules.
Q. What top tips would you offer when it comes to record keeping?
CM: Many firms have looked to third parties to assist with their record keeping requirements, be it OMS systems for data, or telephone providers for audio records. Due diligence is key to ensuring you have the right access and ability to retrieve data to meet your obligations. In particular, firms should make sure providers can keep the records for the mandated timeframes, and longer if required.
MC: It’s an ‘oldie but a goldie’ – train your staff. They need to understand the importance of capturing accurate data and timestamping as it feeds transaction and trade reporting for example, which in turn is used for market integrity monitoring by regulators. In addition, such training is an explicit requirement under the MiFID II rules.
CM: And make your monitoring effective; assess the conduct and market abuse risks in your business and focus on them. Don’t waste time – there isn’t enough to spare!
Contact us if you would like to conduct a post implementation review of your MiFID II programme and assess your arrangements to ensure they meet regulatory requirements.