Over the course of the past two weeks precautionary measures have been implemented across the globe. Mitigating the spread of COVID-19 has been the talk of the town. Companies and authorities have had to tweak their working environments and quickly become abreast with reality. Despite this, many businesses strive to endure a “business as usual” approach, though, for this to be attainable several rules and regulations had to be tailored and altered slightly to accommodate smooth business operation under the present circumstances. We are today witnessing this being done by both ESMA as well as national competent authorities (including the Malta Financial Services Authority).
Turning our focus to Directive 2014/65/EU dealing with markets in financial instruments (“MiFID II”), for the purpose of strengthening investor protection, improving market surveillance and enhancing legal certainty, investment firms and credit institutions (“Firms”) are required to record telephone conversations relating to inter alia “transactions that have been concluded when dealing on own account and the provision of client order services that relate to the reception, transmission and execution of orders.”
Given that several Firms are operating under strict remote working conditions, ESMA issued a public statement on the 20 March 2020 which provides such Firms with further guidance and insight as to how they may continue to comply with these requirements under the current working conditions.
ESMA stated that provided the respective Firms ensure that all recordings are being undertaken in an appropriate manner, relevant persons may use mobile devices to record telephone communications (whether owned by the Firm or by the individual personally). To safeguard any mishaps occurring in the future (as a result of this approach being taken) ESMA have also stated that it is imperative for the said Firms to have in place policies setting out parameters by which they must abide. The policy must, inter alia, cover the following:
(i) The fact that data must be retained for a period of at least 5 years;
(ii) The fact that relevant persons should be prevented from deleting data;
(iii) The measures to be taken should a relevant person no longer work for the firm;
(iv) The Measures to be taken should the device be lost or stolen;
(v) The frequency and timing of when the data should be transferred from the mobile device of the relevant person to the firms own data base.
The public statement issued by ESMA also caters for those exceptional scenarios in which the above-mentioned arrangements cannot be achieved. In such cases, ESMA urges Firms to implement alternative measures (such as the use of recordable electronic communications) to ensure that full compliance with the existing regulatory requirements is nonetheless undertaken.
Should the above still be unattainable, ESMA expects that firms are to consider and implement alternative measures to mitigate the risks which could arise as a result of these recording requirements not being fulfilled. A suggestion put forward by ESMA includes documenting written minutes / notes of telephone conversations when servicing clients (this must be done after informing the client of the inability to record the call).
Despite the less stringent approach taken by ESMA when it comes to the recording requirements stipulated under MiFID II, the above shall only be seen and implemented as a temporary measure. Firms should strive to have some form of recording procedure in place as soon as possible.