Website and social media archiving platform MirrorWeb has created a guide for MiFID II’s electronic communication requirements.
Under MiFID II, Article 16, firms must keep records of all electronic communications and conversations, whether via telephone or digital channels, related to transactions on theirs or their clients’ behalf.
MirrorWeb believes the ambiguous nature of the directive and the sheer size of change needed, has left a lot of confusion in the industry on what needs to be recorded.
The electronic communications mentioned in the directive relate to websites and social media platforms, for example, blogs, instant messaging platforms, videos, Twitter, Instagram, Facebook, and more.
Step one for firms is to audit all of the communication methods they use, and the recording procedures already present on these. Following this, they need to identify gaps within the infrastructure.
In their latest guide, MirrorWeb has compiled a checklist for when reviewing the recorded communications.
- Complete – The organisation will understand and know all types of electronic communications that are used and by whom. Additionally, they will have a system and process in place to capture, retain and records those communications.
- Quality – The organisation will be able to reproduce records of electronic communications in their “original form”.
- Accurate – Organisations will be fully confident in the recorded electronic communications’ content and metadata that shows the exact times and dates that anything took place.
For peace of mind, firms are adopting a fully automated and certified archiving solution that can perform an authentic capture. However, a potential misstep companies can make with compliance is confusing a backup with an archive.
Backups are simply used for a firm’s operations recoveries, for example, if something is deleted, overwritten or corrupted on a database, it can be retrieved. Whereas, an archive is a stored version of the data, which is unchanging and cannot be changed, making it legally admissible.
According to MiFID II, Article 16, a backup would be non-compliant because the information would not be seen as “accurate” or “quality” data.” Archives are a ‘write once and read many’ format with timestamps, ensuring it cannot be changed, and therefore, compliant with MiFID II.
Relying on third-parties is also not enough to meet compliance, MirrorWeb states. Many social media platforms, for example, delete old content and if the information needs to be held for seven years, a company would be unable to access this data.
MirrorWeb has created a checklist to help firms work their way through communication compliance. You can access the full eBook here.
To find out more about MirrorWeb visit their website.
Copyright © 2018 RegTech Analyst
