In a recent Conduct Risk Assessment of Telephone and Electronic Communications conducted by the Central Bank of Ireland in securities market activities, several critical points about record-keeping requirements were highlighted. This assessment examined financial institutions compliance with the Markets in Financial Instruments Directive (MiFID II), particularly Article 16(7) which mandates firms to take steps to prevent use of unauthorised communication.
The Central Bank is concerned with the use of communication devices, particularly in a hybrid-working environment, as its policy objectives include ensuring that market abuse risks are mitigated by monitoring and authorising communication methods; and maintaining accurate records to support compliance and dispute resolution. The shift to hybrid and remote work requires firms to adapt their policies, procedures, and monitoring regimes to account for new communication methods, which must be authorised prior to use. Accurate records are crucial to demonstrate the intent behind trading, compliance with market abuse and conduct of business obligations, best execution, and order handling requirements.
The key findings from the assessment:
No firms amended their communication policies or procedures in response to the shift to remote/hybrid working,
Monitoring and testing were not up to the Central Bank’s standards, with ineffective lexicons for electronic communications and inadequate telephone communication monitoring,
Few breaches were identified, suggesting ineffective monitoring systems,
Disciplinary procedures were not consistently followed, and breaches were often closed without a clear rationale,
Some good practices were noted, such as recording all communications, providing corporate devices, and maintaining IT infrastructure for record-keeping.
To address these challenges, financial firms are urged to assess and continuously improve their communication policies, procedures, controls, and monitoring frameworks adapted for hybrid working arrangements. It's essential that new communication methods receive approval before use in conducting business activities. Furthermore, the maintenance of full and accurate records is emphasized as crucial for demonstrating trading intent, ensuring compliance with market abuse requirements, and handling disputes effectively.
Custodia's CC1 service is designed to provide comprehensive and effective capturing, reconciling, and monitoring of communications. CC1 service works for both in-office and remote working environments, addressing the challenges posed by the hybrid work model.
One key finding of the assessment was the low number of breaches identified by firms, indicating potential gaps in monitoring processes. CC1's advanced reconciliation functionality and near real-time alerts provide firms with the tools needed for adequate record-keeping and promptly identify any policy violations or suspicious activities. Combined with CC1's integration through one single API to any surveillance, behavioural analytics and machine learning partners financial institutions are able to enhance their communication monitoring capabilities, beyond record-keeping.
In conclusion, the Central Bank of Ireland's Conduct Risk Assessment underscores the expectations for improvement in compliance frameworks as regards telephone and electronic communications. Custodia's CC1 service is able to provide services key issues of data capture and reconciliation in the new the hybrid work environment. By deploying CC1, firms can effectively mitigate conduct risks, strengthen compliance efforts, and enhance their overall risk management strategies.