The Gap in MIFID 2 Compliant Call Recording Solutions For Hosted Telephony Systems

Compliant hosted telephony – in the UK alone, millions of companies have already ditched their on-premise phone system to reap the many benefits of hosted telephony – reduced costs, lower admin resource requirements, future-proofing, scalability and greater resilience to name a few.

However, ensuring that calls are recorded and stored in line with MiFID II and other regulatory requirements continues to pose a challenge to many financial firms who would otherwise jump at the opportunity to move their communications to the cloud.

Out With The Tin, In With The Cloud – Replacing Traditional Call Recorders

For years, regulated financial organisations have had no option but to use physical call recording equipment in order to stay compliant. Many firms, however, have become frustrated with the high costs and poor service associated with certain traditional call recording providers.

With IP-based telephony set to completely replace legacy analogue and digital voice services in the UK by 2025 when BT withdraw the PSTN and ISDN network, and the explosive growth of cloud services in all areas of life, companies are becoming increasingly aware of the limitations of traditional “tin-based” solutions. Firms, now more than ever, are looking for better alternatives and asking themselves – how can I replace my call recorder?

Are There Any Suppliers of MiFID2 Compliant Hosted Telephony Solutions?

While most hosted telephony platforms have the capability to record calls, very few are able to do so in a manner that enables firms to fully comply with MiFID 2 legislation. Data integrity, auditability and UTC time stamping are key factors.

Regulated firms also need to ensure that all relevant communications, both internal and external, are captured and that recordings cannot be tampered with or deleted.

DoubleEdge, through our partnerships with some of the world’s leading technology and cloud communications providers, can cater to all of these requirements.

From a simple “point solution” with basic search functionality to replace a legacy call recorder and/or physical phone system, to a fully integrated platform to capture all forms of voice and e-comms, incorporating world class speech-to-text engines, advanced search features and real-time proactive alerts, we can help.

With our MiFID II compliant hosted telephony and call recording solutions, financial organisations can now gain all the benefits of cloud-based voice services while meeting or exceeding all of their regulatory obligations.

Contact us to learn more.

WhatsApp Compliance Monitoring

Continuing to build on their strong presence in the Financial Services arena and the growth of their Communications Compliance portfolio, DoubleEdge have partnered with Telemessage to provide a compliant WhatsApp recording service to financial firms both in the UK and worldwide.

The increasing popularity of WhatsApp among traders, brokers and other regulated individuals has been causing a major headache for Compliance departments. Under MiFID II, Dodd-Frank and SYSC 10A regulations, to name just a few, firms need to ensure that all relevant communications are recorded.

With its end-to-end encryption, however, WhatsApp poses a challenge. And then, for firms with Bring Your Own Device policies, there’s GDPR…how do you record people’s WhatsApp chats on their own personal phones without falling foul of data protection laws?

Some companies, prepared to take the resulting hit on productivity, have simply banned WhatsApp use through policy.

However, Telemessage’s WhatsApp Archiver solves these problems. While it looks and works exactly like the standard WhatsApp application, with the same interfaces and capabilities, it allows all messages to be captured and archived, along with any multimedia communications and attachments. All communications are UTC time-stamped, tamper-proof and easily searchable.

For employees using personal devices, a second number can be used for their enterprise WhatsApp account so that all personal messages remain strictly private, while business WhatsApp communications are all captured and securely archived in accordance with regulatory requirements.

DoubleEdge Managing Director, Steve Burges, states “from conversations with our clients, it’s become increasingly clear that recording WhatsApp for compliance has become a real pain point, particularly among commodities traders and brokers where WhatsApp is proving to be especially popular. This relationship gives us yet another way to help our clients solve their problems and bring more value through innovation.”

Any firms looking for a way to compliantly capture and archive WhatsApp communications can obtain further details and arrange a free trial by contacting DoubleEdge at compliance-solutions@edge-edge.co.uk or calling 020 3869 2442.

The Need for Effective, Holistic Compliance Monitoring and Surveillance

In a perfect world, compliance monitoring would be redundant. Financial regulators would exist solely to define the policies and procedures needed to protect consumers, with compliance departments acting in a purely advisory role to help firms apply these principles according to their own unique requirements and structure.

In this utopia, the process of enforcing these policies would simply be a matter of lending a guiding hand when required. All members of staff, from the most junior clerk to the CEO, would take it upon themselves to adopt and adhere to these principles, working together for the best interests of their clients.

As a result, compliance monitoring systems, surveillance, detection and investigation of misconduct; abuse; crime; or even just the occasional honest slip-up, would barely be required, if at all.

And pigs might fly.

While working towards this ideal culture is undoubtedly commendable, the reality is that the roles played by regulators and compliance, risk, governance, monitoring, surveillance and audit teams are becoming increasingly complex and ever more vital.

Even with the best of intentions, humans make mistakes. People have their own agendas and, with the opportunities and pressures inherent in an industry that focuses specifically on managing the flow of vast sums of wealth, some may be tempted to bend or even break the rules. Or coerce others to do so on their behalf.

Fear and greed can both play a part. Some organisations are ineffectively structured and/or badly managed. Some people just act irresponsibly now and then.

Digitalisation and globalisation present further challenges. The alarming pace of technological change provides many opportunities for both good…and not so good. The explosion in the ways that people can now communicate and do business with each other means that strict regulation and enforcement are now more crucial than ever.

With the risk landscape growing more and more complex and new, increasingly granular regulations being continually introduced in an attempt to keep up, compliance departments must also become more sophisticated in the way they conduct eComms surveillance to monitor and control these risks.

Capital Markets Compliance in the “Golden” Age of Communication

Once upon a time, in the early 1990s, things were simpler. Mobile phones looked like bricks and cost a small fortune. Telephone calls were all made over copper wires, and email and the internet were strictly the territory of academics.

Meanwhile, Mark Zuckerberg had just started primary school, getting his first lessons in Atari BASIC programming from his Dad. The closest thing to “Social Media” back then was reading someone else’s newspaper over their shoulder on a crowded train. And the “Cloud” was still just a fluffy white thing in the sky…

Compliance monitoring systems essentially consisted of nothing more than document storage, bulky, expensive tape drives and endless reels of tape, with no easy way to locate specific calls and certainly no way to perform any kind of meaningful analysis.

There was no such thing as e-communications surveillance monitoring because, well…e-communications didn’t really exist.

The mass adoption of email over the following years, along with the explosive growth of the internet into the mainstream – fuelled by huge investment in infrastructure to provide superfast data connectivity – signalled the beginning of a massive transformation.

The commoditisation of mobile phones and rapid expansion of GSM networks revolutionised the way people communicate, to the point where there are now over a billion more mobile connections on the planet than there are people.

With the development of smartphones and the rollout of 3G, 4G and now 5G mobile data services, mobile phones have become indispensable to businesses. Unified Communications and cloud computing allow organisations and their employees to work flexibly, from almost anywhere in the world, with constant access to their corporate network and the systems and tools required to carry out their roles.

Communication with colleagues, clients, partners and other third parties now takes place in countless ways, over numerous forms of media – voice calls over fixed lines, dealer boards and mobiles; SMS; video calls; social media; and an ever-growing list of instant messaging applications, from WhatsApp to Yahoo chat, Skype, Bloomberg chat and everything in between.

Great for staying connected with each other, but a potential minefield for Risk and Compliance departments…how do you control risk and ensure your organisation is compliant when you don’t have proper visibility of what your staff are doing?

The Expanding Scope of Regulatory Requirements for Compliance Monitoring Systems and Market Abuse Surveillance Tools

With the adoption of new forms of multimedia communication over the years, regulators have had to expand the scope of existing legislation, and introduce new directives, to attempt to mitigate this risk, particularly in the wake of the 2007/8 financial crisis.

The UK Financial Services Authority’s COBS 11.8 directive in 2009, outlining the parameters of a new regime for the recording of voice and electronic communications, included several important exemptions.

Most notably, all conversations and communications (except email) over mobile devices were excluded from the recording requirement. Discretionary Investment Managers were also able to claim exemption for any communications that could reasonably be expected to be recorded on the other end, i.e. by the entities which were carrying out the execution of transactions.

With the increase in mobile usage and the growth in mobile call recording solutions, the mobile phone exemption was eventually removed in November 2011.

The subsequent introduction of MAR and MiFID II across Europe, and Dodd-Frank in the USA, have significantly widened the scope of monitoring, surveillance, recording and reporting requirements and provided a far more detailed breakdown of firms’ obligations and the measures they are expected to have in place in order to be compliant.

Certainly in the UK, and no doubt elsewhere, it has become clear that there is a significant disconnect between what many firms have considered to be “reasonable steps” and the expectations of the regulators.

As a result, the extension of the Senior Managers & Certification Regime (SM&CR) in December 2019, to include all FCA-regulated bodies, has caused some considerable concern among many firms.

Industry polls taken in June-July 2019 suggest that an overwhelming majority of firms (84.3%) conduct little or no Voice and eCommunications surveillance, many (62%) still have “a lot more” or “everything” still to do to implement SM&CR and most (84%) feel that “internal set-up and culture” are a key challenge.

Considering the level of personal accountability being introduced with the regime, it is no surprise then that firms’ trade surveillance technology and communications compliance monitoring tools are now coming under intense scrutiny.

To put it bluntly, when it’s your own head on the block, you want to make sure it doesn’t get chopped.

The Limitations, Costs and Inherent Risks of Data Silos

The underlying issue for many firms originates from the piecemeal way in which new forms of communications media have emerged over time, and the phased expansion in regulatory requirements associated to monitoring, capturing, storing and analysing communications.

Years of having to adopt different systems for new forms of communications data have led to most organisations (both large and small) eventually finding themselves with a fragmented array of disparate vendor, technology and data silos for the surveillance, capture, storage and analysis of various media types.

For example, on one end of the scale, a small, single-site fund manager might have one system to record landline calls, another to capture mobile calls and SMS, another to capture video calls, and a number of others to capture various forms of instant messaging, with some or all of these media types then being stored in separate repositories.

A global investment bank, on the other hand, might have accumulated dozens of recorders over the years, from multiple vendors, spread across numerous countries, just for capturing fixed line calls. These recordings may also be stored locally within each jurisdiction, creating further silos of data.

The dispersal of companies’ communications data across so many disjointed legacy platforms, and the absence of a single, unified view of the data across each of these silos, is the root of many of the problems that businesses face.

Having to work with such a wide range of different systems means firms are not only incurring significant costs (hardware, maintenance, licencing etc.) but are severely limited in their ability to extract any useful information from their data, and are subsequently exposed to very real operational and regulatory risks.

Real-time communications surveillance becomes practically impossible. Any proactive monitoring must be done manually, which is both resource-intensive and ineffective, and leaves firms unable to effectively deal with the volume of false positives often generated by their market surveillance systems.

The ability for timely case reconstruction, necessary for Dodd-Frank and MiFID II compliance, is also severely impaired. If required by regulators to reconstruct a trade within a certain timeframe, many firms would simply be unable to do so.

At least, not without spending an arm and a leg on external consultancy fees. Historically, many might have preferred to just pay the fine – possibly a less attractive option under SM&CR.

The Search for a Holistic Surveillance Solution and The Budgetary Tug-of-War

To address this, most organisations have now recognised the need for a more holistic surveillance solution. Some of those with deeper pockets are already working with various regulatory compliance software companies to pull together their many systems to form a coherent whole.

In general, this has involved deploying a layer of middleware to sit over the top of their myriad legacy systems and provide a central hub.

However, although this does give a more complete view of their data to those firms who can afford it, it is still adding yet another layer of technology and cost, to essentially form a “patchwork of data silos”, as opposed to addressing the root issue itself and breaking down data silos altogether.

In addition, depending on the solution(s) used, firms may still struggle to meet regulatory case reconstruction requirements and deadlines in time; especially if, for example, source data is stored in other countries or is spread across multiple jurisdictions.

For many firms though, budgets and resources are an issue, and taking an expensive and inefficient silo-based approach to compliance monitoring and surveillance is simply not an option. Even in larger organisations, there is often a tug-of-war between IT and Compliance departments as to whose budget should be used…with the Finance department stuck in the middle.

Using holistic compliance monitoring software for effective market abuse surveillance, however, is now a vital requirement for all firms, and affects all departments.

A solution is required that removes cost as an obstacle. A solution which, by eliminating data silos and replacing them instead with a single, unified platform for monitoring, capturing, normalising, storing and instantly recalling all forms of voice and electronic communications and market data, allows firms to reduce costs rather than add to them.

Such a solution would have far-reaching benefits, solving critical problems faced not only by Chief Compliance and Risk Officers, but also by Heads of Technology, Operations and Finance – as well as, ultimately, Chief Executives. And of course, most importantly, resulting in a better, safer service for end customers.

Which is the whole point…right?

The Holy Grail of Compliance Monitoring Software – “What If…?”

Technology and cultural change will always be around, forcing organisations to adapt. Mankind, by our very nature, will always ask “what if?” – forever pushing the boundaries of possibility, until the “impossible” eventually becomes the norm.

The challenges facing regulated firms will continue to evolve constantly. What may appear almost insurmountable now, will eventually become commonplace.

For now, financial institutions need to undergo a significant shift, moving away from the use of layers of legacy compliance monitoring systems and controls to a single, unified, holistic surveillance solution that allows them to meet the challenges of today and the road ahead.

The question is…what if?

What if this solution already exists?

See https://edge-edge.co.uk/soteria.

DoubleEdge are pleased to announce that Soteria™, the cloud-based compliance monitoring, surveillance and analytics platform powered by DoubleEdge partners Insightful Technology, has been shortlisted in 11 categories for the 2019 RegTech Insight Awards, taking place in London on the 3rd May 2019:

  • Best Sell-Side Regulatory Data Solution
  • Best Buy-Side Regulatory Data Solution
  • Best Data Management Solution for Regulatory Compliance
  • Best Vendor Solution for Dodd-Frank
  • Best Voice and Mobile Recording Solution
  • Best Solution for Records Retention
  • Best Compliance as a Service Solution
  • Best AI Solution for Regulatory Compliance
  • Best Regulatory Alert Management System
  • Best Regulatory Reporting Solution
  • Best Innovative Technology for Regulatory Compliance

Soteria™, already used by 10 of the top 12 global Tier 1 banks, captures and recalls any type of corporate multimedia communication in a single global view and then overlays proactive monitoring and AI services to enhance the data’s value to the organisation, all in real-time.

More information on Soteria can be found at www.edge-edge.co.uk/soteria

Contact: Steve Dourdil, DoubleEdge Professional Services Ltd, 30 Artillery Lane, London E1 7LS. Tel: +44 (0)20 3869 2442.

London, UK – 25th July 2018

Compliant voice, e-communications and cognitive services disruptor, Insightful Technology, has agreed a new partnership with agile IT and unified communications provider, DoubleEdge, as part of their growing activity in the Financial Technology marketplace. The new alliance has already been celebrated with an early customer acquisition, for deployment in August.

Insightful’s Soteria™ platform is already used by 9 of the top 12 global banks and now enables DoubleEdge to bridge compliance and efficiency gaps for businesses within the regulated business sectors. Soteria captures and recalls any type of corporate multimedia communication in a single global view and then overlays proactive monitoring and AI services to enhance the data’s value to the organisation.

All in real-time and without data leaving jurisdiction, case reconstructions can be compiled in a matter of minutes with the aid of advanced keyword search algorithms and Microsoft voice-to-text transcription software. This empowers businesses to respond proactively to regulatory requests and allows regulators to remotely access a containerised view of the case file.

Steve Garrood, CCO of Insightful Technology commented: “We strive to ensure we have the best-in-class partners who share the same ethos of encouraging real business efficiency change, while solving the customers’ immediate pain points around unified communications and/or compliance. DoubleEdge takes a similar approach and has established a solid reputation for delivering exceptional levels of customer service and support.

With Soteria™, DoubleEdge now has access to a tier-4, secure and resilient cloud-based SaaS solution that provides much-needed structure to otherwise unstructured data, in one single place. There’s no need for middleware or multiple disparate data silos and, given Soteria’s open API design, DoubleEdge can deliver a complimentary and non-architecturally disruptive solution that ingests data from any existing or legacy estate, be that hardware or software.”

Steve Burges, DoubleEdge Managing Director, added: “We work with some of the biggest players in the financial, legal and professional services sectors, providing advanced communications and collaboration solutions, plus the essential support required to meet changing requirements.

Over the past 20 years, we’ve witnessed growing regulatory demands across an increasingly wide range of communications. Compliance managers need a solution that is simple to deploy, quick to respond to requests from the authorities and accurate in the data supplied. Insightful Technology delivers all this with the flexibility and scalability offered by a cloud-based SaaS solution. They’re way ahead of everything else out there and that’s why we value this important partnership.”

 

About Insightful Technology

Through our SaaS platform Soteria™, Insightful Technology provides organisations around the world with the ability to securely capture, analyse and store business communications in real-time, regardless of the source. With an accompanying A.I. and B.I. analytics and proactive alerting suite, and the functionality to create case reconstructions immediately, as well as pre-populate CRM systems or Best Execution forms with accurate voice-to-text transcriptions, we not only drive compliance on a global scale but also impact on enterprise agility.

Our mobile voice recording solution is currently used by 9 of the top 12 tier 1 global banks, and over 170 other financial organisations, and can also be implemented by government agencies, legal institutions and pharmaceutical companies all around the world.

To find out more about Soteria™ and Insightful Technology, visit our websites http://www.soteriasoftware.co.uk/ and http://www.insightfultechnology.com/

DoubleEdge embarks on expansion plan with acquisition of BridgeOne Telecom

BridgeOne has today acquired by DoubleEdge Professional Services, an innovative cloud, data and voice solutions provider here in the UK and across EMEA.

This provides a positive outlook for the clients and staff of BridgeOne as the industry is moving towards voice and data and mobile unification, cost efficiencies and the ability to support the ever-growing needs of employee communications.

The two businesses were formed in 2008, based in the same offices in Central London and using shared services and industry knowledge. Once established from a client, revenue and staff perspective, they went on to establish strong and stable growth separately.

This coming together is a natural step to continue and allows both client bases to benefit from the specialist knowledge of a single entity to provide best in class solutions and services.

New range of solutions from DoubleEdge sets the standard

At a time when every business is under pressure to raise its game, IT managers hold a critical position in the battle to power-up performance. Implementing a Bring Your Own Device or BYOD programme can make a big contribution to gaining competitive advantage by cutting the cost of telecoms hardware, increasing productivity and improving staff motivation. Get it right and BYOD is a business winner – get it wrong and it could be a business disaster.

DoubleEdge has developed a new range of market-leading solutions that set the standard in BYOD. We have the expertise to plan and implement successful BYOD strategies that meet the requirements of any business. Deploy BYOD with the confidence that networks and confidential information are protected by the latest security systems and ensure your business avoids all the pitfalls.

Retailers that do not comply with PCI DSS (Payment Card Industry Data Security Standard) risk heavy fines, the withdrawal of merchant services and damage to business reputation. At a time when fraud arising from purchases made over the phone or online is growing by 23%, it’s essential that retailers have the right systems in place to manage and control payments in compliance with PCI.

DoubleEdge, the provider of consultancy services for fixed and mobile communications, has responded to this growing requirement with a web-based PCI Compliance Solution focusing on simplicity and affordability for the retailer. Research conducted by DoubleEdge has established that, despite the launch of the PCI scheme several years ago, there is a surprising number of businesses that are either unaware of the risks of non-compliance or fail to take compliance measures, simply because the risk of fraud is underestimated.

DoubleEdge PCI specialist, Dermot Goldrick, explains how the solution takes the opportunity for fraud away from the call centre operator:

“Our solutions ensure that cardholder data never enters the contact centre environment. Payments are taken securely and efficiently, with the caller entering their own card details using a telephone keypad.The system masks the DTMF tones, ensuring that agents are not exposed to any card information and preventing payment details from entering the contact centre. This means that compliance is controlled and the cost of achieving compliance is contained.”

Goldrick emphasises how the process poses no threat to the customer experience:

“Agents stay in contact with customers during the payment process, monitoring progress and answering questions without having any knowledge of card details.This ensures the customer relationship is maintained.”

The system incorporates secure voice recording and storage, is easily integrated with existing systems and incurs no capex or maintenance costs.

Contact: Dermot Goldrick, DoubleEdge Professional Services Ltd. 44 (0)20 3137 8465

www.edge-edge.co.uk

About DoubleEdge

DoubleEdge is an independent, specialist IT and communications solutions provider founded in 2008 after the acquisition of the Edge Group. Since then, the business has grown to become the service provider of choice for many market-leading businesses around the world. DoubleEdge’s services address the major business communications challenges faced by today’s IT Directors with an innovative range of solutions that can be delivered as a single service. From mobile contract optimisation and IT resource management services, to provisioning the latest converged voice and data solutions, clients trust us to deliver sustainable reductions in operating expenditure alongside dramatic improvements in business performance.

DoubleEdge launches innovative new way to provision line capacity

With the rapid shift towards mobile and BYOD, matching your fixed line voice capacity to business needs is both an IT challenge and a business opportunity. Reducing the number of lines means you’ll benefit from lower rental charges – but you could also risk losing inbound calls because of insufficient capacity. Without the right information the decision is a business gamble.

StreamLine from DoubleEdge is a new way to provision line capacity. It provides a unique and accurate record of concurrent fixed line calls over time, giving you a clear picture of the line capacity your business needs. With StreamLine Reports and the support of our experienced consultants, you can determine the best ways to ensure minimum spend for maximum line availability – without any of the risk.