Striking a balance between communication recording and data privacy

The past year has seen a whirlwind of regulatory change around communication. MiFID II, aimed at the financial services sector, and General Data Protection Regulation (GDPR), which effects every business, have come into force, both disrupting the traditional way of approaching customer communications and record keeping.

Regulators keeping us honest

One of the main issues in the past has been ineffective recordkeeping of sales transactions and the storage of customer data. This has given rise to conflicts of interest and a reduction in customer trust. Regulators now require companies to capture, record and store all forms of communication – email, fixed line, mobile, instant messaging, video and face to face.
Comply or let it lie

The aim of MiFID II was to strengthen investor protection and improve the functioning of financial markets. Making them more efficient, resilient and transparent. Under MiFID II, communication surveillance requirements have increased significantly. Monitoring and recording employee communications now provides the evidence needed for compliance purposes. Whilst also protecting businesses and their employees in the event of any regulatory investigation.

Articles 16(7) of the MiFID II directive explicitly cover the recording of all client trading communications. In fact, financial firms are expected to store communication recordings for up to seven years or face a hefty fine for not complying when audited by regulators.


GDPR, which was introduced in May 2018, shook things up across all industries. GDPR contradicts MiFID II by putting the ownership of data in the individual’s hands. Firms need to seek permission to hold on individuals’ personal data. The directive supports an individual’s right to privacy and embodies principles around consent for the storage of personal data and the right to erase it. Such consent must be freely given. Personal data should only be kept for as long as necessary, and only when it relates to business communications. Whereas MiFID II requires recordings to be stored for seven years.

Conflicting regulation

Both MiFID II and GDPR have conflicting requirements but come with similarly hefty fines for non-compliance. Failing to comply with the requirements of MiFID II means companies could face fines of €5 million or 10% of their annual turnover. Yet organisations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements.

Compliance with contradictory regulation

Both MiFID II and GDPR have required firms to overhaul significant areas of their operations, processes and controls. Specifically, processes and policies based on communication recording. However, worryingly, a survey conducted by TeleWare of over 2,000 UK employees revealed that 40% of financial services firms do not have effective processes in place to capture, record and consequently retrieve information relating to business communications. This could have serious implications for these firms, leaving them open to significant regulatory fines for non-compliance.

Capturing cross-channel communication effectively

When it comes to mobile communications recording, firms have two options if they want to show they’re being compliant; SIM-based recording or app-based recording. A series of apps and software have been introduced in the last few years to help employees work flexibly, but also to ensure businesses are being compliant.

Communication tools including Dual-SIMs (eSim) and call recording apps aren’t new to the market but are slowly growing in popularity. This is because they allow users to separate personal and business communications by having a work number and personal number on one device. They also allow the user to store communication recordings. For businesses, it ensures employees still comply with any regulation that demands recording of communications.

A blessing in disguise?

Whilst communications recording is a necessity for financial firms, it shouldn’t just be about meeting the requirements of a regulator: it also has its benefits. Recording and analysing conversations can help firms to improve productivity as well as improving customer experience, reducing business risks, enhancing training and development.

Guest Post by Steve Haworth, CEO at TeleWare