2023 has been an expensive year for many financial firms. Regulators in North America, the UK, and Europe have been consistent in handing out colossal fines to firms for failing to meet their record keeping obligations. And it seems that this has resonated with the Central Bank of Ireland, which recently released a Conduct Risk Assessment of Telephone and Electronic Communications in firms engaged in securities markets activity.
Below are the key findings from the assessment:
Firms did not update their communication policies and procedures despite transitioning to remote or hybrid working during and after COVID-19 lockdowns.
Monitoring and testing conducted by firms did not meet the Central Bank's expectations.
Some firms lacked a systematic approach to monitoring telephone communications.
The lexicons used for electronic communications monitoring were ineffective, as they had not been appropriately calibrated.
Breaches of policies and procedures were identified in only a small number of cases, indicating monitoring deficiencies.
Firms did not consistently follow disciplinary procedures for identified breaches.
Some firms lacked clear escalation policies for breaches.
Alerts generated through monitoring were closed without proper justification.
Additionally, some good behavior was shown by the firms assessed:
Some firms exhibited good practices in recording and retaining telephone and electronic communications.
Many firms provided corporate devices to reduce the risk of unauthorized communication channels.
All firms had the necessary IT infrastructure for record keeping and electronic communications recording.
For financial firms in Ireland, the Central Bank expects them to focus on improving their frameworks for telephone and electronic communications. This includes ongoing monitoring and sample testing of records to assess compliance with MiFID II requirements, with the sample size tailored to the firm's nature, scale, and complexity. Additionally, senior management and the Board should receive regular management information regarding record keeping, recording, and monitoring of telephone and electronic communications. The Central Bank sees low levels of detected breaches as a sign of ineffective surveillance monitoring, emphasizing the need for improvements.
Firms are expected to periodically review their approved communications list for accuracy and completeness. Additionally, the Board is required to approve the firm's telephone and electronic communications policy.
To safeguard data, firms must establish procedures ensuring that staff can access telephone recordings only for monitoring or regulatory purposes, with regular reviews of access. It is evident that financial firms in Ireland need to ensure that they have robust surveillance policies and processes in place to enable them to meet the expectations of the Central Bank.
How SteelEye Can Help
SteelEye is the first and only fully integrated surveillance solution for trades and communications, giving compliance and surveillance teams full assurance that risks are identified and actioned efficiently.
SteelEye’s modern data architecture makes it easy to combine data from any channel into a single, compliant, and secure repository. Today, SteelEye is the only solution that can natively bring together trades, orders, communications, global news, and market data on a single platform.
Turn Supervision into Super Vision
Contact our compliance experts to see our platform in action or learn more about how we can help your firm reduce compliance fatigue.