In summary The FCA requires that the vast majority of a Firms Electronic Communications should be archived and monitored.
The FCA set these rules out in the Senior Management Systems & Control (‘SYSC’) Handbook. Specifically;
1. SYSC 9.1 Record Retention
- SYSC 9.1 states that all business communications should be kept for a minimum of five years. The multiplicity of communications channels and the unstructured nature of the data (some of which may be proprietary to a Firms vendors) means information is sometimes difficult to retain in compliance with this rule.
- The FCA guidance is that a Firms data archive is stored in an alternative location from that which the communications originally took place (for example, voice files should not be left on the voice recording device but should be archived to another location).
2. SYSC 4.1 General Requirements
The FCA requires a Firm put a monitoring mechanism in place.
- SYSC 4.1.1 states that “A firm must have […] effective processes to identify, manage, monitor and report the risks it is or might be exposed to […] and effective control and safeguard arrangements for information processing systems“
It follows that a Firm is required to spot risks in the torrent of unstructured electronic communications that flow through its systems and report on them to the senior management team.
3. SYSC 10A Call Recording Obligations
The Call Recording Obligations, introduced as part of MiFID II, set out in SYSC 10A place additional requirements which add considerable technical complexity to Archiving and Monitoring.
- SYSC 10A.1.6 states that “A firm must take all reasonable steps to record telephone conversations, and keep a copy of electronic communications, that relate to the activities in financial instruments […]“
- SYSC 10A.1.7 states that “A firm must take all reasonable steps to prevent an employee or contractor from making, sending, or receiving relevant telephone conversations and electronic communications on privately-owned equipment which the firm is unable to record or copy“.
Not only does this rule make BYOD almost impossible to achieve for most firms, also the clear implication is that that a Firm should be recording all telephone conversations and electronic communications on company devices.
Fingerprint will enable Firms to meet the governance, compliance and management processes required for electronic Communications.