Financial services companies have had to record all incoming and outgoing fixed line business calls for years. This has certainly helped to reduce insider trading fraud and miss-selling as well as encourage best practice. But with an increasingly disparate and flexible workforce, more and more business is being carried out on mobile phones. This trend prompted the FSA to announce its plans for the removal of the exemption of mobile phones from call recording legislation last year.
So, from the 14th November of this year, mobile call recording will be mandatory for FSA-regulated businesses including banks, hedge fund managers, stockbrokers and financial and commodity derivatives firms. The policy directive requires the recording and storage of all ‘relevant communications’ made with, sent from or received on mobile phones and other handheld electronic communication devices. This includes the receipt of client orders and the negotiating, agreeing and arranging of transactions across the equity, bond, derivatives and financial commodity (mortgage, insurance, stocks and shares) markets and their brokers.
The legislation also states that all relevant communications made on a financial institution’s fixed or mobile devices must be recorded and archived for at least six months. While it relates only to corporate-owned phones, organisations must also take reasonable steps to ensure that business communications do not take place on employee’s own equipment that firms are unable to record for privacy reasons.
Yet, despite this fast approaching 14/11/2011 deadline, it is clear that a high percentage of companies have yet to tackle the issue.
Like all deadlines, it is always possible that the date may get pushed back, but companies betting on this may face potential fines. So, if the process is not already underway, it is time to start looking at the options.
The likelihood is that most institutions affected by the legislation will already be recording and storing their fixed line calls; but mobile recording is very different. On a fixed line, calls have single point of entry into the organisation through the switch or PBX. With mobile, there are many different points of entry and variables that affect the way calls can be captured, stored and retrieved.
Security is a primary consideration. Calls must be safe from loss or being hacked and tampered with. But we also expect instant and seamless communication through our mobile devices, so anything that gets in the way or requires user input is simply not tenable. Like all security measures, they must be balanced with ease of use.
There are four main different methods of mobile call recording. The first approach requires setting up the call, requiring users to provide their own number and the number they want to call. The system then calls back when the call is established and recording is in place. The problems with these solutions are obvious; they are not user friendly and can also prove very expensive.
A second method is to use a hosted PBX that treats mobile devices as remote extensions. In most cases this is a wireless LAN IP based service, so it will work fine in an office environment, from a wi-fi hotspot or home network, but rarely supports 3G wide area coverage. It also may mean replacing an existing PBX; and for a large organisation, this can also be very expensive.
Another approach is to employ inline systems. These sit between the caller and the recipient to interrupt and duplicate the call to send a copy of the call to the recording system.
There is a short delay, around two seconds, to set up the call; and to handle inbound calls, software has to be installed on every handset that diverts all calls back to the recording server. Currently, these systems are limited to certain phones and may face compatibility issues if the phone software is upgraded. In addition, the on-phone application can be potentially manipulated by the user, which may compromise compliance.
The final method doesn’t require any software and will work on any 3G unlocked phone. The user simply makes the call as usual. All that is needed is for the existing SIM in the phone to be replaced with a new SIM (USIM) card that enables calls to be recorded within the network itself. This ensures that users cannot switch off recording or interfere with the process. Recordings can be time and date stamped using the network timestamp – not the user’s – while encryption and anti-tampering mechanisms, common to most of the solutions, ensure that messages retrieved in dispute resolution are identical to the original and cannot be edited or deleted. Phone messages can be stored in a secure hosted data centre or customers can install their own dedicated on-site, stand-alone voice recording appliance.
Having an offsite hosted solution or doing it yourself is also an important consideration. While some argue that to be compliant, calls must be recorded on the premises, the FSA simply requires messages to be stored securely and available for retrieval on their request. The hosted option provides more flexibility to adapt and removes the burden of upfront investment in new equipment.
The decision by the FSA to lift the current exemption that applies to mobile phones and other handheld electronic communication devices from its taping rules was inevitable. It is a reflection of the greater mobility and the growing use of wireless communications combined with continuing concerns about issues such as miss-selling and insider trading.
But the deadline is now looming; and with no signs that it will be deferred by the FSA, companies should be feeling the pressure to implement a solution sooner rather than later.
More Key Points
‘Taping: Removing the mobile phone exemption’, published by the FSA in March 2010
Relevant Conversations - Voice conversations and other electronic communications that involve the receipt of client orders and the negotiating, agreeing and arranging of transactions across the equity, bond and financial commodity and derivatives markets, and to retain electronic communications relevant to these activities.
Relevant activities - Proprietary trading and other principal dealing and agency broking and the associated sales functions.
Relevant firms - Banks, stockbrokers, investment managers (including CIS managers and hedge fund managers), financial and commodity derivatives firms.
Record retention period - Six months from the date of creation. We expect records to be held so they can be accessed for future reference; that corrections, amendments and content of records – before corrections/amendments are made- are easily ascertained, and that it is impossible for the records to be manipulated or altered. This is in accordance with MiFID’s record-keeping standard.