A Best Practice Checklist for Compliant Mobile Policy

Here is our guide to designing and implementing a compliant mobile policy, including key tips and insights from the regulators and Intelligent Trading Technology (ITT).

Managing by policy 

Simply put, Managing by Policy (MBP) involves prohibiting the use of unrecorded devices and any communication that may potentially lead to a transaction. The scope of mobile phone use within financial services organizations has grown exponentially, and MiFID II's coverage of any communication that could pertain to a transaction (rather than directly resulting in one) A blanket ban on mobile phone use is absolutely not a practical solution. So what is? 

According to the ITT survey responses, 40% of finance compliance professionals identified their voice surveillance technology as an area of concern. The bring-your-own-device approach (BYOD) certainly presents a number of challenges, and regulators will look for evidence that firms have in place a robust governance structure to avoid possible policy breaches, such as the listing of executives' BYOD devices on their business cards or email signatures. 

Recording everything 

Given the challenges of Managing by Policy in today's complex environment, many firms take the alternative route of simply recording all mobile communications generated by regulated staff. Here, firms need to pick an option: whether to use a device-based recording app, or in-network recording. 

When the FSA (Financial Services Authority) introduced mobile recording in 2011, the vast majority of regulated entities opted to use an app to record mobile communications. Part of the reason for this was that an app-based approach can be deployed independently of the mobile network operator, allowing the firm's IT department to control the whole recording process. This is particularly appealing when it comes to international operations, as it avoids having to deal with unknown suppliers and local regulations. 

Today, however, only a small minority continue to use an app, with most having switched to network recording solutions like 1GLOBAL’s, which provides in-network recording for 8 of the world's 10 largest investment banks. One reason IT leaders switched to in-network recording was because single apps are difficult to deploy across a range of operating systems while maintaining consistency of experience and outcome. IT departments faced with having to deal with Android, Apple and Microsoft environments were presented with a major challenge. 

Finally, an app can substantially degrade the user experience. For one thing, connecting with the recording device can introduce delays. It also introduces an additional point of potential connection failure, which can interrupt time-sensitive conversations and increase security risks. These factors often led to users circumventing the app out of frustration, immediately negating the compliance efforts and exposing their organization to risk of huge fines.

Some firms attempted to change behaviors by offering incentives for staff to use the recording app, for example by using voice-to-text applications to capture voice communications in CRM systems and alleviate the need for employees to write up notes. These incentives proved to have diminishing returns as the features became standard in most smartphones.

In-network recording 

Firms and service providers concluded that in-networking recording offered the greatest chance of avoiding a policy breach and resultant regulatory censure. In part, this was due to the fact that in-network solutions are largely invisible to the user and don't encourage circumvention. There is no delay in the communication and as a result, the user experience is not compromised.

But an in-network solution is by definition operator-dependent, which makes it difficult to manage recording for staff who travel between different roaming environments. Firms that operate across multiple geographies and mobile operator environments needed to establish arrangements with multiple suppliers in order to assure complete recording integrity. 

MiFID II raises the bar on mobile interaction surveillance and recording. Competent financial service providers came to understand how they’d be impacted and moved swiftly to implement a suitable compliance platform by the deadline of at the start of 2018. 

Firms sought an approach that met the regulatory requirements but didn't compromise functionality and competitiveness like a blanket 'Manage by Policy' strategy does. Regulated entities had to identify and implement a mobile device management (MDM) platform that meets their usage criteria, meets MiFID II's recording and storage requirements, and provides the functionality and flexibility needed to retain business competitiveness. For many firms, these pre-requisites pointed directly to the need for in-network mobile device management. 

Best practice checklist 

• Develop and promulgate mobile policy 

• Incorporate mobile policy awareness/education into regulated employees' job descriptions/contracts 

• Ensure mobile technology approach accommodates need for recording and time-stamping of business conversations 

• Ensure recording storage can accommodate five to seven years of conversation histories 

• Set BYOD policy to allow or disallow use of outside devices 

1GLOBAL compliance and recording solutions

1GLOBAL offers a truly international mobile recording solutions that ensure adherence to the latest compliance standards. Through a single provider, businesses can securely manage all connectivity users, administrators, phone numbers, alerts, and more via a single centralized platform. A geo-redundant network, eSIM expertise, and suite of innovative compliance tools like Message+ have made us the preferred compliance partner for the world's largest investment banks.

Find out how 1GLOBAL can help you easily and comprehensively meet your compliance obligation and contact our team today.