Regulating mobility

Mobile trading and compliance in the financial sector*
Written by the Economist Intelligence Unit

Recording the facts

I

n the financial sector, managing compliance with regulatory
requirements is an enormously complex challenge. Rapid technology
advances in areas such as automated trading, while revolutionising
everyday operations, are making the job of compliance tougher.
Until relatively recently the use of mobile technologies in financial
institutions—unarguably a boon to trader productivity and a rich source
of new products and services—has escaped regulatory scrutiny in most
developed countries.
In the United Kingdom that changed in 2011 when the Financial Services
Authority—since reconstituted as the Financial Conduct Authority
(FCA)—announced that it was time for investment firms to start recording
“relevant communications” on mobile devices. As this article will show,
the requirement poses numerous challenges to compliance officers, chief
information officers and IT directors of financial institutions, and not
just in relation to technology. There may, however, also be opportunities
for firms which move faster to address the recording requirements.

Mobile communications were initially exempted from the legal
requirement to record and store voice communications, which came into
force in March 2009, because it was generally agreed that the technology
to do so was not mature enough. That exemption came to an end two
years later, with firms being required to capture mobile communications

from November 2011.
More than two years on, it is unclear how many financial institutions are
actually complying with it. Research published in late 2012 by Ovum,
a technology analysis firm, suggested that up to two-thirds of the
companies required to record mobile communications had not complied.
Rik Turner, an Ovum senior analyst, reckons not much has changed since
then: “I would bet money that there is still a significant minority of
institutions not fully compliant.” The FCA says it has not taken action
against any firms for non-compliance, but is unable to say what the level
of compliance is.
Joram Borenstein, vice-president of NICE Actimize, which provides
compliance and risk management solutions to the financial industry,
succinctly sets out the challenges: “First, firms need to ensure that secure
connectivity is ensured so that proprietary information, processes and
plans are not divulged. Second, the connectivity must be reliable across
offices, devices and countries.”
Mr Turner adds that capturing mobile data—including calls and SMS
messages—is a whole new headache for the industry. He believes that
any non-compliance thus far is due to the complexity the above issues
represent for firms.

Technology, security and provider choices
There are a number of choices a firm has to make when implementing
mobile recording, not least of which is choosing which technology to
deploy. The choices are between a Sim-based solution or an app on the
device, and both have their perceived advantages and disadvantages.
Sim-based solutions mean that at least in the first instance, calls are
recorded by the mobile provider and stored in the cloud. This offers IT
departments convenience in terms of storage and support but can also
pose security and compliance concerns, particularly in regard to where

the provider stores the data.

s p onsore d b y :
*This and other articles about the challenges and
opportunities of mobility, sponsored by EE, can be found at
/>Rik Turner, “Mobile Recording in the Financial Sector: an Update”, Ovum,
February 19, 2013.

1


Capturing the data via an app on the device presents other concerns,
particularly in a BYOD (bring your own device) environment, where
employees use their own devices for work. Any app therefore has to work
across all the mobile platforms as well as provide levels of security that
will keep the IT department happy.
Security is a big issue, says Seth Berman, executive managing director
of Stroz Friedberg, a consultancy. “Mobiles are computers and can be
hacked,” he says. He also points out that people view their phones
as personal devices and often “ignore the rules” set by their IT and
compliance departments. For example, he says, it is difficult to get users
complying with the need to record SMS messages.
Another factor thought to be holding back compliance, according to Mr
Turner, is that the providers of recording services tend to be smaller,
newer businesses. Many financial services institutions are reluctant to
entrust something as vital as compliance to a small start-up.
The challenges of ensuring recording of mobile communications are not
limited to the IT department. According to Olivier Ruch-Rosanoff, who
specialises in IT risk and information management at a global bank:
“Measures have to be in place to involve all the main stakeholders: HR,

IT, internal control.… You need to identify which business functions
need to be recorded.” The biggest challenge, he adds, is “how to ensure
that the right people are recorded at the right times.”
Working internationally can also present difficulties. Some jurisdictions
require firms to keep data for longer than others, says Mr Ruch-Rosanoff:
“Countries have started to define maximum times as well as minimum
times [for storing data]. Dealing with those requirements across
multiple regions is challenging.”

Opportunity beckons
There is a silver lining for institutions who master the mobile recording
challenges, in that the data that is captured can be put to good use
by analysing it. Nick Patience, director of market development at
Recommind, a California-based company that provides software for
electronic discovery, says that firms can mine that data to “attain a
broad overview of non-compliance risks”.
Ovum’s Mr Turner, however, points to a much richer possibility: “Having
spent considerable time and money to meet regulatory recording
requirements, it is only natural that the … institutions should look for a
return on investment beyond compliance. If a firm can see how many calls
are made by traders to achieve a certain level of investment, perhaps it
can enhance the performance of their slower employees to speed time
to money,” he says. “If voice analytics,” he adds, “can detect certain
words such as ‘oil’ or ‘carbon emissions’ cropping up with increased
regularity in traders’ conversations during a given week, perhaps they
can proactively alter their trading strategies—provided such action is
legal.”
Financial firms can be sure of one thing: the technology landscape will
change, and quickly. Says Mr Borenstein: “Financial services firms should
assume that mobile devices and connectivity will continue to morph: new

ways of connecting, transacting and communicating are bound to be
upon us before we know it. Being aware of new developments is critical
to ensure that existing plans and protocols do not become outdated.”