Glassbox Digital Publishes 10 Digital Channel Record Keeping Recommendations for MiFID II and MiFIR Compliance

LONDON – Glassbox Digital has today published 10 recommendations to help financial sector organisations prepare for the Markets in Financial Instruments Directive II (MiFID II) and the Markets in Financial Instruments Regulation (MiFIR). The new rules coming in to force in January 2018 put a greater requirement on firms to keep more comprehensive records of digital activity, and to make those records more accessible and easier to search.

Glassbox Digital’s tamper-proof record and replay technology enables every digital session to be securely recorded, retrieved, and replayed, exactly as it was seen by the customer – or anyone visiting your website, even if they didn’t complete the session. Using Glassbox enables organisations to achieve the required standards for record keeping and related activities associated with digital channels demanded by MiFID II and MiFIR, giving firms a similar capability to what has long been available for phone and paper based channels.

Business Development Director at Glassbox Digital, Andrew Stacy, comments: “The new regulations require firms to keep records of electronic communications and to monitor those channels to demonstrate that they have complied with their obligations. Crucially, it relates to all services, activities and transactions, including recordings of telephone conversations and electronic communications – even including transactions or services that did not complete. This is where using the right record and replay technology for digital channels becomes essential.”

In its new whitepaper ‘Are Your Digital Channels ready for MiFID II – Will you be compliant?’, Glassbox Digital provides insight into how firms can adhere to the MFID II and MiFIR regulations as they relate to digital channels, including its 10 recommendations for digital channel record keeping.

1. Record and replay every session – Capture ever web, mobile and app session exactly as it was seen by the customer, regardless of the device or browser used.
2. Ensure you have comprehensive, robust and tamper-proof record keeping that is affordable– You must be able to store the data for five years – or longer. This includes any changes to the website design, personalisation for individual customers, content or layout; it should be time stamped and tamper-proof so that you can prove the accuracy of the record, and the data should be compressed so that the cost of storage is affordable.
3. Big data solution provider– Capable of handling significant volumes of data in both an on premise and/or a cloud based environment.
4. Make sure you can search the data – This is essential for being able to identify suspicious activity, find specific sessions and data, quickly and easily when required Without having to tag the data – you don’t know what you might need to look for in the future.
5. You need comprehensive alerts and report capabilities – Flag suspicious actions and be able to produce comprehensive reports of any chosen data or events.
6. Monitor all digital channels – Cover all the customer channels and be able to extract and send individual sessions to customers or regulators when required to evidence what happened.
7. You need to be able to extract individual sessions and export data – This helps to resolve complaints or disputes and enables digital activity to be incorporated in to other analytical tools and reporting.
8. Protect sensitive data – Mask sensitive data and ensure it is only available to those authorised to access it based on their role and need to know.
9. Identify the customer journey – Identify the most common route through your website and mobile app, and flag-up for further investigation sessions which deviate from the “expected” route.
10. Give compliance the ability to monitor and review what is happening in your digital channels – Enable compliance or audit investigation to undertake ad hoc reviews of digital business and automatically monitor activity to alert the firm to suspicious activity which requires further examination.