Recent regulations have obliged ﬁnancial services companies to provide greater visibility into their operations. The European Union’s Markets in Financial Instruments Directive II (MiFID II) and its UK sibling, the Markets Abuse Regulation (MAR), has encouraged the surveillance of all trading-related communications, both spoken and electronic (eComms), between employees, their clients and third parties.
However, the EU’s General Data Protection Regulation (GDPR), enforced in the UK under the Privacy and Electronic Communications Regulation (PECR) and Data Protection Act (DPA), threaten huge penalties for the misuse of personal data. The surveillance and storage of communications-linked data will be given another layer of regulation under the EU’s upcoming ePrivacy Regulation.
In this report, Mark McCord and Mike O’Hara of The Realization Group examine the seeming contradictions between these two sets of edicts. Along with Anish Kalraiya of Crédit Agricole CIB, Adam Clarke and Balavernie Sritharan of Deloitte, Paul Clulow-Phillips of Société Générale, Sam Tyﬁeld from Shoosmiths and Shiran Weitzman of Shield they also discuss how compliance oﬃcers are dealing with this conundrum and consider emerging challenges to achieving compliance.