Trade Surveillance and Mobile Recording in the Era of Data Privacy

The EU’s MiFID II and other regulations globally have placed greater emphasis than ever on market surveillance, recording of trading communications and records-retention processes in an attempt to stamp out market abuse and boost investor confidence and protections.

At the same time, the public’s attitude toward data privacy has hardened, most visibly through new regulations like GDPR, but also more generally in tighter labour laws in jurisdictions like Germany, where tolerance for privacy violations is notoriously low.

These two contemporaneous strands of Big Regulation are now creating issues for regulated firms. MiFID II explicitly requires them to record and retain archives of trading-related conversations and electronic communications. But GDPR – and importantly, entrenched attitudes to data privacy in jurisdictions like Germany – is presenting surveillance executives with challenges as they try to strike a balance between regulatory compliance and data privacy law.

Furthermore, recent regulatory censures, like that of Danske Bank for AML violations, have disrupted the ‘circle of trust’ that has formed the basis of many banks’ compliance processes. This is forcing individual institutions to take a more aggressive stance internally toward surveillance, monitoring and records retention, even as labour groups become more stringent in defending employees’ privacy rights.

This white paper looks at the current state of play in financial markets surveillance, and the conflicts it presents for data privacy. It explores how this situation is playing out in Germany and other jurisdictions with particular sensitivity to data privacy, and in the most affected functions like mobile phone communications. Finally, it offers some suggestions on best approaches to achieving compliance without falling foul of privacy laws.