Why a CRM isn't Enough for MiFID II Compliance
January 22, 2018 • 4 min read
Even with the latest MiFID II requirements around electronic communications recording having now been implemented across the EU, many firms are still facing a lack of clarity on the issue. Some firms, for example, assume their current CRM systems record enough information to fulfill the requirements of Article 16 - but this is certainly not the case and firms need to be thinking about implementing another solution.
What is a CRM?
A CRM is a platform that allows a business to track and analyse customer interactions and other data through the customer lifecycle. A business can then use this data to learn from and improve relationships with customers, assist customer retention and continue to drive their sales.
What a CRM Can Do
A CRM is a great way for financial firms to keep a track of all their customer management processes and other meaningful interactions where it either directly, or indirectly involves the firm. More sophisticated CRM systems are able to hold a range of data, including marketing materials, email threads, social media messages, chatbot conversations and more. The details of all these interactions can be compiled against the customer database and married against any records of a customer’s purchases.
What a CRM Can’t Do
However, whilst using a CRM is a fundamental way for firms to keep meaningful records of customer interactions, monitoring risk tolerance and other processes for compliance and regulatory purposes, it’s not necessarily something that they can rely on to deliver records that admissible as evidence in dispute resolution, or compliant with regulations such as MiFID II. This is because, in order for a record of a customer interaction to be both compliant and legally admissible, the record must be stored in a format that is immutable - and a CRM is designed for the purpose of real-time management of customer interactions and monitoring, not their preservation.
In addition to this, as a CRM is used by a number of employees in a firm, this means that there are a number of access logins to any records saved within it. Therefore, it is possible for records to be deleted, lost or corrupted in some way, which in turn will affect the tracking process and information held or the CRM system itself could cease to function correctly and could affect all internal customer relations processes. On the other hand, individuals could also affect CRM records if they choose to delete their social media profiles at any time, which means any social media threads held in the CRM are lost forever.
Why You Need Web Archiving for MiFID II
So, if your firm is only using a CRM for MiFID II electronic communications compliance, it may not be enough. As a CRM is limited in its recording abilities, the solution for full compliance is to use web archiving.
When it comes to the authenticity, integrity and availability of electronic communications, ‘The Code of Practice on Evidential Weight and Legal Admissibility of Electronic Information’ (BS 10008:2014), an organisation must demonstrate with certain proof, the integrity and authenticity of their stored electronic documents, whether for dispute resolution or other matters. Therefore, as the recorded information held within a CRM may be able to be manipulated or deleted, this lessens the admissibility of this information.
In addition to this, according to MiFID II, electronic communications must be “accurate, quality and complete” to demonstrate the full level of compliance - which, information stored within a CRM would not be able to fully provide as a sole point of electronically stored information.
In order to meet business requirements such as MiFID II, FCA, FINRA or SEC compliance in an effective, legal and robust manner, you ought to look for a professional web archiving service to manage your electronic communications securely. With MirrorWeb website and social media archiving, all electronic communications with customers, including email, website content and social media interactions, are successfully captured in as close to the original format as it looked on a particular day. Our effective, turnkey solution is ISO9001 and ISO27001-certified and gives you complete control over your archives.