Navigating strict privacy regulations in a MiFID II world

Recent regulations have obliged financial services companies to provide greater visibility into their operations. The European Union’s Markets in Financial Instruments Directive II (MiFID II) and its UK sibling, the Markets Abuse Regulation (MAR), has encouraged the surveillance of all trading-related communications, both spoken and electronic (eComms), between employees, their clients and third parties.

However, the EU’s General Data Protection Regulation (GDPR), enforced in the UK under the Privacy and Electronic Communications Regulation (PECR) and Data Protection Act (DPA), threaten huge penalties for the misuse of personal data. The surveillance and storage of communications-linked data will be given another layer of regulation under the EU’s upcoming ePrivacy Regulation.

In this report, Mark McCord and Mike O’Hara of The Realization Group examine the seeming contradictions between these two sets of edicts. Along with Anish Kalraiya of Crédit Agricole CIB, Adam Clarke and Balavernie Sritharan of Deloitte, Paul Clulow-Phillips of Société Générale, Sam Tyfield from Shoosmiths and Shiran Weitzman of Shield they also discuss how compliance officers are dealing with this conundrum and consider emerging challenges to achieving compliance.

Shiran Weitzman 1 scaled e1621525003359
CEO of Shield Shiran Weitzman
Paul Clulow Phillips
Managing Director at Société Générale Paul Clulow-Phillips
Sam Tyfield
Partner at Shoosmiths Sam Tyfield
Anish Kalraiya
Director of Surveillance and Monitoring at Crédit Agricole CIB Anish Kalraiya
Balavernie Sritharan rotated
Technical Director at Deloitte Balavernie Sritharan
Adam Clarke
Director at Deloitte Adam Clarke
Menu