FCA SYSC 10A · MiFID II · Mobile call recording

FCA-aligned mobile call recording, captured at network level

For FCA-regulated firms, investment managers, brokers, advisers, insurers, that need to record regulated calls on mobile. ONSIM captures every inbound and outbound call at the network level, not via an app. There's nothing for users to enable, nothing to forget, and nothing to lose if the device breaks.

Aligned with FCA SYSC 10A.1 record-keeping requirements and MiFID II Article 16(7) for in-scope investment communications.

The compliance problem with mobile call recording

SYSC 10A.1 doesn't distinguish between landline and mobile calls, if a regulated activity is conducted by phone, the call must be recorded. But traditional mobile recording solutions (apps installed on the device, "click to record" plugins, BYOD workarounds) all share the same compliance gap: they depend on the user doing something. App permissions lapse after OS updates. Users forget. Recordings sit on the device for hours before upload and can be lost if the device fails.

The FCA has flagged this in supervisory communications. Several enforcement actions in 2022-2024 specifically cited failures around recording communications conducted on personal mobile devices, including via messaging apps.

ONSIM addresses this by moving the recording up the stack, from the device to the mobile network itself. Every call placed or received on an ONSIM SIM/eSIM is captured automatically, regardless of whether the user knows or remembers.

How ONSIM maps to the rules

Regulatory requirementHow ONSIM addresses it
Recording obligation (SYSC 10A.1.6 / MiFID II Art. 16(7))Every inbound and outbound voice call and SMS recorded automatically at the network level. No user action required.
Retention (5 years SYSC, 7+ years MiFID II)Configurable retention up to 7+ years. Recordings stored in durable medium with metadata.
Durable medium and reproducibilityRecordings exportable via dashboard, API or SFTP push to your archive. Standard audio formats (WAV/MP3).
Tamper evidence / integrityRecording metadata (timestamps, calling/called numbers, duration, user) captured alongside audio. Storage is tamper-evident.
Access controls and audit logRole-based access via the ONSIM dashboard. Every retrieval logged for internal audit.
UK data residencyRecordings stored in the UK by default. Confirm specific data-residency requirements during quote.
Notice to participantsFirms remain responsible for informing call participants that the line is recorded, typically via the standard automated message at call start. ONSIM can configure this on the network.

Important: not legal or compliance advice

This page is product information. Whether your firm is in scope for SYSC 10A.1, MiFID II Article 16(7), or other recording obligations depends on your specific regulated activities, permissions and supervised business lines. Your compliance function and the FCA Handbook are the authoritative sources. ONSIM can help you implement the recording technology; we cannot tell you whether you need it.

Talk to sales about your specific scope

Tell us your regulated activities, how many users need recording, and your retention requirements. We'll quote a tailored deployment and walk you through how it maps to your compliance position.

Frequently Asked Questions

What FCA-regulated firms most often ask before deploying mobile call recording.

What does FCA call recording cover?

The FCA's Senior Management Arrangements, Systems and Controls (SYSC) sourcebook section 10A.1 requires firms to take all reasonable steps to record telephone conversations and electronic communications that relate to specified investment activities. The rule applies to mobile calls just as it does to landline calls. MiFID II Article 16(7) extends this with stricter requirements for investment firms dealing in financial instruments.

Does FCA call recording apply to mobile phones?

Yes. The FCA explicitly applies SYSC 10A.1 to "any telephone conversation", there is no carve-out for mobile. If a regulated activity is conducted on a mobile phone, the call must be recorded. This is why network-level mobile recording (rather than asking staff to install an app) matters for compliance: the firm can demonstrate every regulated call was captured, not just the ones staff remembered to record.

How long must FCA-relevant call recordings be retained?

SYSC 10A.1 generally requires retention of at least 5 years from the date of the recording. MiFID II Article 16(7) extends this to 7 years for certain investment communications (and longer if the FCA requests). Storage must be in a durable medium and reproducible on request. ONSIM retention is configurable to meet both standards.

Does ONSIM provide an audit trail?

Yes. Recording metadata (calling and called numbers, timestamps, duration, user ID) is captured alongside the audio and is tamper-evident. The full audit log can be exported for FCA inspection or internal compliance review.

Can recordings be exported to a regulated archive?

Yes. ONSIM integrates with mainstream compliance archive vendors via API, SFTP push, or S3. Specific integrations are scoped during the sales/onboarding conversation. Recordings export with full metadata in the format your archive expects.

How is this different from a recording app on the work phone?

App-based mobile recording has multiple failure modes that the FCA has called out in supervisory letters: the app needs to be installed and updated, permissions can lapse after OS updates, the user can choose not to start recording, and recordings sit on the device until uploaded, which means they can be lost. Network-level recording removes every one of those failure points. The firm has assurance that every regulated call was captured; the user has assurance they don't have to manage anything.

What about MiFID II Article 16(7) specifically?

MiFID II Article 16(7) requires investment firms to record telephone conversations and electronic communications relating to the reception, transmission and execution of orders, and dealing on own account. ONSIM Mobile Compliance Recording is designed for this scope: every in-scope call is captured automatically at the network level, retained for 7+ years, and retrievable on demand. Speak to sales for a tailored configuration for your specific MiFID II scope.

Are there any FCA rules ONSIM can't address through call recording alone?

Yes, call recording is one part of broader compliance. Firms also need policies around communications channels (e.g. preventing staff using non-recorded apps like WhatsApp for regulated communications, see FCA's 2022-2024 enforcement actions on this), training, monitoring, and breach reporting. ONSIM provides the recording infrastructure; your compliance team owns the policy framework. We can introduce you to compliance partners during the sales conversation if helpful.

How do regulated firms get started with ONSIM?

Request a quote at quote.onsim.uk or call +44 333 880 4008. Mention that you're an FCA-regulated firm, the sales team will scope SYSC 10A.1 / MiFID II requirements, retention period, archive integration, and any specific business-line carve-outs. Onboarding typically takes 10-20 working days for regulated deployments.

Does this advice constitute legal or compliance guidance?

No. This page is product information. Specific compliance interpretation for your firm should come from your in-house compliance team or external advisers, and ultimately from the FCA Handbook and relevant supervisory guidance. We can point at the rules and explain how the technical product maps to them, but firms remain responsible for their own compliance position.

Related