[ESMA 35-43-349 MiFID II Q&As ion Investor protection Ch. 3, question 6]

MIFID II, and its implementing measures, do not require the establishment of another control function on top of those already provided for by MIFID I: compliance function, risk management function and, where appropriate, internal audit function. Firms are reminded of their requirements under Article 9(3) of MiFID II and Article 76(2) of the MiFID II Delegated Regulation.  

Therefore, while not being necessarily another specific control function, the periodic monitoring of the records of relevant telephone conversations and electronic communications is an essential piece of the overall compliance and monitoring system a firm has to implement through governance arrangements.