MiFID II is one of several financial industry directives being implemented across Europe at the moment, and all are designed to improve the fairness and transparency of the financial services industry – January 2017 might seem a way off, but it is closer than you think. Setting aside whether or not you agree with the specific measures these directives create opportunities and challenges for the IT departments of every financial services organisation.
One of the key benefits for organisations will be the freedom to embrace technologies that in the past have simply been off limits because governance could not be enforced across the assets.
New technology will ultimately improve the efficiency of financial services operations, but the new MiFID II directive will also require a great deal of automation to produce the data and reporting that then has to be stored in specific locations. Furthermore, systems must be able to identify when people are accessing inappropriate information or services, and when they are communicating with individuals or groups that they should not. Doing this in a passive way through policy rules may have been acceptable in the past, MiFID II requires that this be much more actively monitored.
The new freedoms afforded by mobile technology does come at a cost for financial institutions, but it should be one greatly outweighed by the benefits if implemented correctly. Suddenly traders will be using a range of devices, from any location, to conduct their business. That means that the business has to be prepared in terms of technology, people and processes so that nothing slips through the gaps.
This means every aspect of IT from provisioning for new employees or devices, right through to when staff leave or hardware is decommissioned needs to be very closely controlled and documented.
Under MiFID II, institutions will also be required to store communications telephone and electronic communications for a minimum of five years and some authorities can enforce as long as seven. In older trading environments where staff where at fixed desks it was easier to do this, but MiFID II is covering technological changes and broader changes in the trading environment that have taken place since 2007. For this reason, the capture and storage of these messages is harder. Staff acting on behalf of investors could be using instant messenger, e-mail, telephone, mobile, video conference, or social media sites such as Twitter to communicate, from virtually any location over Ethernet, broadband or 4G. Broadly communications covering reception of transmission of orders; execution of orders for clients; and any own account related work must be recorded. It doesn’t matter whether the communications resulted in the closure of an agreement, if they were intended to move towards that goal, then they must be recorded. Not only must they be recorded but this must be done in a structured way where the information can be quickly queried and retrieved if concerns are raised about compliance or specific trading activities.
At the time of writing MiFID II is 17 months away, which may seem a long time, but as discussed there are number of major areas of the directive that impact the IT department, its technology and processes. The key to success with MiFID II will be a full assessment of the risks, but it is important to understand that this has to be in the context of other directives such as Basel 3 and EMIR – the relationship between all pending directives has to be considered.
If you outsource any of your IT, then you need to set up a working group capable of assessing the technology and process requirements for full compliance in January 2017. For some, a partner outside that group of suppliers might be the right way to fully audit and manage the introduction of new processes and technology. Either way that risk assessment is simply the first of many steps. It may seem a long way off but any business that thinks it can rush MiFID II is setting itself up for a serious fines and a reputational fall under the gaze of regulators. In an industry that is only just moving out from under the cloud of recent years, that is a risk none can afford.