There are those, within the City’s financial institutions, responsible for the firm’s technology. Then, there are those responsible for managing the company’s compliance and mitigating risk. So, who would you think would be more prepared for the impending regulation MiFID II? The answer might not be quite as you’d assume.
Markets in Financial Instruments Directive (MiFID) is the EU legislation that regulates firms who provide services to clients linked to ‘financial instruments’ e.g. shares, bonds and units. First introduced by the EU in response to the 2008 financial crisis, MiFID II is a set of radical reforms designed to prevent history from repeating itself.
The new legislation governs everything from where and how derivatives can be traded, to measures for reducing volatility and policing potential conflicts of interest among financial advisers.
>See also: GDPR compliance: what organisations need to know
Achieving compliance will not happen overnight. Indeed, MiFID II is widely considered to be one of the most sprawling pieces of financial legislation ever devised, and thus it presents numerous challenges. One of which being that recording calls will become mandatory for all areas of financial advice.
Conversations between the likes of wealth managers or independent financial advisors and their clients will now all fall under this scope. So, anyone making a call in which they recommend products or aim to make a transaction must record that call then store that recording securely for between five and seven years.
Then, if you add GDPR (the EU’s General Data Protection Regulation), coming into effect in May 2018, into the equation, 2018 is shaping up to be a regulatory nightmare for financial services firms. Under GDPR, we all have a‘ right to be forgotten’ or a right to erasure of all personal information held on us by a particular company. This places a duty on companies to be able to quickly access and delete the information they hold on specific individuals, on request.
So, potentially, a regulatory nightmare. That’s why I decided to commission a study looking at how preparations and understanding of the requirements of MiFID II legislation were shaping up.
The study, carried out in January 2017 shows that managers and decision makers within these institutions have little understanding of the severity of potential penalties and are struggling to apply the legislation to their businesses.
>See also: Collaboration between banks and fintechs is key to survival
However, comparing the responses of IT professionals and those responsible for managing Risk & Compliance within a business shows IT teams have a better overall understanding of the consequences of non-compliance. 62% of risk and compliance managers admitted to not knowing a company can be fined up to five million euros or 10 per cent of annual turnover, compared to only 42% of IT managers and decision makers.
It would appear however, that a countdown to compliance has begun. Organisations are now starting to invest time and money in preparations. 30% of respondents say that budget has been allocated this year to help with preparations, and more than a third (36%) report that policy and procedure have now been developed.
Before MiFID II was announced, few financial institutions had the infrastructure in place to meet the new requirements. Many are still working on how best to achieve compliance and are looking to third party solutions to increase their call recording and archiving capabilities.
>See also: Cyber breaches cost PLCs ‘1.8% of company value’
So, back to the original question… ‘who would you think would be more prepared for the impending regulation MiFID II?’. With under a year to comply, you would hope that it would be those with responsibility for delivering compliance and managing risk. Wouldn’t you?
However, it would seem not and once again, the IT team leads the charge. It’s time for the risk and compliance crew to roll up their sleeves and conduct the detailed risk analysis mapping. Then, they need to work with the rest of the business to develop the processes and procedures for MiFID II compliance.
Sourced by Matthew Bryars, founder and CEO of Aeriandi