A study of IT managers, decision makers and risk and compliance managers within UK financial services businesses, has revealed a lack of preparation and understanding of the requirements of MiFID II legislation due to come into force in January 2018.
The study, carried out in January 2017 for voice security services company Aeriandi, shows managers and decision makers within these institutions have little understanding of the severity of potential penalties and are struggling to apply the legislation to their businesses.
Findings
Almost three quarters (73%) of risk and compliance managers in the financial sector admit they’re not aware of penalties of up to 5 million euros or 10% of annual turnover vs only 58% of IT managers and decision makers.
>See also: What Brexit and Trump mean for compliance
On top of this, 17% of risk and compliance managers are unaware a company could receive a cease and desist order for non-compliance.
Almost a quarter of those surveyed (22%) said that, although they feel they understand the MiFID II legislation, they are not sure how it applies to their organisation.
Over a quarter (29%) do not yet have the technology or the infrastructure needed in place for compliance, while only 10% are currently communicating with partners and suppliers about their preparations for compliance with MiFID II.
The study highlights a concerning gap between general awareness and understanding of the legislation and an understanding of the practical detail, knowledge and planning that is needed to prepare for compliance.
Understanding of the legislation peaks in firms with 50,001 – 100,000 employees, with 88% saying they are totally confident in their understanding of the legislation.
It then falls sharply to 67% in organisations with 100,001 – 150,000 employees, and again to 65% in companies with 150,001+ employees.
>See also: MiFID II will change businesses call recording policies
When comparing the responses of IT professionals and those responsible for managing risk and compliance within a business, IT teams have a better overall understanding of the consequences of non-compliance.
It would appear, however, that a countdown to compliance has begun and organisations are now starting to invest time and money in preparations, with 30% of respondents saying that budget has been allocated this year to help with preparations, and over a third (36%) report that policy and procedure have now been developed.
Matt Bryars, co-founder and CEO at Aeriandi, commented: “There appears to be a real lack of detailed knowledge around MiFID II in UK financial services organisations. With less than a year to go until penalties for non-compliance will kick in, you’d hope that those responsible for delivering compliance – the IT and risk & compliance teams – would have this nailed. However, for many, preparations are still at a very early stage.”
>See also: Financial services and the great cloud conundrum
“Organisations must understand the key areas of impact on their business and start to plan for change. For example, call recording requirements under MiFID II will become mandatory for all areas of financial advice. So anyone making a call in which they recommend products or aim to make a transaction will have to record that call – and then keep that recording secure for five years.”
“Ultimately compliance and IT teams will have their work cut out for them They’ll need to carry out a detailed risk analysis, mapping out the required processes and procedures required under MiFID II, and then determine task by task if their existing solutions will be adequate or if the organisation finds it needs to procure and roll out a new set of tools and supporting processes.”