The second iteration of the European Union’s (EU) Markets in Financial Instruments Directive, aka MIFID II, continues to be one of the most talked about regulations in the financial services sector. Its impacts are far reaching, both in terms of the macro structure of the overall financial markets and the internal functional areas within the financial institutions themselves.
The deadline for MiFID II compliance has already been put back a year to January 2018 in response to concerns about the complexity of implementation. While the new deadline is more than a year away, many banks and asset managers are still worried. Their concerns can be primarily divided into two parts:
Like many regulations before it, the foundation of MiFID II is data. Yet unlike many of its predecessors, MiFID II requires firms to understand their data, conduct analysis on it and to be able to report it, or make decisions based upon it. The requirements for data are not limited to a specific part of the rules but are spread out across various articles and sub-articles within the regulation. As with many other data regulations, the data requirements can be categorised under completeness, timeliness and accuracy.
Completeness: In terms of completeness, MiFID II asks for more data objects and more data points than its predecessors. For trade and transaction reporting examples include quotes, orders and transactions, and data points are the number of fields within them. For example, MiFID II requires 50 more fields to be filled out for transaction reporting than were required for MiFID I. Yet that’s not all. MiFID II regulations also require firms to understand their execution-related data, trade data, and product and client reference data – and based on certain criteria, either publicise this to clients or send it to the regulators.
Accuracy: One of the main aims of MiFID II when it comes to market structure, clearing obligations, algo trading and transparency is to bring standardisation to the market place. Standardisation makes it easier to compare one firm with another, to identify the laggards and measure accuracy. The reference data requirements – for counterparties to have Legal Entity Identifiers (LEI), products to have International Securities Identification Numbers (ISIN) and individuals to have national identifiers – are already proving onerous and have far-reaching data privacy issues for non-EU participants.
Timeliness: Requirements such as ‘as soon as technologically possible’ and ‘near real-time’ have become the norm for regulatory compliance since the credit crunch. MiFID II requires near real-time reporting for all trades conducted at a trading venue, as well as for all transactions to be reported to their National Competent Authority (NCA) no later than one day post-transaction, or T+1. Complaints must also be responded to without any unnecessary delay.
Almost every area of the MiFID II regulation has various levels of uncertainty, although the areas of best execution, systematic internaliser regime, extra territoriality and data protection are more unclear than others. Parts of these issues relate to the amount of data that MiFID II requires, while the remainder stems from the nature of the directive itself.
MiFID II grew out of MiFID I, which replaced the Investment Services Directive (ISD) in November 2007 and was primarily an equities market directive. As a result, equity-related terminology such as quotes, orders and executions have confused issues for the non-equities community. Having partially overcome that challenge, the industry is now trying to figure out the relevance of several rules. For example, the non-equities over-the-counter (OTC) market, which MIFID II aims to regulate, has a different business model from the equities market. The products involved are significantly more complex and the market structure is bilateral in nature. As a result, the data to conduct the required analysis is not readily available.
MiFID I introduced the systematic internaliser (SI) regime, which categorised an SI as “an investment firm which on an organised, frequent and systemic basis, deals on own account by executing client orders outside a regulated market on a multilateral trading facility (MTF). In November 2016, the European Securities and Markets Authority (ESMA) extended the deadline by which investment firms must undertake their first assessment of – and where appropriate comply with – the SI regime from January 1 2018 to September 1 2018 because the data required to decide on SI won’t be available in time.
To get an idea of how much uncertainty exists in the industry, in the past two months alone ESMA has published up to 10 documents to either answer the questions from industry participants or to provide further clarifications in the form of consultation papers, final reports or Q&A.
MiFID II impact
Some of the key impacts to business models will come from changes to market structure, trading and clearing obligations, product governance and investor protections. The harmonisation of market structures into trading venues will lead to the migration of execution services from dealers to third-party venues and the separation of research from execution, will lead to the creation of stand-alone research facilities.
MiFID II focuses on product suitability and as a result, requires better client analytics. These changes to business models may have unintended consequences that regulators or governments have not prepared for.
A key aspect of MiFID II is to strengthen the compliance function. Corporate governance is not only an issue for senior management, but also for compliance, which provides advice before the remuneration policies are approved and is required to utilise a risk-based approach for establishing monitoring programmes.
Firms are expected to establish and maintain a complaints policy, which should analyse the complaints data to identify and address any issues. Along with compliance, the product governance process has been expanded to encompass the whole product lifecycle and carry out various suitability and appropriateness tests. These changes to the internal processes should ideally reflect a change in conduct and culture, but the pace of the changes may difficult.
MiFID II will impact the IT infrastructure of all its member firms from front-to-back. In the front end, buy-side firms will need to build new execution management systems alongside existing order management systems. Under record-keeping requirements in article 16(7), investment firms will need to keep the records of telephone conversations or electronic communications if a transaction was intended to – or actually did – take place.
The firms providing best execution will need to build infrastructure in the front-office technology stock to ensure they have taken ‘all sufficient steps’ to comply. At the back end, golden data sources should be enriched with LEIs and ISINs for over-the-counter (OTC) products and identifiers for individuals. High-frequency trading firms will need to provide time stamps which are accurate up to micro seconds. The above examples simply reflect what is expected to be a significant technology uplift in what are already very cost-conscious technology organisations.
Without doubt there will be implementation challenges that will be difficult to overcome. The regulators expect better data quality and now regularly penalise firms that don’t comply. One firm is reported to have been fined every year since MiFID I went live over nine years ago. Given that MiFID II is considerably more complex and impacts many more products and firms, it is likely that more fines will be issued once it comes into force.
The question is whether there is a value in giving more time to industry so that they can better adjust to life post-MiFID II? Will the implementation create a division between big and small firms or would it actually standardise the market and create more transparency for investors? The expectation of the regulators is that it will do the latter, but the only sure thing is that it will change the financial markets as we know them today.
Regulation technology is fast gaining currency by transforming how financial institutions can tackle compliance in a swift, comprehensive and less expensive manner.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.
Despite all the automation and improvements that digital banking has the potential to achieve, customers and their needs still form the very core of the banking sector.