Just as banks get to grip with the demands of the Basel Committee on Banking Supervision (BCBS), along comes another set of regulations in the substantial shape of the Markets in Financial Instruments Directive (MiFID II).
Devised by the European Commission and originally scheduled to come into force next January – but now delayed until January 2018 – these complex provisions will further extend the original MiFID of 2007 vintage, aiming to harmonise regulation and increase investor protection.
The response of most institutions will be to install an expensive off-the-shelf solution in their risk and control processes, laying it on top of a complicated system built up over time to fulfil other functions.
Before reaching for such expensive and unsuitable technology, all institutions that fall under the scope of MiFID II should first turn their attention to two important questions. The first is how they will achieve control over the processes by which they will accomplish compliance, while the second comprises the mechanisms that enable them to mitigate the risks of failure effectively.
Meeting the challenges
The new requirements will be onerous. Investment firms in the UK must report transactions to the Financial Conduct Authority (FCA) “as quickly as possible” and no later than the close of the following working day. Not only that, the reports need to be in much greater detail than currently required, filed either directly, through an “approved reporting mechanism” or through the trading venue they have used for the transaction.
As well as providing a greater amount of data, firms must also take greater pains about identifying clients and those responsible for the trades, since there will be very heavy emphasis on accuracy and transparency.
Since institutions are different in their systems and the way they operate, off-the-shelf solutions will never meet these considerable challenges. A one-size solution of this type is unlikely to yield the responsiveness required, allowing the financial institution to develop an approach that fits in with what it does. Instead it will simply be adding a further complicated layer of technology.
Instead, each investment firm or bank needs to establish a key set of key performance indicators (KPIs) and embed them into its everyday processes. It is important to avoid defining metrics outside normal processes as this causes excessive complexity and achieves little.
Indeed, MiFID II monitoring should not be kept separate from other management activities so that exposure is not under- or overstated.
If organisations follow this approach, they can use the same set of metrics, monitoring and measurement solutions and metric performance data not only to measure compliance but also to spot potential process-breaks or IT failures that could result in inaccurate risk reports, non-compliance and fines.
Early warning signs enable a problem to be resolved before it becomes critical and affects compliance.
Achieving this level of protection requires expertise in flow monitoring to shape the KPIs that determine compliance with MiFID II reporting.
If investment firms succeed in making these KPIs precise, sensible and measurable, they can put themselves in control of compliance. The triggering of early-warning alerts gives them the capacity to step in immediately to prevent process-breaks.
When they are facing MiFID II, banks do not need to waste budget procuring further applications and tools that do yet more monitoring on top of the numerous systems they already have. Instead, they should capitalise on the IT monitoring solutions in which they have already invested.
By combining expertise in investment and banking sector flow monitoring with risk controls embedded within the key processes, they can capitalise on existing IT monitoring tools. Meaningful real-time insights can instantly become available without the need to make additional raids on the budget.
It makes complying with MiFID II an entirely positive and beneficial experience, rather than one that is costly, complicated and liable to fall off the shelf at any time.
The UK’s Prompt Payment Code will have a significant impact on the relationship between large businesses and their suppliers. What does the Code mean for your business? And how can you navigate this change effectively?
When it comes to the relationship between Europe and Britain – uniformity isn’t a word that currently springs to mind. And that’s not just a reference to Brexit. Whilst the Europe and Britain do find themselves in the midst of a political break-up – their monetary policies are also showing signs of divergence.
Europe’s introduction of the General Data Protection Regulation (GDPR) next May will have implications for businesses around the world and US corporates should start getting ready if they haven’t already done so.
The recent NotPetya cyberattack underlined the need for organisations to address their exposure and how to mitigate the risk.