Matthew Bryars, founder and CEO of Aeriandi
In less than a year, a set of radical reforms designed to prevent history from repeating itself will come into force within the European Union (EU).
The Markets in Financial Instruments Directive (MiFID) will regulate firms that provide services to clients linked to ‘financial instruments’, from shares to bonds and units. First introduced as a response to the 2008 financial crisis, MiFID II will govern everything from derivative trading, to reducing volatility and policing potential conflicts of interest among financial advisers.
MiFID II will bring significant changes to regulatory oversight of financial services. The reforms necessary to meet the new requirements will not come cheap. A recent report by IHS Markit and Expand, ‘Counting the cost of MiFID II’, estimated the preparatory cost to the financial services industry to be more than $2 billion in 2017.
The compliance combo
The looming legislation is currently a concern for two groups within City financial institutions – those responsible for the firm’s technology and those responsible for managing the company’s compliance and mitigating risk. But who would you assume is more prepared? The answer may surprise you.
Achieving compliance will not happen overnight. Indeed, MiFID II is widely considered to be one of the most sprawling pieces of financial legislation ever devised, and thus it presents numerous challenges.One of which being that recording calls will become mandatory for all areas of financial advice.
Asset managers, independent financial advisors (IFAs) and payments administrators will all be impacted, as will conversations on both landlines and mobiles. MiFID II has several record keeping aspects. Anyone making a call where they recommend products or aim to make a transaction must record that call then store that recording securely for between five and seven years.
When you consider GDPR (the EU’s General Data Protection Regulation), which will also come into effect in 2018, the year is shaping up to be an impending headache for financial services firms. Under GDPR, we all have a‘right to be forgotten’ or a right to erasure of all personal information held on us by a particular company. This places a duty on companies to be able to quickly access and delete the information they hold on specific individuals, on request.
Is preparation afoot?
Aeriandi commissioned a study looking athow preparations and understanding of MiFID II legislation is shaping up. Carried out in January 2017, the research shows that managers and decision makers within these institutions have little understanding of the severity of potential penalties and are struggling to apply the legislation to their businesses. Comparing the responses of IT professionals and those responsible for managing Risk & Compliance within a business shows, perhaps suprisingly, that IT teams have a better overall understanding of the consequences of non-compliance.
62 per cent of Risk & Compliance managers admitted to not knowing a company can be fined up to five million euros or 10 per cent of annual turnover, compared to only 42 per cent of IT managers and decision makers.
A countdown to compliance
It would appear however, that a countdown to compliance has begun. Organisations are now starting to invest time and money in preparations. 30 per cent of respondents say that budget has been allocated this year to help with preparations, and more than a third (36%) report that policy and procedure have now been developed.
Before MiFID II was announced, few financial institutions had the infrastructure in place to meet the new requirements. Many are still working on how best to achieve compliance and are looking to third party solutions to increase their call recording and archiving capabilities. With such widespread implications, companies should already understand the key areas of impact on their business and be planning the necessary changes. Many companies will need to procure and roll out a new set of tools and supporting processes to achieve compliance.
It seems that for many though, preparations are still at a very early stage. While IT teams appear to be more aware of the impending headache, ultimately both compliance and IT teams have their work cut out for them.