Hurtling towards the finish line of MiFID II
The upcoming implementation of the second iteration of the Markets in Financial Instruments Directive (MiFID II) is without doubt one of the most talked-about topics in the finance industry this year. So much so that for some firms the issue of making operational changes to prepare for the looming January 3 deadline has become more of a burden than the imminent departure of Britain from the European Union.
For sell-side firms, the significantly expanded market transparency and transaction reporting requirements under MiFID II are among the biggest challenges. MiFID II introduces an obligation to report a much broader set of financial instruments, in addition to an increase in the number of reporting fields from 26 to 65 to capture data such as natural person identifiers. This is done with a view to enabling National Competent Authorities (NCAs) to conduct market surveillance and to monitor the fair and orderly functioning of markets and the activities of investment firms, as well as to detect and investigate potential cases of market abuse.
Firms who are subject to the MiFID II reporting requirements can choose to either file their reports directly or through an Approved Reporting Mechanism (ARM). The concept of ARMs was first introduced in the UK in 2000 as part of the Financial Services and Markets Act, but has now been extended to the rest of the European Union (EU), with ARMs acting as the MiFID II equivalent of trade repositories under the European Markets Infrastructure Regulation (EMIR). But while industry participants have been preparing for next year at full speed, concerns have been raised by the regulators, namely the Financial Conduct Authority (FCA), that a large number of firms have yet to make a decision over their choice of ARM providers. With less than five months left to prepare, this raises concerns as it may mean that firms falling under the MiFID II mandate believe they will simply be able to hand over their transactions to the ARM for onward reporting.
The reality is that even a relatively small broker will still have to fully understand the different trading strategies it employs and then determine how to accurately report their transactions, and where to obtain the static data required for enrichment. ARMs will become regulated entities under MiFID II, which means some of the burden for the accuracy and timeliness of the data that is reported will fall on them, but it would be wrong to assume that the chosen ARM will carry out all of this data enrichment on the reporting firm’s behalf.
Another important aspect of MiFID II that a large number of market participants are failing to take into account is its extraterritorial reach. Regardless of where a firm is based, if it is trading any European security, be that equities, bonds or their derivatives, it will be directly affected by the regulation and hence will be required to report those transactions to an ARM. For example, a Cayman Islands-based investment firm trading a European corporate bond will have to report that transaction.
Tied to the transaction reporting requirements is the stipulation of ‘No LEI, no trade’ whereby all firms trading any European security must obtain a legal entity identifier; have the requisite processes in place to store them, report them, map them to other internal reference data and ensure they are renewed on an ongoing basis. ESMA has reaffirmed that this requirement will not be withdrawn ahead of the January deadline. Firms must therefore ensure they are fully cognisant of the requirements and that they understand their role in transaction reporting and obtaining LEIs, particularly for EU firms trading with non-EU clients who may need to be assisted in obtaining an LEI. Furthermore, global authorities, such as the Global LEI Foundation (GLEIF), are bracing for a surge in LEI registrations at year-end, cautioning that any delay to register could disrupt trading as the MiFID II implementation date approaches.
Additionally, for retail brokers, with fewer resources to commit to the upgrading of their middle and back office technology, the upcoming deadline signifies a potentially mammoth task of obtaining the relevant personal data and national identifiers from their retail clients.
While some elements of MiFID II will only be clarified before the end of 2017, firms can already determine with certainty how the largest part of MiFID II and its accompanying regulation MiFIR will apply to their processes such as transaction reporting. The most important thing for firms to do now is to fully understand how that large part of the regulation specifically applies to their business and implement the requisite processes to manage that change as soon as possible. This would enable them to respond to the remaining requirements that are yet to be clarified in a timely manner.
Firms should also try to see the bigger regulatory picture when putting mechanisms in place to meet the stringent data requirements of MiFID II. In May 2018, the General Data Protection Regulation (GDPR) will replace the current data protection directive, mandating much stricter controls of personal data encryption on internal as well as external transfers of such data. Bearing in mind the amount of personal data that firms will be required to collect under MiFID II, they would do well to ensure the storage of this data is fully compliant with the upcoming GDPR requirements. Failure to do this means that firms run the risk of playing constant catch-up from one deadline to another, whilst creating additional workload, and ultimately falling foul of regulators’ efforts to increase transparency and reduce risk in financial markets.