By Marlon Arthur, Client Relationship Manager, Alpha Insight
The new requirements under MiFID II threaten yet another set of regulations that banks will probably feel they have to answer with more technology.
Just as they are coming to terms with the demands of the Basel Committee on Banking Supervision, here come yet more highly-detailed reporting requirements that have to be built into the risk and control processes of banks and investment firms.
Faced with this tough new set of demands, institutions may all too easily fall into the trap of installing yet more technology on top of an already complex system built up over time to serve other purposes and functions.
Yet with little more than a year left until MiFID II is in force, it is now imperative that banks turn their attention to achieving control over the processes by which they will achieve compliance and the mechanisms that will enable them to mitigate the risks of failure effectively.
Devised by the European Commission and scheduled to come into force in January 2017, the broad range of complex provisions collectively known as MiFID II will further extend the original MiFID of 2007.
The aim is to increase protection for investors, harmonise regulation across the EU, boost competition in financial markets and give enhanced supervisory powers to regulators.
Reporting will be fundamental to the achievement of these aims, through insistence on greater levels of transparency.
The basic obligation is for investment firms executing transactions to report to their national regulator, which in the UK is the FCA, “as quickly as possible” and no later than the close of the following working day.
A transaction, as proposed in the draft regulation, covers the acquisition, disposal or modification of a reportable financial instrument, but excludes certain activities such as stock-lending. The new reporting regime will be extended from preand post-trade requirements, for example, to non-equity and equity-like products.
In both of these cases, MiFID II will impose a requirement for transaction reports at a greater level of detail, requesting the identity of the trader or the algorithm responsible for executing the trade and any client on whose behalf it was made.
MiFID II will also require eligible over-the-counter (OTC) derivative contracts to be subject to transaction reporting, along with commodity derivatives. Reports on the latter will be made to trading venues, which will conduct all necessary monitoring and enforce position limits, as and when required.
Firms may file reports either directly or through an “Approved Reporting Mechanism” or through the trading venue they have used for the transaction.
Overall, the reporting likely to be demanded of institutions under MiFID II will be dramatically widened in scope, with the number of data fields required going up from 23 under MiFID I to more than 80 under MiFID II. Furthermore, only 13 of the MiFID I fields survive without amendment.
Alongside a much greater number of fields, firms will also have to take greater pains about identification. Each client will have to be identified under a standardised format. The detail required even runs down to the ID or passport numbers for traders making investment decisions and executing transactions.
Accuracy in reporting is going to be essential. The FCA, for example, has already stated it is concerned about over-reporting.
The upshot is that banks and investment firms will have to demonstrate that they took action to correct errors, if for instance, they have been relying on the analysis of a limited sample of reports from their counterparties.
Each bank will need to adopt its own approach to risk, control and compliance, since each institution has a subtly different set of operations and supporting systems. Purchasing an off-the-shelf solution is unlikely to yield the responsiveness required, simply adding another complicated layer.
Instead, each investment firm or bank needs to establish a key set of KPIs and embed them into its everyday processes.
By taking the right approach to this process, they can avoid three pitfalls that are likely to open up as we enter the uncharted waters of MiFID II.
Firstly, although banks obviously need metrics for compliance purposes, they should avoid defining metrics that are outside their normal operational processes. Defining KPIs simply to address the regulation will result in extra complications that achieve little or nothing.
Secondly, firms must not treat MiFID II monitoring as an activity that must be kept separate from other management activities. For example many risk metrics rely on data in files. Missing or late files could result in unreliable risk assessments, which in turn could understate or overstate the level of exposure.
If organisations approach compliance monitoring and measurement in the round in this way, they can use the same set of metrics, monitoring and measurement solutions and metric performance data not only to measure compliance but also to proactively identify potential process-breaks or IT failures that could result in inaccurate risk reports and potentially, non-compliance and fines. Early warning signs of potential breaks or failures could trigger actions to remediate the situation prior to the problem becoming critical and affecting compliance.
This level of highly effective prevention requires considerable expertise in flow monitoring so that deep understanding of what is required is combined with smart thinking to shape the KPIs that determine compliance with MiFID II reporting.
If investment firms succeed in making these KPIs precise, sensible and measurable, they can put themselves in control of compliance. The triggering of early-warning alerts gives them the capacity to step in immediately to prevent process breaks. This puts the firm on the front foot, rather than relying on retrospective red-light compliance indicators.
While it is true that banks often have numerous monitoring and control systems, faced with MiFID II, their response should not be the procurement of further applications and tools that do yet more monitoring. That way they can avoid the third likely pitfall, which is wasting budget.
Rather than unnecessarily procuring additional solutions to monitor and measure the admittedly rather challenging requirements of MiFID II, banks should capitalise on the IT monitoring solutions they have already invested in.
By combining expertise in investment and banking sector flow monitoring with risk controls embedded within the key processes so as to capitalise on existing IT monitoring tools, meaningful real-time insights can instantly become available without the need to make additional investments.