Why do businesses fail to comply with MiFID II?

The EU’s Markets in Financial Instruments Directive (MiFID II) is a complicated piece of legislation. Still, no business can afford to get it wrong.

As the name suggest, MiFID II is an updated piece of legislation. The original directive came into force in 2007. The aim of the directive was to harmonize the regulatory framework protecting investors across the bloc. It aimed to do this by boosting the transparency of financial markets. MiFID also outlined conduct standards for financial firms.

However, just like the Payments Services Directive and other pieces of legislation, it desperately needed an overhaul after the 2008 recession. EU lawmakers set out to fix it. The updated version snapped into action in January 2018. “MiFID II extended the MiFID requirements in a number of areas,” says Andreas Savoullis, regulatory analyst at MAP FinTech, the RegTech company focusing on ensuring compliant reporting.

The updated legislation put even more emphasis on protecting investors. For instance, Savoullis tells RegTech Analyst that firms must now take all “sufficient steps” rather than all “reasonable steps” when executing client orders, raising the bar for compliance.

That is not the only difference from the original MiFID. “A noteworthy change introduced by MiFID II is the expanded scope of the transaction reporting regime,” Savoullis explains. “This updated regulation now captures financial instruments traded on all types of EU trading venues as well as financial instruments such as OTC derivatives, where the underlying is either a financial instrument traded on a trading venue or an index or basket composed of financial instruments traded on a trading venue.”

If that sounds difficult to wrap your head around, then rest assure you are not the only one. Back in 2018, the non-profit think tank the RegTech Council estimated that regulators dedicated 30,000 pages and 1.5 million paragraphs to understand MiFID II’s rules. This exercise cost the financial services industry roughly €2.5bn.

Understandably then, many businesses get a lot of things wrong when it comes to MiFID II compliance. “Transaction reporting is an area in which many companies frequently get things wrong,” says Savoullis. “This is because transaction reporting is not a mere tick box exercise as many market participants tend to think.”

He explains that not only do they have to report every financial instrument and transaction accurately with the right details and with accurate data, but businesses are also required to avoid over-reporting or duplicating reports. Moreover, companies must also ensure security and confidentiality of the data reported to be compliant.

Another challenging area is complying with the best execution requirements. “MiFID II has set a higher bar for compliance in this area,” he continues. “Firms should be able to demonstrate how the best execution factors have been taken into account and why these can be considered sufficient. This involves [putting] in place tools to monitor execution against pre-defined quality parameters that cover all order types and clients and a process that ensures price continuity and execution continuity.”

And here is where another risk may sneak in. “Manual processes entail a significant risk of failure and are prone to errors, hence why firms should always consider automating the monitoring of bulk amount of data,” Savoullis explains. “Moreover, reporting the quality of a firm’s best execution arrangements is also challenging given the substantial amount of data firms process. Some firms tend to manually perform this exercise, leading to errors in the data output.”

Moreover, Savoullis explains that firms frequently face issues with documenting the required product governance information when they are manufacturing or distributing financial products. “MiFID II’s marketing and product governance requirements contain a lot of details that firms should consider at the inception stage of any new product or marketing campaign,” the MAP FinTech specialist says. “These new requirements also affect their review of the target market assessments and their ability to ensure that these remain accurate with regards to the manufactured or distributed products.”

“The risk of failure increases when dealing with large amounts of data and detailed technical requirements,” he says. “This is why it is important for businesses to have the right systems and arrangements in place to enable them to automatically report the relevant transactions, ensure security, confidentiality and continuity, detect failures and carry out the necessary reconciliations.”

Fortunately for innovative people in the RegTech industry, this means that there is a great opportunity to cash in on the legal complications of MiFID II. “Regulations and the solutions required to comply with them evolve,” Savoullis suggests. “Firms are now turning to RegTech solutions that leverage software and automation to close compliance gaps and address these new regulatory challenges. RegTech can help companies get ahead of these requirements before their deadlines, detect enterprise risk before the regulators do, and ultimately save them money on the overall costs of compliance.”

Indeed, compliance management RegTech companies received between 14.8% and 20.1% of the industry’s investments between 2014 and the first half of 2019, according to RegTech Analyst’s research. “Having that in mind, RegTech companies have enjoyed a big boost, especially during the last few years following the announcement of MiFID II,” Savoullis says. “Those companies that remain innovative and adaptive to the new regulations and requirements will continue to grow.”

RegTech companies helping businesses comply with know your customer solutions and anti-money laundering laws have attracted the biggest chunks of the sector’s investments, but they are not the only ones. RegTech Analyst’s research suggests that solution providers solving compliance woes concerning MiFID II, the updated Payments Services Directive (PSD2), Basel II and the General Data Protection Regulation (GDPR) also took home a significant chunk of the money since 2014.

Speaking of PSD2, this piece of legislation has proven to offer some opportunities lately. Parts of the revised regulation came into force in 2016. The final piece was scheduled to be implemented on September 14. This last part requires financial institutions to double down on their efforts to ensure people paying electronically were who they said they were.

This push is called strong customer authentication, or SCA. It would require customers to prove who they are by something they have like a credit card, something they know like a PIN and something that they are. Mostly, that last piece would refer to fingerprints. However, as RegTech Analyst discovered, that could also include some left field methods to comply with SCA, like recognizing someone’s veins and even their heart rate.

The financial institutions were tasked to set up these processes. This significant change in payment structures caused a lot of worries. Some feared they would lose money as a consequence of not being prepared for the deadline.  Companies like Tink also called for the relevant authorities in the EU’s member states to postpone the implementation of SCA. Some, like the British Financial Conduct Authority, listened.

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.