There is no doubt that myriad regulatory regimes are competing for your board’s attention for planning and budgetary discussions for the upcoming year. The 2017 and 2018 horizon is filled with key compliance challenges such as the Common Reporting Standard (CRS), European Market Infrastructure Regulation and Fundamental Review of Trading Book. Each of these regulations is complex and will demand a great deal of time and resources to achieve compliance within the strict deadlines imposed by the various regulatory bodies.
None is more pressing than the Markets in Financial Instruments Directive II (MiFID II). Just 12 months away, the European Securities and Markets Authority (ESMA) has set the date for go-live for 3 January 2018. Achieving all of the directives set out by MiFID II will be an intensive exercise. While the one-year delay granted by the regulator earlier in 2016 should have been a good opportunity to get projects under way, many companies chose to use that time to focus on other priorities. With so many different regimes in flight this is not surprising. Unfortunately, failure to commence projects or even perform a gap analysis to determine the impact of this regulation on resources, IT infrastructure or business models, will severely restrict time for research, development and testing windows.
The decision by the UK to leave the European Union will not halt the implementation of MiFID II. The Financial Conduct Authority (FCA) has advised UK companies to continue to work on implementation of the regulation. With many of the components already enshrined in UK post trading practices through MiFID I and other regulations, it makes sense for companies to continue their projects to ensure readiness.
MiFID II was a direct response to the global financial crisis as well as creating a regulation fit for purpose to counter the evolution of algorithmic and high frequency trading in recent years. MiFID II now seeks to encompass previously unregulated instruments, extend its reach to hitherto unregulated companies, reinforce the role of the local supervisory powers and ESMA, and safeguard investors by creating stricter requirements for portfolio management and investment advice. There are many facets to the regulation such as pre-trade monitoring, position limits, dealing commission, trade reconstruction and research costs, but few are going to be more difficult to implement than post-trade reporting. The requirements to combine trade data, buyer and seller personal information and millisecond time synchronisation alone is a technical nightmare for most financial services firms. Adding trade eligibility indicators, multiple reconciliations, data validations and a number of reporting variables to the mix significantly increases the delivery risks, never mind the difficulty in hitting the January 2018 target. In response, most CIOs will now find that they need to allocate a big portion of their 2017 budget to cover this chunky programme of work.
What are the challenges?
This is a regulation that is far reaching in scope and presents an enormous challenge for an industry that has notoriously complex data architecture built on multiple, disparate legacy systems and platforms. A recent spate of new management information systems have been designed to tackle the simple task of providing a layer of meaningful trade and risk reports. From a MiFID II perspective this will not suffice. The notion that trade reporting is simply a matter of collating trade data from front office systems at the end of each day and running them through a piece of business intelligence software is simply erroneous and dangerous. At a bare minimum, the regulator requires firms to validate, reconcile and combine both transactional and highly confidential personal data, as well as apply an intricate set of rules to determine which trades are eligible to be reported to the regulator and how these are to be presented.
Why is it important to get MiFID II right?
ESMA and the FCA have been very clear that they will start auditing firms shortly after the go-live date. Unlike audits under the previous regime, these will focus not only on what has been reported but will challenge your control frameworks for weaknesses. For anyone thinking that they can simply manipulate a data dump from their front office system without performing any validations or end-to-end reconciliations they must understand that over-reporting is not an option. According to the FCA, the ‘if in doubt, report’ (or over-reporting) philosophy will no longer be tolerated.
Building Quality Control
The January 2018 go-live date is fast approaching. With only 12 months to go, it is imperative that outstanding projects are commenced as soon as possible and that inflight projects are assessed to ensure that they meet the expected target dates. The requirement stipulated under RTS 22 calls for firms to demonstrate end-to-end control by no later than one day post trading (T+1). Undoubtedly, this will put extra pressure on projects to create processes that are highly transparent yet tightly controlled. This will rule out any of the usual ‘go to’ approaches, such as data warehousing or end user computing (EUCs) and enforces the view that there needs to be ample time for thorough testing of any solution.
So, what then is a good solution?
First, a quality control can only be established through automation. Manual processes are easily broken, either through negligence by individuals or a loss of institutional knowledge. Only by applying a systematic approach can you be sure that robust data governance is being adhered to.
Second, be sure you are using the right system(s). It is often tempting to use existing technology to solve a data management problem. It is a cheaper approach but could lead to the misuse of systems not designed for the task at hand. The danger of going down this route is that unforeseen deficiencies will only surface late in the project. Be sure at the outset that the software being used is fit for purpose!
Third, limit the number of systems in the process. Adding technology layers to address individual issues will potentially lead to doubling of your operational and governance efforts. Passing data through systems not designed to enhance controls increases the risks of accuracy either through changes upstream in the information chain or interface timing issues, not to mention the availability of all the systems. The greater the number of actors in the process the greater the risk of a breakdown.
Fourth, outsourcing the solution. Some of the Approved Reporting Mechanism (ARM) providers are offering services beyond their initial role as reporting agents, which include many of the requirements set out by the regulation.
Fifth, add a data management layer to your process to create a golden source of data that can be used to determine that the correct reporting rules are applied before sending the transactional data to your ARM. Post reporting, a data management system will also assist you with the required three way reconciliation. The sole responsibility of getting the data right lies with the reporting company or entity, not the ARM.
Best practice is largely dependent on the size of the company and the appetite to meet the MiFID II requirements. We can assume that larger companies will no doubt seek to build their own reporting mechanism or will be pushing their technology vendors to build bespoke systems. Whereas small to medium sized companies will be weighing up their options.
For these firms, it would probably be advisable to work with any of the offered ARMs services but also to have robust internal controls to ensure the accuracy of the data going out to the regulatory authority via the ARM and revalidate the return data post reporting. This approach makes the timescales manageable and ensures that your company is sufficiently aware and in control of the data.
The coming year is going to be a busy one for anyone involved in projects or compliance around MiFID II. While MiFID I was internally manageable, the second iteration of the regulation is tougher to understand and implement. It could be too easy to dismiss transaction reporting as a simple front to back office (FOBO) reconciliation with a bit of reporting added. The reality is that transaction reporting is likely to be one of the biggest deliverables when it comes to 3 January 2018. Therefore, your New Year’s resolution ought to be a thorough review of your company’s readiness for MiFID II.
Marc McCarthy, associate director, AutoRek