With historic fines being levied for breaches of the Markets in Financial Instruments Directive (Mifid) and national conduct authorities (NCAs) suggesting plans to administer the directive much more onerous follow-up – Mifid II – market participants must build in systems to assist with transaction reporting obligations.
“The advice I’m giving to market participants is that they need to build a control framework to increase the accuracy of reporting where they can,” says Marc McCarthy, senior business consultant for Mifid at AutoRek. “Obviously there will be areas they can’t automate. Where that is the case they need to make sure that those processes are monitored and documented as well.”
In March, Goldman Sachs was fined more than £34m by the UK’s Financial Conduct Authority (FCA) for failing to provide accurate and timely reporting across a total of 220m Mifid-related transactions between 2007 and 2017. In the same month, the same NCA hit UBS with a fine of more than £27m for failing to accurately report nearly 136m transactions during the same time period. In its 2019-20 Business Plan, the FCA has highlighted Mifid II compliance as a priority in its wholesale financial markets work. For McCarthy, the fines related to Mifid II’s predecessor and the stipulations by the FCA should make investment firms take note.
“The key message the FCA is signalling to the industry is that was under a relaxed regime, now Europe is under a far more stringent regime with its wider scope,” he says. “The message is clear – firms have had a year since the beginning of the Mifid II regime to get their act together and this year will be the year for regulators to look at how it’s been implemented.”
According to research by regulatory consultancy Bovill, nearly one in four firms – or around 6,000 – submitted inaccurate transaction data in 2018. 1,335 reports filed to the FCA contained errors.
Under Mifid II, firms must reconcile their data and file it to an Approved Reporting Mechanism which then passes it on to the relevant NCA. However, it seems firms are falling at the first hurdle.
“The reality is that a lot of the data is erroneous in the first instance – before it even goes out the door,” says McCarthy. “There are organisations with tens of thousands of transactions being blocked by their ARM because of erroneous content. One of the key aspect coming out of Mifid is the need for tighter controls, a tighter control framework around transactions from the moment that the trader has actually picked up the phone to their counterparty right through to the point of settlement.”
After transactions have been reported, firms can access the FCA’s market data processor (MDP) to check the data that has been submitted for entry. Worryingly, many market participants aren’t using the function.
“What we’ve heard is that of the 6,000 firms, not all of them – by any stretch of the imagination – have even applied to do this. Only a few thousand have actually applied to get that data from the MDP,” says McCarthy.
Elsewhere in its Business Plan, the FCA advocates the use of regulatory technology, saying it will further explore the fintech industry for use cases in assisting the market with compliance burdens. So far, however, many Mifid II firms are still relying on manual processes and basic systems.
“A lot of this is sitting on spreadsheets,” says McCarthy. “That’s not what the regulator is looking for. They’re looking for stringent, automated controls, wherever possible or if not very well documented processes.”
For McCarthy, much of Mifid II’s transaction reporting obligations can be fulfilled by closer alignment of the Senior Managers and Certification Regime (SMCR) which was designed to increase management’s accountability.
“Under SMCR managers need to own the processes – they need to understand what their staff are doing, how they’re doing it, how it fits in,” he says. “More often than not systems that have control mechanisms in place tend to have sign off processes within them – like AutoRek does – that lends itself to the idea that if someone performs a task and someone else reviews it the system has a record with names, time and date stamps against it.”
McCarthy cites the example of how AutoRek works with an Irish client on its pre-reporting reconciliation for Mifid II compliance. Only when approval is granted of the reconciliations are the trade reports passed onto the regulator.
AutoRek’s work aligns closely with regulatory technical standard (RTS) 22, which details the process through which data must flow. The firm has built a process by which it assesses three datasets: that which is reconciled by the firms whose data the trades relate to, the ARM they have sent the data to, and finally the regulator’s finalized reports. AutoRek also assists with RTS 6 requirements – including pre-reporting reconciliation, which is essentially comparing trading logs against executed standing orders. For AutoRek it’s a standard workflow, but one that should be administered as regularly as possible to avoid failure to comply.
“RTS 6 and RTS 22 reconciliations should be done on a daily basis,” says McCarthy. “On RTS 22 that’s a bit difficult because you can only download one set of data per day for your organization and it’s capped at ten million transactions. Certainly checking the data you’ve sent to the ARM, what the ARM has received from you, should be checked on a daily basis.”
Firms have struggled with many other burdens which are new compliance requirements under Mifid II – not least the imposition of legal entity identifiers (LEIs) and international securities identification numbers (ISINs) as well as the data protection rules outlined in the General Data Protection Regulation (GDPR), which came into force last year. AutoRek’s systems help create and align LEIs and ISINs in a timely manner, and automates the process of monitoring personalized identifiable information components to alert a firm if that data is out of synchronization.
Given the fines imposed for breaches of the much less cumbersome Mifid I, as well as the FCA’s suggestion in its business plan that it will be pursuing breaches much more vehemently in the months ahead, the market is fully expecting the UK’s NCA to start investigating closely Mifid II breaches. For those still not operating to standard that could mean a difficult period ahead.
“I do think inspections will come this year definitely by the FCA,” says McCarthy. “I think the grace period is over. The regulator has had Brexit to deal with among other things – and they’ve also given people a bit of breathing space, I believe. Mifid II has been a huge undertaking and firms must be onboard.”