According to a survey conducted by SunGard at Sibos 2014, nearly half of the 130 people polled (47 percent) reported that increased risk and regulations will have the largest impact on how companies conduct business today.
One set of regulations that is affecting everyone from small retail investors to tier 1 exchanges is the European Commission’s MiFID II and MiFIR, which seeks to promote a single market for wholesale and retail transactions in financial instruments. In the most basic terms, MiFID II and MiFIR address two broad areas:
- the conduct of business rules for intermediaries providing investment services
- the effective, efficient and safe operation of financial markets
With the MiFID and MiFIR consultation process well underway, and with the Level 2 texts being finalised, the key items that still need to be addressed are becoming clear.
Suitability and appropriateness checks
MiFID II mandates that firms have adequate internal controls over their advisory services and their sales channels, including the diligence to not advise on – or even stop selling – a product if clients do not understand it. When complex products are available via a trading platform, they must ensure that client access to products is based on suitability or appropriateness. They must also include suitability controls as part of the advisory services.
To ensure that they perform these suitability checks appropriately, they must institute a process to collect relevant client information – which will vary with the complexity of the product – and then systematically verify the suitability of each client transaction against this data.
Suitability checks, however, are not the only requirement. When a firm is merely providing access to trading in a product, it is still obligated to actively seek information from a client about his or her ability to understand the risks of the product or service and to afford potential losses. The firm must have the processes to decide whether a product or service is appropriate for the client and take necessary steps if the client is acting outside of what the firm has deemed appropriate.
Other related obligations include monitoring the processes that keep the firm’s Know Your Customer (KYC) data up to date to ensure that data is detailed enough for the firm to determine and establish suitability and appropriateness. KYC poses one of the greatest challenges to the financial services industry, according to the SunGard survey. More than half (55 percent) of respondents agreed that KYC is a top challenge to their business.
The firm must also provide fair and clear disclosures about all fees and total costs as well as explicit explanations of embedded or wrapped products.
This raises questions around monitoring and audit trails. How does a compliance organisation get on top of its firm’s sales and account management tasks? Certainly an array of system and process changes will be required.
Best execution monitoring
Investment firms must provide all clients with a best execution service when executing orders. They will be required to annually publish information on the top five venues that they have used, and markets must publish information on the quality of the execution provided.
ESMA, which oversees the implementation of MiFID II, advises that a firm’s execution policy should describe its strategy for obtaining the best possible result for the execution of client orders and explain the importance that the firm places on the execution factors when executing client orders or decisions to deal. Permissible third-party payments should be disclosed within execution policies.
Code of conduct and conflicts of interest monitoring
Investment firms are required to take all appropriate steps to identify, prevent or manage conflicts of interest within the firm, as well as to maintain and operate effective organisational and administrative arrangements to prevent conflicts of interest and manage code of conduct.
ESMA advises that the existing rules will be strengthened to:
- specify that placing an over-reliance on disclosure without adequate consideration as to how conflicts may be appropriately managed is not permitted
- ensure that disclosure to clients is sufficiently detailed and meaningful to enable the client to make an informed decision as to whether to proceed
- introduce a requirement that firms periodically review their conflicts of interest policies and take all reasonable steps to address any deficiencies
For a compliance organisation, the implications of the above are huge. Firms will need a detailed and efficient process to manage deal teams and associated restricted lists, a tool to monitor staff activity across deal teams, and the ability to compare staff activity vis a vis corporate entities to search for potential collusion and Chinese Wall breaches.
Compliance audit trails
For any identified compliance issue, firms must record where senior management deviates from the compliance officer’s assessment and recommendations and explain the remedial action that the firm intends to take.
Firms must also maintain an audit trail of their risk-based approach or, alternatively, implement controls and processes that address the full regulatory text. For example, a firm can do a risk-based analysis, decide which parts of the regulation it needs to comply with, and implement reasonable processes and checks to meet its own analysis. This entire process will need to be reviewed on a regular basis, with an associated audit trail that will satisfy any competent authority that may challenge it.
Some firms are implementing very stringent rules in anticipation of the completion of the current legal processes and regulatory changes. For example, some firms prohibit any staff that is remotely associated with trading – even someone who simply works on a trading floor – from using a mobile phone, chat application or chat room during office hours. Is this reasonable or counterproductive? Could proper systems and controls that monitor usage and staff behavior in relation to customer, firm and market events help avoid draconian steps that limit staff movements?
Finally, another hugely significant point: advisors and firms promoting and selling products created by other firms will have to change their fee structure and information around how they charge for their services.
So MiFID II will have a significant impact on not only firms’ practices but those of their employees. It is therefore critical to fully understand the regulation and how to implement processes that support compliance.
The good news is that if proper and efficient controls are put in place, firms will have a clear view of its clients and sales force activity, allowing them to act more efficiently on the market. Having control and proper monitoring of staff allows firms to give their staff the flexibility to act freely and with delegated responsibility. And if they act outside of the faith of Code of Conduct and Regulation, compliance will find out, and appropriate actions can be taken.
By Magnus Almqvist, Senior Business Development Manager, SunGard