The Markets in Financial Instruments Directive, or MiFID, is a European Union law that has regulated investment services across the EU since 2007. Due to weaknesses during the financial crisis, MiFID has been revised to improve functionality of financial markets and to strengthen investor protection in the EU. The new legislation, MiFID II, will take effect January 3, 2018. And as that date approaches, one question looms: Is there enough time for EU firms to become compliant?
What is MiFID and what does it mean?
MiFID II aims to provide a transparent and responsible financial market with better access to all classes of investors. MiFID II with harmonize rules and regulations across all EU member states so that investors receive the same level of protection regardless of where they invest.
The most significant changes will occur within financial firms. The record keeping and surveillance requirements in the EU will closely resemble requirements in the U.S. Previously, many countries in the EU didn’t conduct surveillance on financial market communications, due to privacy rules that prevented compliance teams from looking at employees’ messages.
Firms must retain data for five years and must conduct surveillance on employee communications across all platforms. Any communication that is intended to lead to a transaction must be stored for future analysis on transactions and behavior. Firms will need to examine communications periodically to see if their employees are compliant with the financial markets’ rules and the firm’s internal rules. EU firms will need to monitor voice calls from desk and mobile phones, which presents a challenge that only technology can solve.
How to prepare for MiFID
To prepare for MiFID II in 2018, EU firms will need to find an information governance solution that can capture, archive, and analyze various types of communication related to business. A solution needs three capabilities to ensure 100% data control:
- One data copy
- One point of control
- One consistent search
These three characteristics equate to one centralized system, meaning no data gets lost or is unaccounted for. Without these assurances, companies may not be able to retain data for five years, as mandated by MiFID, or their ability to produce archived information may be compromised as their search gets bogged down while navigating across different systems. Bringing company data under one archive, with one point of control ensures the 100% data control needed to be MiFID compliant. But the question still remains, will EU firms adopt this methodology in time for MiFID II regulations in 2018?