Compliance: The Markets in Financial Instruments
Directive (MiFID) will have an impact throughout
the EU. The canny IT director will exploit overlap with other
requlations to achieve compliance and improve systems.
In less than two years, MiFID hits the statute books and brings
with it changes to the European trading landscape, client
relationships, pricing engines and pre/post trade reporting.
MiFID was formally adopted by the European Union in April 2004
and the technical draft of the directive has just been released. It
contains 73 articles that will affect participants in the financial
services industry in all 25 member states of the EU.
MiFID is applicable to all businesses involved with trading in
financial instruments, as well as businesses that deal in advisory
services. This directive is applicable to all classes of financial
instruments with the exception of foreign exchange.
It comes at a time when firms are already stretched, with
preparations for Basel 2, Sarbanes-Oxley, Transparency Directive
and others. In Europe alone, there are more than 40 EU directives
in financial services that will be implemented between now and
2010. How is IT going to cope with further change?
It is easy for IT managers to position MiFID as "just another
compliance issue" and consequently dismiss the immediate impact of
the directive. Nothing could be further from the truth. MiFID will
hit the financial market with the force of Y2K, Basel 2 and
Sarbanes-Oxley put together, stretching the capability of all
existing IT systems, resources and supporting business
processes.
The need to implement new systems and business applications may
further compound the challenge faced by IT when moving towards
MiFID compliance.
MiFID enables existing service lines to be extended across
Europe and new service lines to be added under the new passporting
arrangements. Firms can also become systematic internalisers or
mini stock exchanges, which impacts the IT systems.
Forward-thinking firms are looking to the opportunities offered
by MiFID, and not just the compliance issue.
With estimated costs running to million of pounds to achieve
MiFID compliance, organisations will look to IT to ensure greater
economies of scale with existing systems, before investing in new
technologies that will potentially further increase complexities.
The role of IT will be critical and cannot be overstated.
From an IT perspective, MiFID extends to the order management
and routing systems, order execution systems, client data, client
documentation, price feeds, trade reporting systems, "conduct of
business" and "conflict of interest policies", documentation and
training, European branch infrastructure, risk systems, as well as
disaster recovery and business continuity planning procedures,
which, incidentally, will require even more rigorous testing over
the coming two years.
The risk and impact analysis process must begin quickly if
organisations are to maintain competitiveness in key markets.
Smaller, more nimble businesses will have a distinct advantage.
Once stripped away, beneath all new regulation and compliance
sit common IT functions and MiFID is no different, with specific
practice areas requiring significant business support:
- Data management: to migrate the client data to a new database
properly segregated and enhanced to ensure the right products are
offered to the right people.
- Process documentation: performing the processes to ensure all
the customers have the right documentation and have acknowledged
receipt.
- Data warehousing: to provide regulatory reports and to provide
proof of compliance to the requirements of MiFID.
- Systems implementation: the building, implementation and
integration of new systems.
- Testing: making sure that the changes meet the requirements of
MiFID and ensuring the integrity of the IT platforms.
- System integration: ensuring that the data is available for
publishing in the case of the trade and price data, and also
ensuring that the right information is available to ensure best
execution.
Although MiFID is a monster, there is light at the end of the
tunnel in the form of overlaps between the IT requirements of the
different regulatory initiatives.
I suggest that this component be the first area to be exploited
by IT when developing the road-map to achieve compliance.
The opportunity exists for IT to implement a reporting
architecture that takes advantage of the commonality of the
different directives. This could now be the time for firms of all
sizes to implement an enterprise-wide transaction and reference
data store that contains the single version of the truth.
The impact of this kind of investment must not be dismissed too
easily, as the longer-term benefits of a simplified data and
reporting architecture, coupled with reduced development and
regression testing efforts, will contribute significant long-term
cost savings for the business.
Continuing with the positive-impact theme of MiFID, CIOs have
the opportunity to review their existing complex systems
architecture and test its ability to perform to the demands set by
MiFID.
Is now the time to consider greater investment towards a
service-oriented architecture (SOA)? Only time will tell, but in my
opinion, the timing has never been better for the financialservices
industry. How else is it expected to cope with ongoing regulation
while simultaneously maintaining competitive advantage? Economies
of scale will contribute significantly towards countering multiple
cross-functional challenges.
Whatever journey you decide for your organisation and whatever
IT roadmap you create to achieve MiFID compliance, the ability to
resource your MiFID project will determine your success. The wise
CIO will have already engaged their preferred IT suppliers, drilled
into their existing global delivery capability, and sourced the
necessary resources at advantageous rates.
As time passes and trained resources become scarce, resource
costs will increase substantially, further putting pressure on
theorganisation to meet this critical objective. MiFID may be the
trigger to challenge the financial community to increase its
investment and dependency on offshore IT providers, whether to help
secure MiFID compliance, or to maintain existing systems while
internal IT resources confront MiFID.
MiFID can have many touch-points in financial services, banking
and/or insurance firms, including HR, trading, compliance and
client relationship. However, it will be the IT department that
feels the full force of compliance, with almost every client-facing
securities trading process needing significant review and potential
re-engineering.
Combined with the IT effort to upgrade existing systems,
implement new systems and improved data warehousing and reporting,
the operational aspect of implementing new front- and back-office
processes cannot be ignored.
Stephen Kell is principal consultant, Patni