This is a guest blog by Daniel Cohen, a solutions engineer at DataStax
MiFID II – or to give it its full title, the updated Markets in Financial Instruments Directive – is an updated set of regulations that covers investment banks, hedge funds and alternative investment firms. It provides a list of areas where new compliance steps have to be taken by the companies involved in trading, covering everything from voice recording through to collection of trade data. It’s this area of data collection that will be interesting for these companies to consider.
At a roundtable I attended this year, the issues around MiFID II were not so much led by technologies as by methodologies for organisations to deal with the wider problems of compliance projects. As part of the discussion, areas like the availability of skills and recruitment in the wake of Brexit received the most attention, while making the most of investment in compliance was also discussed.
Can we do more with compliance?
As with much compliance regulation, the rules have been put together to catch up with the potential that new technologies can deliver. New financial instruments are being developed all the time that can stretch the rules that exist around trading, while the volume and variety of trades continues to go up all the time. Under MiFID II, both the industry regulators across Europe and the trading firms will be required to keep a complete and accurate list of all trades taking place.
Invoking the trilogy of variety, velocity and volume – Gartner’s traditional description of big data – should make MiFID II a fairly obvious use case for big data systems. The IT teams at banks are already investing in their compliance efforts to meet the deadline of 03 January 2018, while hedge funds and smaller IT organisations are looking at how they can work with providers to solve these problems as well.
What was most interesting during the roundtable discussion was how much variation there was in mindset in the IT teams involved. Some see the January 2018 deadline as the only end goal, some are already looking at ways to get around the legislation and take things out of scope, while others are looking ahead at what new things can be delivered using the data that has to be gathered. These differences demonstrate that IT is still seen in very different ways within businesses, from the traditional ‘keep the lights on’ maintenance role through to more strategic and forward thinking.
Ade Dickson, solution director of Sopra Steria made a great point here: “It’s important not to see the deadline as the end goal, but just the starting line. It’s pointless to build solutions that will only cope with two years’ worth of data, when this regulation will be in place for seven to ten years.”
Bringing together voice and data compliance plans
Alongside the trade data that IT teams will have to capture, mobile calls and data will also have to be tracked for compliance. Whereas previously, traders could leave their phones away from the trading desk and this would be compliant with MiFID I, MiFID II will force companies to capture all voice calls and data created on phones. According to Alex Phillips, Head of Mobile at Adam Phones, this change in the rules may be a difficult one to start off with.
The reason behind this is that, for many people, phones run apps as well as voice calls. While mobile call recording now works at the network level, apps like Facebook, WhatsApp or Linkedin on those phones can also be used to communicate. Each of those transactions would have to be recorded and kept for a minimum of five years. However, many of these services are fully encrypted, so the data saved would not be clear and it would be very difficult to force employers to release keys to apps that are not actually theirs.
The likelihood is that many firms will have to look at their mobile device management strategies over the next 18 months, preventing people from installing and using these kinds of apps on work phones.
Alongside this, companies will have to start planning for their compliance management. One example given in the roundtable was how compliance officers should listen to a set percentage of calls every month to check that recording of conversations is taking place. Alongside this, compliance teams should be making preparations on the processes they will use to link up trading data concerning a specific customer account or trader with all the relevant voice calls made by that trader would be required in the event of an investigation.
What is “relevant” is still up for definition – a lot of this will be determined by the first investigations into compliance status by the Financial Conduct Authority after the initial deadline passes. Being prepared for any questions is going to be a key skill for the future.
What preparations should companies be making?
From the roundtable, there were four steps that companies should be considering around MiFID II. These lessons should be relevant beyond the investment banking sector too:
- Prepare for the years ahead, not just the immediate deadline. With so much data coming in, IT teams should look at how much data they will have to support over five or seven years, rather than just in the next two to three years. Changing a storage infrastructure so soon after compliance regulations are brought in is something that you can plan ahead to prevent.
- Make a selling point of compliance. When MiFID II asks for data to be stored over five years … why not store seven, or even ten? This can be an opportunity to sell a service as going above and beyond.
- Brexit will have an impact … but how much is still to be determined. Alongside the general challenges for the financial services sector that Brexit represents, there will be more difficulty in finding people with the right talent around compliance. Looking at retention and training is therefore a key area to develop for IT teams.
- Developing new services around data will be a key differentiator. Across the banking sector, there are a lot of skilled and innovative individuals involved in these projects. The market potential from using data gathered for compliance purposes is huge, but these services still need to be developed and supported over time.