Compliance: The Markets in Financial Instruments Directive (MiFID) will have an impact throughout the EU. The canny IT director will exploit overlap with other requlations to achieve compliance and improve systems.
In less than two years, MiFID hits the statute books and brings with it changes to the European trading landscape, client relationships, pricing engines and pre/post trade reporting.
MiFID was formally adopted by the European Union in April 2004 and the technical draft of the directive has just been released. It contains 73 articles that will affect participants in the financial services industry in all 25 member states of the EU.
MiFID is applicable to all businesses involved with trading in financial instruments, as well as businesses that deal in advisory services. This directive is applicable to all classes of financial instruments with the exception of foreign exchange.
It comes at a time when firms are already stretched, with preparations for Basel 2, Sarbanes-Oxley, Transparency Directive and others. In Europe alone, there are more than 40 EU directives in financial services that will be implemented between now and 2010. How is IT going to cope with further change?
It is easy for IT managers to position MiFID as "just another compliance issue" and consequently dismiss the immediate impact of the directive. Nothing could be further from the truth. MiFID will hit the financial market with the force of Y2K, Basel 2 and Sarbanes-Oxley put together, stretching the capability of all existing IT systems, resources and supporting business processes.
The need to implement new systems and business applications may further compound the challenge faced by IT when moving towards MiFID compliance.
MiFID enables existing service lines to be extended across Europe and new service lines to be added under the new passporting arrangements. Firms can also become systematic internalisers or mini stock exchanges, which impacts the IT systems.
Forward-thinking firms are looking to the opportunities offered by MiFID, and not just the compliance issue.
With estimated costs running to million of pounds to achieve MiFID compliance, organisations will look to IT to ensure greater economies of scale with existing systems, before investing in new technologies that will potentially further increase complexities. The role of IT will be critical and cannot be overstated.
From an IT perspective, MiFID extends to the order management and routing systems, order execution systems, client data, client documentation, price feeds, trade reporting systems, "conduct of business" and "conflict of interest policies", documentation and training, European branch infrastructure, risk systems, as well as disaster recovery and business continuity planning procedures, which, incidentally, will require even more rigorous testing over the coming two years.
The risk and impact analysis process must begin quickly if organisations are to maintain competitiveness in key markets. Smaller, more nimble businesses will have a distinct advantage.
Once stripped away, beneath all new regulation and compliance sit common IT functions and MiFID is no different, with specific practice areas requiring significant business support:
- Data management: to migrate the client data to a new database properly segregated and enhanced to ensure the right products are offered to the right people.
- Process documentation: performing the processes to ensure all the customers have the right documentation and have acknowledged receipt.
- Data warehousing: to provide regulatory reports and to provide proof of compliance to the requirements of MiFID.
- Systems implementation: the building, implementation and integration of new systems.
- Testing: making sure that the changes meet the requirements of MiFID and ensuring the integrity of the IT platforms.
- System integration: ensuring that the data is available for publishing in the case of the trade and price data, and also ensuring that the right information is available to ensure best execution.
Although MiFID is a monster, there is light at the end of the tunnel in the form of overlaps between the IT requirements of the different regulatory initiatives.
I suggest that this component be the first area to be exploited by IT when developing the road-map to achieve compliance.
The opportunity exists for IT to implement a reporting architecture that takes advantage of the commonality of the different directives. This could now be the time for firms of all sizes to implement an enterprise-wide transaction and reference data store that contains the single version of the truth.
The impact of this kind of investment must not be dismissed too easily, as the longer-term benefits of a simplified data and reporting architecture, coupled with reduced development and regression testing efforts, will contribute significant long-term cost savings for the business.
Continuing with the positive-impact theme of MiFID, CIOs have the opportunity to review their existing complex systems architecture and test its ability to perform to the demands set by MiFID.
Is now the time to consider greater investment towards a service-oriented architecture (SOA)? Only time will tell, but in my opinion, the timing has never been better for the financialservices industry. How else is it expected to cope with ongoing regulation while simultaneously maintaining competitive advantage? Economies of scale will contribute significantly towards countering multiple cross-functional challenges.
Whatever journey you decide for your organisation and whatever IT roadmap you create to achieve MiFID compliance, the ability to resource your MiFID project will determine your success. The wise CIO will have already engaged their preferred IT suppliers, drilled into their existing global delivery capability, and sourced the necessary resources at advantageous rates.
As time passes and trained resources become scarce, resource costs will increase substantially, further putting pressure on theorganisation to meet this critical objective. MiFID may be the trigger to challenge the financial community to increase its investment and dependency on offshore IT providers, whether to help secure MiFID compliance, or to maintain existing systems while internal IT resources confront MiFID.
MiFID can have many touch-points in financial services, banking and/or insurance firms, including HR, trading, compliance and client relationship. However, it will be the IT department that feels the full force of compliance, with almost every client-facing securities trading process needing significant review and potential re-engineering.
Combined with the IT effort to upgrade existing systems, implement new systems and improved data warehousing and reporting, the operational aspect of implementing new front- and back-office processes cannot be ignored.
Stephen Kell is principal consultant, Patni