MiFID II – Does Business or Compliance Lead the Project?
At the Cordium annual conference last month I participated in a panel with representatives from Knadel, McFarlanes and Bloomberg, discussing key aspects of MiFID II and what firms should be focusing on. When questioned on who is leading their MiFID II projects, more than 64% of investment firms polled indicated their projects are compliance-led, not business-led. This could indicate that firms still have work to do, to convince their senior management of the breadth of MiFID II’s impact on the operations of the business lines.
During the panel session ‘The clock is ticking,’ four areas of MiFID II implementation changes stood out:
The other panelists and I agreed that the MiFID II best execution change programme – which may be quite significant for some firms – should be led by the front office team. In fact, generally speaking it was considered better if the first line of defense has a substantial involvement in the MiFID II compliance programme overall. However, according to the survey, the MiFID II project is viewed as a business-led project in less than one-quarter of firms.
There are many reasons why the role of the business in the MiFID II regulatory change process should be emphasised. For example, the enhanced best execution requirements will dramatically expand the scope of each firm’s programme because “sufficient” steps – new language describing required compliance levels – denotes a higher bar than “reasonable” steps. Firms will have to ensure that the intended best execution process outcomes can be successfully achieved on an ongoing basis. This is likely to involve strengthening front-office accountability, as well as systems and controls – firms will need to “ensure that their detection capabilities are able to identify any potential deficiencies”. This is a substantial piece of work, and having the business leading is strategically important, and operationally essential. Most successful programmes at firms have had significant first line of defense involvement, marrying compliance’s expertise on the regulations with operations’ or trading teams’ understanding of internal business processes.
It is also in the best interests of the business to ensure these enhanced processes are implemented. Compliance with best execution rules under MiFID II is expected to be an enforcement focus, after the UK Financial Conduct Authority (FCA) noted in March this year that it was “concerned” with firm’s abilities to demonstrate good client outcomes. They commented that, following their own thematic reviews, the “pace of change” was slow and that “most firms had failed to take on board the findings”.
Payment for Research
Another area where the business needs to engage with regulatory change is payment for research. As a result of MiFID II, investment managers must pay for research explicitly. They must decide whether to pay for it themselves, through their balance sheet, or to charge investors by funding a research payment account (“RPA”). If choosing the latter, firms will need to create and communicate a process for setting a research budget, which should not be based on or linked to trading. Rather, the budget should be established based on how much research is expected to be used in the future, and what directly benefits the client – a significant piece of analysis for most firms. A starting point is what research has previously been consumed, but consideration should be given to what is actually necessary. Fundamentally, it is the users of the research who need to determine the content they require. Given the complexity of tracking and projecting research use on a client-by-client basis, this could potentially be another area for a technology solution, which could manage metrics around the consumption of research. It is clear that the business operating model which a firm’s investment managers adopt for this issue will drive how research is paid for.
Transaction reporting is a big issue for investment management firms because most haven’t had to do this in the past – under MiFID II, they will no longer be able to rely on their brokers. As well, the requirements have become much more complex. For example, the data obligations for transaction reporting generally are nearly three times as large as under MiFID I, with the number of fields expanding to 65. Client and employee personal data is included in these new fields, and this will have to be handled appropriately. The other panelists and I agreed that managing the transaction reporting obligation is all about governance – corporate governance from the top down led by senior management, as well as data governance bottom up, managed by the business and monitored by the compliance team. As a result, for most firms this regulatory change project will be significant. Many firms may benefit from the adoption of a technology solution to assist in meeting their regulatory requirements. For larger firms, the spend on transaction reporting technology could be the largest chunk of their overall MiFID II programme bill.
A final key area of concern discussed is the need for firms to adopt a telephone recording programme – including associated recording-keeping. A particularly difficult area is the handling of mobile phone conversations. Firms will either have to drive all communications to landlines or other recordable methods, or they will need to find a solution that can offer recording of mobile conversations. Recordings will need to be readily accessible and retrievable in short time periods. No matter what path a firm selects, this overall obligation is expected to be another “in place on day one” requirement for the FCA.
Again, the business will need to decide which methods of communication are most effective when having “relevant conversations” – this will have an impact on what ultimately needs to be recorded, and determine the budget for compliance with this requirement.
Regulators will expect that firms review the business’s operational approach and the effectiveness of the compliance function, in addition to overall firm governance, as part of their MIFID II planning. The responsibility for MiFID II compliance falls heavily on senior management, and so in order to ensure effective MiFID II implementation, the entire business needs to be involved in the project.
Feel free to contact me if you would like to discuss the results of this poll or would like Cordium to assist you with your MiFID II implementation. Chapter 1; Question 1 https://www.esma.europa.eu/sites/default/files/library/esma35-43-349_mifid_ii_qa_on_investor_protection_topics.pdf  https://www.fca.org.uk/publications/multi-firm-reviews/investment-managers-failing-ensure-effective-oversight  https://www.fca.org.uk/publications/multi-firm-reviews/investment-managers-failing-ensure-effective-oversight