‘73% Risk & Compliance Managers in Financial Sector Admit They’re Not Aware of Penalties of up to 5 Million Euros or 10% of Annual Turnover vs 58% of IT Managers and Decision Makers’ 

A study of IT managers and decision makers and Risk & Compliance managers within UK financial services businesses, reveals a lack of preparation and understanding of the requirements of MiFID II legislation due to come into force in January 2018.

The study, carried out in January 2017 for voice security services company Aeriandi, shows managers and decision makers within these institutions have little understanding of the severity of potential penalties and are struggling to apply the legislation to their businesses.

Key findings

• Almost three quarters (73%) of Risk & Compliance managers in Financial Sector admit they’re not aware of penalties of up to 5 million euros or 10 per cent of annual turnover vs only 58 per cent of IT managers and decision makers
• 17 per cent of Risk & Compliance managers are unaware a company could receive a cease and desist order for non-compliance
• Almost a quarter of those surveyed (22%) say that, although they feel they understand the MiFID II legislation, they are not sure how it applies to their organisation
• Over a quarter (29%) do not yet have the technology or the infrastructure needed in place for compliance
• Only 10 per cent are currently communicating with partners and suppliers about their preparations for compliance with MiFID II

The study highlights a concerning gap between general awareness and understanding of the legislation and an understanding of the practical detail, knowledge and planning that is needed to prepare for compliance.

Understanding of the legislation peaks in firms with 50,001 – 100,000 employees, with 88 per cent saying they are totally confident in their understanding of the legislation.  It then falls sharply to 67 per cent in organisations with 100,001 – 150,000 employees, and again to 65 per cent in companies with 150,001+ employees.

When comparing the responses of IT professionals and those responsible for managing Risk & Compliance within a business, IT teams have a better overall understanding of the consequences of non-compliance.  62 per cent of Risk & Compliance managers admitted to not knowing a company can be fined up to 5 million euros or 10 per cent of annual turnover, compared to only 42 per cent of IT managers and decision maker’s.

It would appear however that a countdown to compliance has begun and organisations are now starting to invest time and money in preparations.  30 per cent of respondents say that budget has been allocated this year to help with preparations, and over a third (36%) report that policy and procedure have now been developed.

Matt Bryars, co-founder and CEO at Aeriandi, commented: “There appears to be a real lack of detailed knowledge around MiFID II in UK financial services organisations.  With less than a year to go until penalties for non-compliance will kick in, you’d hope that those responsible for delivering compliance – the IT and risk & compliance teams – would have this nailed.  However, for many, preparations are still at a very early stage.

“Organisations must understand the key areas of impact on their business and start to plan for change.  For example, call recording requirements under MiFID II will become mandatory for all areas of financial advice.  So anyone making a call in which they recommend products or aim to make a transaction will have to record that call – and then keep that recording secure for five years.  Ultimately compliance and IT teams will have their work cut out for them   They’ll need to carry out a detailed risk analysis, mapping out the required processes and procedures required under MiFID II, and then determine task by task if their existing solutions will be adequate or if the organisation finds it needs to procure and roll out a new set of tools and supporting processes.”