By Matthew Bryars, co-founder and CEO, Aeriandi
In less than a year MiFID II legislation will be enforceable across the EU, bringing significant changes to the way regulators oversee financial services activities. While current Financial Conduct Authority (FCA) requirements only govern the telephone conversations of individuals directly involved in trading, MiFID II covers any individual involved in the advice chain that may result in a trade.
Asset managers, independent financial advisors (IFAs) and payments administrators will all be impacted, as will conversations on both landlines and mobiles. MiFID II has several record keeping aspects, including a requirement to store call recordings for five years. In combination with the impending EU General Data Protection Regulation (GDPR), which is also coming into force in 2018, Risk and Compliance teams will need to be preparing now to meet the new requirements of what is shaping up to be a challenging regulatory year.
Reforms necessary to meet the new requirements will not come cheap. A recent report by IHS Markit and Expand, ‘Counting the cost of MiFID II’, estimated the preparatory cost to the financial services industry to be more than $2billion in 2017.
A January 2017 study from secure voice specialist Aeriandi asked Risk & Compliance managers, as well as IT managers and decision makers within the UK financial services sector, about their understanding of MiFID II, the penalties for non-compliance, and how they are preparing for the new legislation.
The answers reveal a lack of preparation and understanding of the requirements. They suggest managers and decision makers within these institutions have little understanding of the severity of potential penalties and that they are struggling to apply the legislation to their businesses.When comparing the responses of IT professionals and those responsible for managing Risk & Compliance within a business, IT teams have a better overall understanding of the consequences of non-compliance.
Almost three quarters (73%) of Risk & Compliance managers and 58 per cent of IT managers and decision makers said they were unaware that penalties could reach up to five million euros, or 10 per cent of the company’s annual turnover. 17 per cent of Risk & Compliance managers were unaware a company could receive a cease and desist order for non-compliance, and almost a quarter of those surveyed (22%) said that, although they feel they understand the MiFID II legislation, they are not sure how it applies to their organisation.
The study highlights a concerning gap between general awareness of the legislation and an understanding of the practical detail, knowledge and planning that is needed to prepare for compliance. More than a quarter (29%) of those surveyed do not yet have the technology or the infrastructure in place to achieve compliance, and just 10 per cent are currently communicating with partners and suppliers about their preparations.
Understanding of the legislation peaks in firms with 50,001 – 100,000 employees, with 88 per cent saying they are totally confident in their understanding of the legislation. It then falls to 67 per cent in organisations with 100,001 – 150,000 employees, and again to 65 per cent in companies with a headcount of more than 150,001.
It would appear, however, that a countdown to compliance has begun and organisations are now starting to invest time and money in preparations. 30 per cent of respondents say that budget has been allocated this year to help with preparations, and more than a third (36%) report that policy and procedure have now been developed.
With such widespread implications, organisations should already understand the key areas of impact on their business and be planning the necessary changes. Many organisations will need to procure and roll out a new set of tools and supporting processes to achieve compliance. Ultimately compliance and IT teams will have their work cut out for them.It seems that for many though, preparations are still at a very early stage.