On 3 January 2018, the Markets in Financial Instruments Directive comes into force, bringing in tougher regulations and in particular a far more rigorous approach to call recording and customer protection.
With little time left now to plan, it is essential that firms complete their final preparations. And if they have not already done so, switching from an in-house legacy system to the cloud for data storage could well be one of the most effective ways to fortify the business.
For the record
One of the most important – and contentious – changes that MiFID II will bring in is a new requirement to collect richer forms of data that must be stored for longer and needs to be easily retrievable, including being available for audit by the FCA if required.
MiFID II brings additional data responsibilities for firms already facing increased pressure as a result of the General Data Protection Regulation, which comes into force in May.
Carrying the cost
However, smaller firms, in particular IFAs, had expressed concern about the extra costs that MiFID II will impose and lobbied for an alternative. The FCA listened and agreed in April that Article 3 firms, including those that give advice and corporate finance boutiques, can now take detailed notes of a call, as an alternative to recording.
But, is this really a sound move? From a cost perspective, it may appear attractive, since historically, paying for, recording, storing and retrieving data has been a significant and often unwieldy process, with businesses needing to use a number of different providers.
Shortcomings of note-taking
Being able to take notes may sound like a win for smaller firms, but in reality, risk managers may well want to counsel against this. This is for a number of reasons and these are just some:
- Recording offers greater certainty and if the right storage approach is chosen, is a far safer strategy. However, holding the data in-house can be a recipe for disaster and although the FCA has said notes must be ‘analogous,’ keeping vast amounts of documentation is impractical and there may be far too many variations dependent on who is taking down the information.
- MiFID II requires records to be retained for far longer periods, moving from the current six months to five years (and in some cases seven years). What is more, risk managers need to ensure management is fully aware of their obligations and that is effective oversight and a comprehensive and written staff-training programme.
- They must also periodically monitor transaction records to make sure that there is compliance and that data can be retrieved swiftly – this is easier if it is stored on an easy accessed cloud facility with clear tabs showing what is where.
- Meanwhile storing data on a legacy system is undeniably less secure than the cloud
What advantages does the cloud offer?
If a firm is subject to MiFID II then they may well be already using the cloud as for some it offers a higher level of security than can be achieved in house, provided the right provider is selected. A number are now specifically targeting businesses that need to be MiFID II compliant and may be using blockchain technologies which are suited to recording transactions, delivering auditable trails that can be drawn on whenever needed.
Firms can also use their stored data for business purposes, since it can provide many useful insights in to assist both with risk management and development. Further, the cost of cloud storage is often more affordable than firms realise.
MiFID II is almost here and while it may be more onerous, the regulator believes it will result in a more transparent market. Those falling under regulation should be making sure now they have the right systems and storage to meet this important compliance challenge.