Use of technology and software in MiFID II compliance programs
May 2015 | 10QUESTIONS | SECTOR ANALYSIS
FW speaks with Magnus Almqvist, senior product specialist at SunGard, about the use of technology and software in MiFID II compliance programs.
FW: As we move closer to the expected implementation date in January 2017, how would you describe the impact that MiFID II will have on the internal processes of financial institutions?
Almqvist: The broadened definition of financial products and reporting requirements under MiFID II will have a particularly large impact on firms which need to automate and produce a vast amount of data to be delivered to designated repositories. More rigorous and continuous appropriateness and suitability checks, including competence and knowledge requirements for persons providing advice, need to be performed individual and at end client level. This is a challenge for the producers of financial instruments, where the distributers manage end client contacts. Conflict of interest management requirements are stepped up, which requires firms to not only be able to detect potential COIs but also manage these appropriately, and have processes in place where they can assure themselves they would detect if an employee breaches a ‘Chinese wall’ or misuses information gained via a COI.
FW: The introduction of MiFID II, alongside a raft of other regulatory measures, will make Europe one of the most heavily regulated regions in the world for financial institutions. In your opinion, will this level of regulation lead to greater clarity and transparency, or more confusion and uncertainty?
Almqvist: This is down to the resulting implementing directives and guidelines from ESMA, so it’s too early to say. Another important factor is also the enforcement actions by local regulators – how will the directives be translated into local regulations, and how will these be enforced? MiFID II is very ambitious and certainly seeks to bring fairness and transparency to the fragmented and highly competitive European financial markets.
FW: What advice would you give to financial institutions planning for MiFID II implementation, in terms of their existing IT capabilities? How should they go about assessing the adequacy of their business practices and IT architecture?
Almqvist: Compliance and IT need to carry out a detailed risk analysis, mapping out the required processes and procedures required under MiFID II, and then determine task by task if their existing solutions will be adequate or can be adjusted with reasonable costs and timescales involved, or if the organisation finds it needs to procure and roll out a new set of tools and supporting processes. This risk based analysis should be documented and kept as an audit trail of the decision process when a firm decides what part of the regulation applies to their business, and what organisation, processes and tools are required to effectively monitor compliance to the sections of regulation that applies. The FCA and other regulators will review this decision process as part of their regular audits of firms compliance function. This should all be done sooner rather than later. If you find that you need to procure a new system, then engaging with vendors as soon as possible will give you the time and space required to do a well thought through procurement including negotiating terms with your preferred vendor. Being up against tight deadlines and under the gun of a regulator pushing changes through will only catch your IT and compliance organisation on the back foot, and decisions that will determine your tools and processes for years to come will be rushed through and may lead to decisions you will grow to regret in the future.
FW: To what extent are financial institutions concerned about the cost, complexity and risk management provisions which come with MiFID II compliance?
Almqvist: Institutions are increasingly becoming aware of, and concerned with, the level of controls and associated automation required if a firm aims to be fully compliant with MiFID II with a reasonable level of manual effort to consolidate data, and processing and analysis of the resulting data analysis. The costs of these solutions may well have a real impact on the decision to remain in or launch into a new business or set of product offerings, which some argue will have a detrimental impact on the liquidity and diversity or competition in the financial markets.
FW: With MIFID II one of several changes being made to Europe’s financial regulatory regime – including EMIR, Basel 3, etc. – what steps can financial institutions take to manage the interconnectivity of different regulations?
Almqvist: A firm that manages the interconnectivity of different regulations and gains the benefits of a consolidated view not only across its entire business, but also across markets and asset classes, can enjoy a number of advantages. The level of control and access to information about its business will enable a very high level of transparency regarding how the business is performing, where risks lies and where it is exposed to regulatory challenges. This is not easily achieved and only those firms that are prepared to invest resources and a dedicated budget up-front will realise the potential. A solution will require consolidated dash boards, joint case management and one control room function. Equally important will be access to flexible and configurable underlying technology, which will allow organisations to adapt to changes and keep tools up to date with current workflows and processes.
FW: How feasible is it for financial institutions to consolidate all of their suitability, appropriateness and conflicts of interest reporting into one technology-based solution? How easy, or otherwise, is it to migrate over from existing reporting platforms?
Almqvist: The technology exists today. Indeed, you could add market abuse surveillance to the above list as well. The higher level of integration a firm achieves, the closer it will be to achieving a full picture of the company’s overall conduct. Also, it will be able to manage the interconnectivity of the complex web of regulation firms face today. A migration from an old platform to a new involving transfer of historical data is always difficult. No doubt the historical databases will have been through upgrades and changes through their life, and data may exist in different formats over the time period, which must be migrated to the new platform. Care needs to be taken to ensure data remains intact and accurate, which is time consuming. Upgrading or replacing a system that touches many users, such as a PA Dealing and Conflict of Interest management systems will involve training a large amount of staff, and may be received with resistance if not managed carefully.
FW: What are the benefits and risks of utilising third party services for MiFID reporting and compliance, as opposed to purely in-house resources? How should financial institutions manage such relationships?
Almqvist: There are a number of risks. Chief among them are data integration where you rely on a vendor to understand your data, relying on a vendor for implementation of changes, cost exposure and resource exposure to future changes from an organisation over which you do not have managerial control. At the end of the term of the contract, you have to renegotiate your terms with the vendor. In terms of benefits, the sharing of development costs and maintenance costs across a large user base can lead to a lower cost of ownership. Equally, sharing experience and industry best practice through product enhancements based on user group meetings, and individual customers’ feedback and requests for functional changes, will ensure that your compliance function remains in step and competitive in the rapidly changing compliance space. If companies opt for a fully hosted service offering, they will benefit further from economies of scale and having an expert organisation managing and monitoring the solution, further reducing the cost of ownership and reducing management overhead and management time spent on the solution.
FW: How much scope is there for varying interpretation of MiFID II from country to country? How would this correspond with the directive’s aim of harmonisation and consistency?
Almqvist: Finding localised and varied interpretations and enforcements is a risk of the European distributed and localised model retaining the national regulators. However, ESMA’s response to this risk, with its implementing directives and Level 2 documentation, is aimed at guiding regulators towards a uniform implementation and enforcement of regulation, while at the same time allowing for local variances and local differences in laws and best practices.
FW: In your experience, are financial institutions doing enough now to prepare themselves for MiFID II compliance? Where should they focus their efforts?
Almqvist: To date, this has been something of a mixed bag. Well organised and focused organisations tend to be ahead of the curve, where you will always find firms that are in a ‘wait and see’ mode and will not start planning or analysing until all details are in place and communicated by relevant authorities. The latter approach is a dangerous one, as companies may be caught out and not have enough time to implement suitable structures, procedures and processes in time to meet regulatory deadlines. If you are pushed for time, your costs will suffer, as you will have to take makeshift decisions and rush through implementations of the changes you plan. Hiring staff, for example, may be more expensive if you don’t leave adequate time to recruit and carefully select the right candidates. At the same time, as Level 2 documentation is not yet finalised, there is a large amount of uncertainty around the details of what MiFID II is actually demanding of compliance organisations.
FW: For organisations that are likely to fall short of meeting the MiFID II compliance deadline, what are the consequences of non-compliance? Can specialised technology and software help them to avoid this scenario?
Almqvist: Firms face penalties, and may find that the regulator dictates deadlines by which identified shortcomings must be addressed. The latter will increase cost, as a firm is forced to act and will be at a disadvantage when sourcing solutions and implementing changes to its organisation. It may have to de-prioritise other business driven IT projects, for example, that may delay business initiatives. Technology certainly can help, as these will support an organisation to implement processes and workflows that are based on best practice and the joint experience of a large user base – provided, of course, you chose a platform from a credible vendor with an engaged user group. Being part of a user group is also something that can strengthen a compliance function, in that it gives the compliance function easy access to industry peers with whom they can freely discuss how to use tools and how to interpret and mitigate regulatory changes.
Magnus Almqvist is a senior product specialist for Protegent, SunGard’s compliance business for the capital markets. He is responsible for pre-sales of the Protegent Market Abuse and Protegent PTA compliance solutions in Europe, Middle East and Africa (EMEA). He also provides expertise on the surveillance and supervision of financial markets in EMEA. Mr Almqvist was previously a sales executive at Nasdaq OMX, prior to which he was general manager and senior account manager at SMARTS. Before that, he was head of IT at EDX London, a London Stock Exchange Company, and an account manager at OMX, responsible for trading and clearing systems for exchanges. He can be contacted by email: firstname.lastname@example.org.
© Financier Worldwide