Home & Office

Compliance: Tech's 'uncomfortable' future

IT departments will be saddled with much of the work when it comes to complying with upcoming European financial services legislation such as MiFID
Written by Cath Everett, Contributor

The Markets in Financial Instruments Directive (MiFID) directive is expected to cost financial services organisations about $1bn ($600m) worldwide — with up to half that amount expected to be in IT costs.

MiFID is one of around 42 new directives that will hit the FS sector between 2005 and 2008, and according to Greg Caldwell, IBM's pan-European programme lead on MiFID, "is the most wide-ranging and significant to date", not least because it is a big step on the road to a single European market for financial instruments such as equities and derivatives.

The Directive, one of a set of initiatives to come out of the Financial Services Action Plan, which was agreed at the European Summit in Lisbon in March 2000, will replace the existing Investment Services Directive (ISD). It is intended to provide a homogenous framework for investment services to make it as simple to trade securely across national borders as it is to do so in individual countries.

This means that, it will become "as easy for you or I to phone a Spanish or Italian stockbroker as to phone someone down the road", explains Steven O'Sullivan, a partner at Accenture.

The goal, on the one hand, is to create a level playing field for organisations to operate in what has to date been a series of fragmented national markets in a bid to take on the might of a single, unified US market. The other aim is to increase transparency in relation to cross-border prices and fees — something that Brussels is currently unhappy with — in order to increase competition.

"The aim is to make it cheaper for capital markets to issue trades and to make it more attractive to investors by making markets more transparent so that they'll put more into equities to solve the pension time bomb problem," says Alan Jenkins, European head of MiFID at Bearingpoint.

As to what the Directive actually comprises, however, can be broken down into four main headings — organisational requirements; conduct of business (including best execution); markets and transparency; and cross-border business.

Organisational requirements cover areas such as risk management and internal audits, and although they have yet to be translated into practical terms by the Financial Service Authority (FSA), they will include tighter controls around potential conflicts of interest for those firms providing both investment advice and trading services.

Fields such as outsourcing will also be addressed by specific rules for selecting and testing the suitability of providers prior to contracts being signed, but record-keeping is another affected area. MiFID requires that a wider range of records than was previously the case be kept for five years, although again what this will include has yet to be determined by the FSA.

Conduct of business, meanwhile, affects everything from marketing and communications to changes in how clients are classified, the aim here being to protect retail investors and make a clear distinction between financial professionals and those less experienced.

The single biggest obligation in this area relates to best execution. This means that organisations not only have to define and publish a policy laying out how they intend to operate in the best way possible for their customers, but they also have to comply with it and retain evidence of how they have done so.

For retail clients, this relates mainly to choosing a financial instrument at the best price (including the exchange fee), but for professional customers, it also covers speed, volume and efficiency of the settlement process.

The third element of MiFID, however, only involves shares and introduces a new regime for execution venues. To date, only traditional stock exchanges have been highly regulated, but clear rules will now also apply to multi-lateral trading facilities or online exchanges such as eSpeed and TradeWeb and the newly created category of systematic internalisers. These are investment firms that will be allowed to act as exchanges for the first time.

The most onerous obligation for these organisations will be the requirement to publish pre- and post-trade records and report all transactions to the...

For more, click here...

...regulator — in the UK, this is the FSA. In the case of cross-border trades, however, the FSA will likewise have to forward a copy of the report to all affected local regulators.

The final category, meanwhile, is cross-border business, which means that investment houses will be able to trade in any European country they choose, but will also have to follow local business conduct rules rather than domestic ones.

So, who will be affected by this, when will the Directive become operational and what will it mean in IT terms?

MiFID will apply to all firms that are currently subject to the ISD, which includes investment banks, portfolio managers, stockbrokers, corporate finance companies, many futures and options firms and some commodity brokers. It will also apply to all organisations that operate a legal entity in Europe.

One of the key issues at the moment, however, is that much of the nitty-gritty of MiFID is still to be defined. Although a revised draft of the Directive was published at the start of February, already six months late, it is unlikely to be ratified by the European Parliament until June or July of this year.

Member governments will then need to vote the Directive into law before local regulators can decide on how individual regulations should be implemented. The final deadline for compliance is currently set at 1 November, 2007, although penalties for non-compliance have yet to be decided.

But the fact that everything has still to be set in stone is not reason enough for organisations to drag their feet. "The final level two draft proposals, which are implementation measures, were published on 6 February so there's no excuse for people not to start work. They're mandates on how to do things and while there might be some fine tuning as they're signed off by the European Parliament, they're unlikely to change that much," says Bearingpoint's Jenkins.

Nonetheless, he indicates that merely "a handful of international investment banks are on top of the game," while most organisations have only just begun to get started.

Those that have embraced the new Directive with most enthusiasm are wholesale traders, and particularly US-based organisations, on the sell-side, which are keen to become systematic internalisers and embrace the potential opportunities offered by the opening up of the market.

The most reluctant, however, have been those on the buy-side such as asset managers because they do not expect the forthcoming legislation to have as large an impact on them.

However, at this point, says Accenture's O'Sullivan, most firms should at least be at the strategic planning stage and should ideally be undertaking impact analyses to work out what they are going to spend and how.

Although figures vary enormously, the cost of compliance is expected to be about $22m for the average broker and as much as $35m for a tier one investment bank, with as much of half of that likely to go on IT.

Caldwell, however, warns compliance should not be regarded purely as an IT project, but predominantly as a business initiative as it affects everything from legal to operations and strategic and tactical decision-making. "It's not an IT project, but it's also very much of one because most of the implementation will probably take place at the IT level," he explains.

As a result, it is crucial that IT managers, who have so far been at the forefront of the push for compliance, involve the business as soon as possible in making key decisions. These include whether it wants to remain as it is, operate across Europe as soon as it can or enter the market gradually.

Based on the decisions taken at this stage, it will then be necessary...

For more, click here...

...to rework business processes and re-jig old systems or introduce new ones to support them, although there is no one-size-fits-all solution here and certainly no silver bullet.

"At the very least, IT can start reviewing systems and identify ones which are likely to run out of steam. For example, we know that a lot more market data will be circulated due to the new transparency rules and that firms will have to publish their trades and provide a quote for each stock before it's traded. So if those systems are already struggling now, they certainly won't cope under MiFID," explains Olivier Tardif, a senior consultant at Detica.

Other systems that are likely to need looking at fall under four broad categories. All customer databases will have to be tweaked to ensure they conform to the client reclassification regulations and companies will also need to keep records to show that they have undertaken up-to-date customer suitability and appropriateness checks.

Another essential is to ensure that front office systems are able to obtain incoming market data from all of the new execution venues and not simply traditional stock exchanges.

This will mean not only taking feeds from new sources, but also dealing with increased volumes of information so it is vital to ensure that current systems are up to handling this. It may also be necessary to introduce new order management or algorithmic trading systems, however, to automate more routine elements of the trading process and free up staff time to deal with more specialised tasks.

Meanwhile, if an organisation decides to become a systematic internaliser for the first time, they will need to be able to publish their prices and each trade that they undertake within a maximum of three minutes, which will require the purchase of a new system.

The obligation to report transactions at the end of each day to the FSA may likewise mean that there is an impact on reference data systems, which will need to be checked out.

Higher individual transaction volumes will also mean ensuring that straight-through processing using technology such as enterprise application integration software to glue different systems together is a given to guard against glitches in the clearing and settlement process.

All of this, however, is likely to require a review of the enterprise's infrastructure to ensure that networks are able to handle the strain and that storage and retrieval mechanisms are capable of providing records and other audit trails around orders, prices and trades.

"And when all these projects have been done, there'll be testing, migration and training to do as with any project," says Jenkins. "There's a shed load of work to do and not much time to do it in."

Therefore, it is crucial to establish what systems vendors are doing in terms of upgrades to help, but also to work out staffing needs and whether it will be necessary to hire in extra personnel to cope with spikes in workload.

Caldwell, for one, expects that demand for consultants will ramp up from the fourth quarter of 2006 to the early part of 2008, which means that it is likely to peak in the second quarter of 2007. As a result, he advises organisations to plan accordingly.

But all of this implies that life for IT managers is not going to be easy over the next couple of years as they struggle to cope with a morass of work and ever-tightening deadlines.

"The situation for IT is not going to be comfortable. They can't do much now because in most cases, the business hasn't decided how to move forward, but if systems aren't ready, they'll be the ones that are blamed,"concludes Detica's Tardif.

Editorial standards