Newsletter | Volume 1

Issue I
Issue II
Issue III
Issue IV
Issue V
Issue VI
Issue VII
Issue VIII
Issue IX
Issue X
Issue XI
Issue XII
Issue XIII
Issue XIV
Issue XV
Issue XVI
Issue XVII
Issue XVIII
Issue XIX
Issue XX
Issue XXI
Issue XXII
Issue XXIII
Issue XXIV
Issue XXV
Issue XXVI
Issue XXVII

click here to

Subscribe to our newsletter



To Unsubscribe click here

Uncertainty on MiFID II and other financial regulatory compliance issues continue

For MiFID II implementation there remains an enormous amount of work left to be done because it primarily affects all stakeholders. At the 10th annual European GRC Summit, we will provide an update to the proprietary trading community on MiFID II and other financial regulatory compliance mandates.

After the implementation deferral in about a year The European financial watchdog, ESMA, is expected to release final technical standards. One of the big concerns for all financial institutions is the uncertainty regarding firms dealing with the legislation in such a significant compliance package as MiFID.

The concern most financial services companies have is that regulatory compliance is a greater burden than it needs to be. The worry is not just about getting ready to comply with new rules and regulations that all financial companies are subjected to. The current predominant approach is the simple processing of documentation that satisfies the national regulator and oversight authorities. It is a cumbersome affair due to the fragmented and unstructured approach to compliance and all applicable rules.

Those institutions that started on the 'automation' journey were set aback with the deferral, and later in the year will not have a huge amount of time to get the work done by year end 2016. Here are some of the real compliance issues that most companies have to deal with during the current impasse to achieve some structured framework approach to complying;
  • For all financial services institutions, risk management is paramount. Lack of structured and documented risk management will keep regulators unaware of the business mechanics and disclosures. Therefore, companies must clarify what will be explicit or implicit regarding what needs to be prepared to comply with the risk management components.
  • If the regulatory risks ultimately result in a "tick box and documentation exercise" - it is going to be an expensive one.
  • There has to be some effort in the technical standards to build in a degree of proportionality. The listed derivatives industry in Europe is populated by some smaller firms. However, the regulators still do not question whether the requirements are more suited to the banking sector in general, or investment companies with many clients. Outsourcing some of the regulatory issues can be an option to look into.
  • In spite of the efforts, technical standards and the degree of proportionality, some of the regulatory compliance obligations are binary in nature, that everyone will have to comply with.
  • There must be a built-in measure of "future-proofing" the current regulation because prescriptive rules such as those related to technology development become obsolete. Forward integration is a preferred option.
  • Everybody in the business is somehow caught in the compliance net and will profoundly change the counterparty relationship with third parties. The complication is that some vendors are unregulated, and can modify the way the industry works together.

Those companies that are newly regulated under the MiFID II regulation cannot take the recent implementation delay for granted. First, you are required to be authorized if you are not already covered by MiFID, and are a direct participant of a venue, or a market maker, or have direct electronic access.

To have an effective compliance program, an organization must establish and maintain an organizational culture that "encourages ethical conduct and a commitment to compliance with the law. Therefore, structure the MiFID and other implementation by ensuring that senior management with can exercise effective oversight with direct reporting authority to the governing body or appropriate subgroup has provided that written policies and procedures, training and education and effective lines of communication are established, followed by GRC standards, disciplinary guidelines, internal compliance monitoring and the right response to detected offenses with corrective action plans, including assessment and modification of the compliance and ethics program, with periodic Risk Assessments.

More on the above and related subjects at the Financial Services workshop at the 10th annual European GRC Summit. www.grcassembly.com