UK organisations unprepared for EU financial instruments directive

07 December 2017

There are now less than 30 days to go before the legislation comes into force with tough financial penalties for non-compliance.

There are now less than 30 days to go before the legislation comes into force with tough financial penalties for non-compliance.

The Markets in Financial Instruments Directive (MiFID II) comes into force on 3 January 2018, but 39 per cent of UK financial organisations are unaware whether their organisation is compliant or not, says new research.

In November, managed cloud service provider Timico surveyed  those who are responsible for collaborative technology in the financial sector. It included small investment firms as well as large corporates, and polled 500 IT managers, IT directors, CTOs/CIOS, CEO/MDs and FDs, and HR personnel.

Just eight per cent said employees were fully aware of the legal implications of MiFID II and had received training on the processes required to be compliant.

MiFID II is EU legislation that regulates firms who provide services to clients linked to ‘financial instruments’ (shares, bonds, units in collective investment schemes and derivatives), and the venues where those instruments are traded. 

Part of the directive states that firms will be obliged to record all communications that are intended to result in a transaction. Regardless of the original source, whether on a mobile phone, legacy call recording system, cloud based solution or a newly installed recording system, it says recordings must be stored for at least five years.

A quarter of the respondents in Timico’s survey revealed that they are not yet compliant with recording technology, and 29 per cent said they are still going through the compliance process. 

This is despite the fact that companies can be fined up to €5 million or 10 per cent of annual turnover for non-compliance.

The study also found that 14 per cent of staff were unaware of what processes are required to be compliant and 37 per cent are in the process of initiating a training programme.

Timico says what is also “worrying” is that 41 per cent did not know if staff were aware of the legal requirements of MiFD II or had received any training on the legislation.

“With just under a month to go and Christmas holidays in between, it’s clear that many businesses are massively unprepared for MiFID II, despite having had the last 12 months to prepare for the impending legislation,” says Timico CTO Kevin Linsell. 

The firm also found that there was a lack of mobile compliance and that firms are oblivious to BYOD policies.

Of those polled, 35 per cent were unaware if there was a BYOD compliance strategy in place in preparation for the directive, while 12 per cent stated that there was no policy in place to adhere to the new requirements.

Daisy Group's Alex Mawson points out retrieval of recordings is just as important as their storage.

Daisy Group's Alex Mawson points out retrieval of recordings is just as important as their storage.

Forty two per cent said that they do not have a mobile compliant platform in place to record calls.  

Alex Mawson, product director of voice networks at Daisy Group, says MiFID II brings a whole new level of mandatory transparency expanding the remit to mobile calls and text messages on both company-provided and personal devices. 

He adds that as well as the functionality to record communications via landlines and mobiles, those affected must consider how and where recordings are stored, and how easy they will be to access. 

“The recordings, regardless of whether they are trader to customer or trader to trader, will contain sensitive information, so security must be high on the agenda. The digital file size of the recordings must also be carefully considered,” says Mawson.

“Although MiFID II states that it is only those conversations that could lead to a transaction or trade that must be recorded, can you really risk not recording all communications? That could mean enormous data storage capacity is required.”

Mawson goes on to point out that within the new MiFID II guidelines, retrieval is just as important as storage. So another important aspect to be considered is how recordings can be easily identified. 

“When did the communication take place, where, between whom and who initiated the contact? All the finer details surrounding the recorded communications must also be logged. 

“The transparency required by the legislation is designed to uphold the integrity of all those involved in financial transactions; protecting both parties – the customer and the business.”