2016 was meant to be a key year from a regulatory compliance standpoint. This perception was mostly driven by the timeline of MiFID II / MiFIR, the giant that dwarfs its predecessor in complexity and scope; the monster piece of regulation with tentacles
reaching out to virtually every other major directive or regulation: The Market Abuse Directive, the Capital Requirements Regulation, and the European Markets Infrastructure Regulation to name a few, with many of them overlapping and raising questions about
unintended consequences that are still being discussed.
However, the year has started with pretty much unanimous expectation that the European Commission will shortly enact legislation delaying the entry into force of MiFID II / MiFIR; by how much is still unknown, but there is already talk that one additional
year may not be enough.
The initial reaction to the first rumours of a possible delay was to assume that it might encourage market participants to “lift the foot off the gas”, but we believe that this is unlikely to be the case as, if anything, the delay underscores the enormity
of the challenge that lays ahead for the market as a whole.
It is unclear whether any further announcement will be accompanied by changes in the provisions themselves, but this should be of little relevance at this stage. What is clear is that firms will need to reassess their IT strategies and invest in technology
infrastructure in order to satisfy a broad range of requirements, and that firms not addressing this now will be forced to do so under much less favourable circumstances.
Big Data and market structure
One of the key aspects of MiFID II / MiFIR is that the empirical approach it follows for the definition and update of key regulatory attributes (Standard Market Size, LIS thresholds, definition of Liquid versus Illiquid Markets, to name a few) has resulted
in a complex and interrelated data circuitry.
Trading venues, regulated firms, market participants, national and supranational regulatory bodies will all be required to receive, process, store, access and, in short, make sense of a huge number of complex and extremely large datasets in a timely manner.
MiFID II / MiFIR is definitely pushing the market as a whole into Big Data territory, with the mastering of Big Data disciplines becoming a de-facto requirement for which a number of actors, including regulatory bodies, will struggle to be ready.
The heavy burden of technology debt
Data-intensive regulatory requirements will spread across the front, middle and back office functions, and their effective implementation will require the streamlining of data architecture strategy, regulatory requirements and operational workflows.
Firms not having a sound data architecture strategy as part of their regulatory programme are likely to be dragged down under the heavy burden of technology debt. Just as the cost of financial debt compounds over time, so does the cost of technology debt
with the addition of each sub-optimal process, a scenario that firms not having a sound data architecture strategy will be walking straight onto. In fact, if one were to monetise the cost of the accumulated technical debt, it would likely exceed the required
(but often deferred) investment to implement an appropriate data architecture strategy.
Following the above approach is not just highly recommended; it is also a regulatory requirement.
Regulatory authorities have become concerned with the risks that firms operating under heavy burdens of technology debt pose to the financial markets as a whole, and have addressed this via BCBS 239.
BCBS 239, which came into force in January this year, is to technology debt what CRD IV is to financial debt; it makes it a regulatory requirement for Global Systematically Important Banks (G-SIBs) to have in place appropriate IT and data architecture policies
to ensure, amongst other things, the integration of data taxonomies, the assurance of data accuracy, the minimisation of manual processes, and in short, the overall accuracy, consistency and reliability of data flows. Domestic Systemically Important Banks
(D-SIBs) are next in line.
In addition, and by way of short introduction to the next topic, it points to senior management as being ultimately responsible for ensuring that all regulatory requirements are met.
Compliance from the top and the emergence of ‘Regulatory Dashboards’
The concept of ‘compliance from the top’ is a prevalent theme across all major jurisdictions, requiring special attention especially in the UK, where the Senior Managers Regime enters into force in March 2016. This drive for accountability is designed to
ensure that senior management, all the way up to board level, will become an integral part of the compliance function.
This will require the development of a set of tools to allow senior management to demonstrate their compliance with a much more stringent set of requirements, as well as provide them with the required insight to ensure they are making the right decisions.
Regulatory dashboards will become key tools in providing them with real-time information, ranging from the effective enforcement of current regulations to the status of remediation programmes or regulatory compliance initiatives, whether as a whole or at
the level of specific provisions.
Based on the above it seems that at least from an IT strategy and infrastructure perspective, regulatory compliance will remain a top priority not just in 2016 but more likely than not throughout 2017 and beyond. Given the number and complexity of requirements
that firms will have to fulfil, this is certainly not the time to take your foot off the gas!