22 March 2018
Robin Smith


Robin Smith - Actiance

7Posts 44,440Views 0Comments


A place to discuss MiFID

Countdown to MiFID II: Are You Ready?

26 July 2017  |  6473 views  |  0

For firms still procrastinating about finalising their plans to accommodate the changes required to capture, archive, and easily retrieve electronic communications (eComms) in accordance with MiFID II, the clock is ticking. Loudly.

Although the 3rd January 2018 may seem a long way off, with almost every financial organisation initiating a change control freeze during December, the go-live date will effectively be the 30th November 2017.

This means that firms need to take action today in order to be ready to test their end-to-end compliance for electronic communications alongside other newly implemented MiFID II driven systems by mid-November.

Timeline for MiFID II eComms Compliance

With MiFID II compliance, Regulatory Technology (RegTech) is not implemented in isolation. Instead, it forms an integral part of the broader solution. Consider, for example, a firm running an eComms environment that might consist of Exchange, Skype for Business, Reuters, and Symphony, alongside public social media channels such as Twitter, LinkedIn, Facebook, and Instagram.

At the same time as implementing technology to capture, review, and archive relevant electronic conversations, other policies and procedures must be brought online or updated from MiFID I. This comes in the context of pressure to reduce costs and to show value to the business, perhaps by leveraging cloud-based storage and by migrating traditional on-premise applications to SaaS offerings.

  • MiFID II go live date:                       3 Jan 2018
  • Change control freeze:                     1 Dec 2017 to 3 Jan 2018
  • Effective MiFID II go live date:      30 Nov 2017

Working towards the intended go live date, below is a guideline on how to meet the requirements.


In order to reach a go-live date of early December firms should by now have in place the criteria that denotes success for the project, ie what needs to be achieved in order to comply with MiFID II, resource availability and a shortlist of the technology to be implemented.

Solution procurementConcluding Master Services Agreements, contracts, statements of work, confirming the bill of materials and then placing orders on the solution suppliers, can easily take 1-2 months in larger organisations.

Solution engineeringGiven the tight timelines, designing the missing elements of a MiFID II solution should be carried out in parallel with Solution Procurement, but where firms need to engage third-party resources this may not be possible.

Note: Significant elements of Solution Engineering will clearly need to have been completed prior to procurement to ensure the correct hardware and/or software licences are ordered and supporting Professional Services contracted where required.

End of August to End of September

Solution installationAny additional hardware required needs to be ordered, delivered, and installed. Once this is complete, software can be installed, configured, and integrated with the eComms networks already in use. Leveraging SaaS solutions or modules can help speed up this element.

End of September to Early October

Solution trainingClearly systems can’t be handed over to the Operations team unless they have been trained on how to support and maintain the solutions. In addition, users of the eComms Capture, eDiscovery and Supervision systems need to be educated on how to carry out their roles with new software components.


Solution testingDuring this phase, the engineering and operations teams should test the systems simultaneously to ensure they perform as expected. This also gives the operations team a chance to immediately apply the skills learnt in training the previous month and thus become more familiar with the new components.

Start of November

Solution handoverA milestone date for the solution to move across into a Business As Usual (BAU) state. The engineering team (whether internal or external consultant staff) should have finished testing the systems by now, so that they can be handed over to the operations team.

Early November to Start of December

Mock tests and remediationDuring this period systems introduced to comply with MiFID II should effectively be in a Business As Usual (BAU) state and a series of simulated tests should be undertaken to build upon October’s Solution Testing phase. This will enable firms to internally validate that electronic communications are being controlled and captured properly, and provide time to build a remediation plan for any short-falls.

What the timeline doesn’t consider

This scenario pictures a financial organisation that has already considered the problems that need to be overcome in supporting MiFID II requirements such as how to incorporate the use of new communication tools such as WhatsApp and more fundamental challenges such as:

  • ROI and justification for cloud archiving, although the trend in FinServ is now towards “Cloud first, justify on-premises”.
  • Centralisation of archived data to provide a single pane of glass onto all eCommunications. This will also help reviewers who are already struggling managing content distributed over a dozen different systems.
  • Reviewing existing email archives, which frequently don’t understand the diverse messaging-types that must be captured for eDiscovery and Supervised.

In addition, any global organisation that processes European citizens’ data needs to consider the wider implications of GDPR (General Data Protection Regulation), which comes into force on 25 May 2018. Although there are many complementary aspects, some are in direct conflict with MiFID II, so it makes sense to develop policies and processes, and the methods to enforce them, at the same time to avoid unpicking or replicating effort at a later date.

While even the regulators may not be quite ready for the 3 January 2018 deadline, with no system such as the “no-action letters” used by US regulatory bodies such as the SEC to offset regulatory sanctions under certain conditions, it’s likely that financial organisations will need to demonstrate they are complying to the best of their abilities. Delaying now may cost firms one almighty hangover come the new year.

TagsRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Robin

eComms is changing, and so is compliance - are you?

22 February 2018  |  3089 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationGroupFinancial Services Regulation

WhatsApp and WeChat - the next big headache for compliance?

13 November 2017  |  4558 views  |  0 comments | recomends Recommends 1 TagsRisk & regulationInnovationGroupFinancial Services Regulation

Archiving in the cloud: A Compelling Proposition

07 November 2017  |  7098 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulationGroupBusiness Knowledge for IT

Countdown to MiFID II: Are You Ready?

26 July 2017  |  6473 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationGroupMiFID

Robin's profile

job title Technical Director International
location Theale
member since 2017
Summary profile See full profile »
Robin Smith has over twenty years' experience of security and compliance solutions within a wide range of networking and messaging systems.

Robin's expertise

Member since 2017
6 posts0 comments
What Robin reads
Robin's blog archive
February 2018 (1)2017 (6)

Who's commenting on Robin's posts