For firms still procrastinating about finalising their plans to accommodate the changes required to capture, archive, and easily retrieve electronic communications (eComms) in accordance with MiFID II, the clock is ticking. Loudly.
Although the 3rd January 2018 may seem a long way off, with almost every financial organisation initiating a change control freeze during December, the go-live date will effectively be the 30th November 2017.
This means that firms need to take action today in order to be ready to test their end-to-end compliance for electronic communications alongside other newly implemented MiFID II driven systems by mid-November.
Timeline for MiFID II eComms Compliance
With MiFID II compliance, Regulatory Technology (RegTech) is not implemented in isolation. Instead, it forms an integral part of the broader solution. Consider, for example, a firm running an eComms environment that might consist of Exchange, Skype for Business,
Reuters, and Symphony, alongside public social media channels such as Twitter, LinkedIn, Facebook, and Instagram.
At the same time as implementing technology to capture, review, and archive relevant electronic conversations, other policies and procedures must be brought online or updated from MiFID I. This comes in the context of pressure to reduce costs and to show
value to the business, perhaps by leveraging cloud-based storage and by migrating traditional on-premise applications to SaaS offerings.
- MiFID II go live date: 3 Jan 2018
- Change control freeze: 1 Dec 2017 to 3 Jan 2018
- Effective MiFID II go live date: 30 Nov 2017
Working towards the intended go live date, below is a guideline on how to meet the requirements.
In order to reach a go-live date of early December firms should by now have in place the criteria that denotes success for the project, ie what needs to be achieved in order to comply with MiFID II, resource availability and a shortlist of the technology
to be implemented.
Solution procurement—Concluding Master Services Agreements, contracts, statements of work, confirming the bill of materials and then placing orders on the solution suppliers, can easily take 1-2 months in larger organisations.
Solution engineering—Given the tight timelines, designing the missing elements of a MiFID II solution should be carried out in parallel with Solution Procurement, but where firms need to engage third-party resources this may not be possible.
Note: Significant elements of Solution Engineering will clearly need to have been completed prior to procurement to ensure the correct hardware and/or software licences are ordered and supporting Professional Services contracted where required.
End of August to End of September
Solution installation—Any additional hardware required needs to be ordered, delivered, and installed. Once this is complete, software can be installed, configured, and integrated with the eComms networks already in use. Leveraging SaaS solutions
or modules can help speed up this element.
End of September to Early October
Solution training—Clearly systems can’t be handed over to the Operations team unless they have been trained on how to support and maintain the solutions. In addition, users of the eComms Capture, eDiscovery and Supervision systems need to be
educated on how to carry out their roles with new software components.
Solution testing— During this phase, the engineering and operations teams should test the systems simultaneously to ensure they perform as expected. This also gives the operations team a chance to immediately apply the skills learnt
in training the previous month and thus become more familiar with the new components.
Start of November
Solution handover—A milestone date for the solution to move across into a Business As Usual (BAU) state. The engineering team (whether internal or external consultant staff) should have finished testing the systems by now, so that they can
be handed over to the operations team.
Early November to Start of December
Mock tests and remediation—During this period systems introduced to comply with MiFID II should effectively be in a Business As Usual (BAU) state and a series of simulated tests should be undertaken to build upon October’s Solution Testing
phase. This will enable firms to internally validate that electronic communications are being controlled and captured properly, and provide time to build a remediation plan for any short-falls.
What the timeline doesn’t consider
This scenario pictures a financial organisation that has already considered the problems that need to be overcome in supporting MiFID II requirements such as how to incorporate the use of new communication tools such as WhatsApp and more fundamental challenges
- ROI and justification for cloud archiving, although the trend in FinServ is now towards “Cloud first, justify on-premises”.
- Centralisation of archived data to provide a single pane of glass onto all eCommunications. This will also help reviewers who are already struggling managing content distributed over a dozen different systems.
- Reviewing existing email archives, which frequently don’t understand the diverse messaging-types that must be captured for eDiscovery and Supervised.
In addition, any global organisation that processes European citizens’ data needs to consider the wider implications of GDPR (General Data Protection Regulation), which comes into force on 25 May 2018. Although there are many complementary aspects, some
are in direct conflict with MiFID II, so it makes sense to develop policies and processes, and the methods to enforce them, at the same time to avoid unpicking or replicating effort at a later date.
While even the regulators may not be quite ready for the 3 January 2018 deadline, with no system such as the “no-action letters” used by US regulatory bodies such as the SEC to offset regulatory sanctions under certain conditions, it’s likely that financial
organisations will need to demonstrate they are complying to the best of their abilities. Delaying now may cost firms one almighty hangover come the new year.