How prepared do you think the financial services industry was for the 3 January second Markets in Financial Instruments Directive (MiFID II) deadline?
Matt Gibbs: Purely from a result perspective, the majority of asset managers produced the appropriate reports, had research commission unbundled and best execution policies in place. However, in order to facilitate this, a number of workarounds and limitations on business had to be implemented. The majority of these may be removed as solutions are identified/implemented but it does demonstrate that there is still work to be done and the industry was not 100 percent prepared.
Although the compliance deadline has passed, what do you think firms should be focusing on in the coming months?
Gibbs: Removing workarounds and imposed business limitations must be top of the list as will readiness for regulatory technical standard (RTS) 28 reporting as that deadline approaches. RTS 28 comes into effect in April and requires firms to report their top 5 trading venues for any of the 22 asset classes identified by The European Securities and Markets Authority (ESMA). Once clients and type of activity are identified, an appropriate template must be completed and include a commentary on the statistics.
This must be both human and machine readable formats and published on a website that can be accessed by the public.
What challenges do you expect to see over the next 12 months around MiFID II?
Gibbs: Further clarity on the reporting data sets are expected and must be implemented as the industry standardises some remaining grey areas. It is also expected that the fixed income and foreign exchange markets will evolve to respond to the regulatory changes.
For non-equity- like instruments there remains a lot to be decided when it comes to the manner in which executions are located.
The traditional request-for-quote process will come under further scrutiny in regards to best execution when comparing it to the equity-like order book methodology.
The introduction of systematic internalisers (SIs) will again add an additional complication to this already selective process.
With 2018 being a busy year in terms of regulation, how will the rollout of GDPR affect the financial services industry?
Jon Trinder: The General Data Protection Regulation (GDPR) is another far reaching piece of legislation that has to be implemented in 2018, on top of the MiFID II, Packaged Retail and Insurance-based Investment Products (PRIIPs), the extension of the Senior Managers Regime, etc.
These data protection regulations not only impact at the product level, for example, what data can be gathered from customers, but they also regulate employee data. Companies will really need to think about what data they are collecting, why it’s being collected, ensuring they have the consent to do so. In an increasingly outsourced, cloud orientated world, firms may need to reconsider their arrangements if any data is being transferred outside the EU, to ensure the same level of protection as if the data is held in the EU.
What challenges will GDPR bring to the financial services industry? And what are the consequences for not meeting GDPR requirements?
Trinder: Financial services will need to rethink their product development to incorporate data protection by design. The regulation aims to give individuals back the ownership of their data, giving them the right to access it and the right to be forgotten by companies.
Firms should have carried out a full data inventory by now and should be in the final stages of implementing their response plans.
But with all the spinning plates that firms have at the moment, there is a real danger that one of them is going to be picking up the porcelain. The consequences of non-compliance under GDPR can be fairly punitive, up to €20 million, or 4 percent of global turnover, whichever is the greater.
So very significant indeed and the burden of proof lies with the firm to prove compliance. It can be tricky to prove you don’t have something sometimes.
