As of January 3rd 2018 investment firms trading in European regulated exchanges will need to be compliant with the regulations known as MiFID II. The stated purpose of the regulations are to make markets more efficient, resilient, and transparent and what many market participants are now realizing is the reporting requirements raise serious legal and compliance issues, regarding the security and privacy of personal data, which cannot be ignored.
MiFID II builds upon the MiFID (Markets in Financial Instruments Directive) introduced in 2007 which set out conduct of business, authorization, regulatory reporting, trade transparency and financial instrument trading admission rules for the EU regulated markets. The MiFID II regulations, in light of the financial crash, are designed to take into account changes to the markets since 2007; the scope of instruments covered in pre and post trade transparency have increased, a new trading obligation introduced for shares and certain non-equity derivatives, there are new rules governing HFT firms, and there is also an increase in the scope of the T+1 trade reporting obligation of investment firms.
With respect to T+1 reporting MiFID II has greatly increased the information that now needs to be reported to competent national authorities on a T+1 basis. Where MiFID reporting was limited to a subset of financial instruments and 23 data points, MiFID II has a much broader scope of instruments, 65 data points of information, and extends reporting obligations to buy side firms. To monitor for market abuse investment firms now, when relevant, need to report personal identifiers for any individual making the decision to buy/sell a reportable security, the individual responsible for the execution of a transaction, and the client/ individual acting on their behalf. Personal identifiers being requested by the national competent authorities include date of birth and passport numbers, and this is what is presenting many firms with challenges relating to data privacy and protection.
Coinciding with the launch of MiFID II is the launch of the EU General Data Protection Regulation which is designed to protect all EU citizens’ personal data, and for this, read personal identifying information such as that being requested for MiFID II reporting. Firms losing this information are liable to fines of up to 4% of annual global turnover and it also needs to be reported whether the information is stored externally in an external ‘cloud’ server. These data points need to be handled with care and not handed over to external reporting firms without a proper due diligence that the information is going to be protected.
Matterhorn Reporting Services, a company that specializes in regtech solutions that add value in the real world, are aware of the challenges faced by reporting firms, and want to leave these firms in control of their data. Matterhorn always takes into account the security challenges faced by firms, not just in protecting personal information but also in protecting sensitive trade information. The Matterhorn MiFID II solutions leaves data within the secure environment of the reporting company and it only leaves when it is being securely sent to the national competent authority. Minimal data input is required. Implementation does not require any IT effort. Read more about our MIFID services and solutions.