Why should banks and brokerage houses start focusing on the MiFID II Directive now?

The works of a bank on MiFID II/MiFIR – a new set of EU regulations the purpose of which is to ensure protection for investors, corporate governance, and market transparency – must be accelerated even now.  As regards MiFID I, the reporting of events concerning securities and derivative transactions to a regulator shall take place in a new way and shall include, among other things, providing information, which has not been collected so far (e.g. a ‘decision maker’), with characteristics that are different from those in EMIR, and it will involve the use of a new technical format of data.

The forthcoming changes concern brokerage and banking activity, which shall lead to modifications in IT systems used by the treasury and custody departments, as well as by brokerage offices/houses. In order to prepare and implement the solutions on time (January 2018) one needs to realise that the volume of the contents of the regulations is seven times that of MiFID I.

The scope of the reported data will be about a dozen times greater (more transaction types, complicated exceptions, various types of contracts dedicated to various entities, the possibility of reporting on behalf of a third party, more fields, events accompanying a transaction, a different data format). IRS transactions, which have not been reported so far, are a good example, although only some events related to them shall be submitted to the Polish Financial Supervision Authority.

New areas will be included in the requirement, for example, custody, which means that reporting will now include, among other things, the transfer of securities between client accounts.

Moreover, redundant and double reporting will be prohibited. A bank or a brokerage house must determine the scope of the reported information precisely and inform the Polish Financial Supervision Authority about incidents of reporting information outside of the required scope. Banks and brokerage houses shall also be obliged to implement (at the request of the NCA) a process of reconciling the already reported information with source systems and identify the unreported transactions, as well as store information about the correction or deletion of a report.

Taking into account the ESMA guidelines, in order to fulfil the requirements, an IT system must enable reporting to the supervisor in a non-redundant manner and without repetitions, and ensure: the testing of the reporting process, reconciliation with the data samples from the NCA, completeness, exclusion of errors, agreement with the actual state of affairs, timeliness, and transparency before and after transactions.

Considering that reporting is one of the dozen or so important requirements of MiFID II/MiFIR, which have an influence on IT systems, and that those requirements are interrelated, the scope and degree of the complexity of regulatory projects to be realised in 2017 are great and exceptionally so. Very soon there shall be, in the same areas of banking, an obligation to implement EMIR II, SFTR, or PRIIPS.

An implementation project in a bank with the use of the Cesarz_MiFIR system by the Risco Software Company, dedicated to the MiFID II/MiFIR regulations, includes, among other elements:

1. The identification of source systems and the search for transactions and events in them.
2. Mapping for regulatory reports.
3. Additional logic of data processing, validation, notification, and automation.
4. A plan of the data flow, including an indication of the necessary business, process, and technical changes.
5. Programmed interfaces for source systems, regardless of their type / the manner of access, including appropriate tagging of events from CRM systems.
6. Data migration from the existing reporting applications.
7. Solutions for the management of data retention for auditing purposes.
8. The organisation of business reporting processes, with dedicated solutions concerning the principles of logging in / safety.
9. The selection of a mode (U2A or A2A), a scenario (proprietary and client – the so-called third-party – transactions), entities (bank transactions or, additionally, brokerage office transactions), sending data to a regulator and the regulatory scope (including other reporting systems, e.g.: EMIR, SFTR).

Cezary Gocłowski, Kamil Kabara, Financial Monthly Bank 03/2017