MiFID II comes into effect on 3 January 2018 and will likely require fund managers to make significant changes to their systems, governance and controls & procedures.
One of the first preparatory steps to take is for fund managers to gain a clear understanding of exactly how the regulation will impact them through an impact assessment and gap analysis.
Developing an implementation project plan is not an easy task and will require a joined up analysis across the various functions of the firm. Some key areas of focus will centre around commissions, the use of research and how it is paid for going forward; obligations around best execution; transaction reporting and record keeping; as well as regulatory reporting, data management and phone recording.
According to George Ralph, Managing Director of RFA, whose fully managed IT offering gives alternative fund managers complete technology infrastructure support, the reporting and the recording of information is going to be the biggest challenge to most fund managers.
“Our approach is to help clients prepare for MiFID II from a technical perspective. In addition to working out the scope of work, it is necessary to identify the gaps in the client’s current communications and data management infrastructure; identifying data retention requirements, working out the data lifecycle to determine where and how they will need to store the data. And finally, identifying a trusted partner who can manage their infrastructure in compliance with the new regulation.”
Gap analysis will typically involve identifying gaps in a manager’s existing workflow and business process, or in the solutions being provided by their vendors. Take data categorisation, for example. Ralph says that working out how to classify data sets and ensuring the categorisation is accurate and complete is going to be critical, “And I don’t think many fund managers have yet established a clear roadmap that sets forth how and where to begin this.”
“The data categorisation exercise overlaps somewhat with GDPR, which already presents challenges. We have one client who buys and sells pension debt. That data is going to contain people’s health records because of their due diligence process. Even if the fund manager adequately stores and protects their data, their data processor could still be on the hook under GDPR if they do not do the same and would face a potential 4% penalty.
“There is more focus on the service provider now, and a move under GDPR towards more of a shared risk model, which is how we have been working as a firm for years.”
Ralph notes that taking a partnership approach is important and needs to be led in conjunction with the CCO or COO. “The CCO/COO will know, from a compliance perspective, what to look for and our role, effectively, is to help them put the pieces of the puzzle together. If you get into the weeds of MiFID II, even the communications recording – i.e. video conferences, face-to-face meetings, phone conferences – will create three different sets of data.”
“There are lots of questions that relate to how you read metadata in different data formats to create the necessary output in one place,” says Ralph, adding that firms will be required to store voice data for five to seven years.
For smaller fund managers, this could prove prohibitively expensive. “What I advise our clients is to plan for seven years,” concludes Ralph.