Your Straightforward Guide to the MiFID II Landscape


According to most commentators the majority of financial services firms are not fully compliant with MIFID II even as MIFID III is being discussed. Estimates vary that somewhere between 50-90% of firms (with even more on the buy-side) were not compliant at the initial January 3, 2018 deadline.

This is not good -- but it doesn’t have to be this way by any means. Let’s walk through it in the simplest terms possible. 

What's the goal of MiFID II, anyway?

Due to the sheer volume in transactions, the financial services sector is one of the most heavily-regulated industries in the world.  MiFID II’s essential aim is to make European financial markets more resilient, transparent and investor-friendly.

What are the main responsibilities of an organisation now?

The “big five” are:

  • Record Keeping: Capture records in context (think: native format) and preserve in an easy-to-view format.
  • Investor Protection: Act honestly and fairly -- and have the ability to demonstrate what happened.
  • Supervision: Develop policies and procedures -- particularly in relation to communication --  irrespective of channel.
  • Reconstruction: Firms must be able to supply regulators with communications regarding specific “trades” irrespective of platform and preserve context in an easy to view format.
  • Retention and Storage: Records must be available to clients for five years and to regulators for seven years. This includes instant messages, social media and web interactions.  You must also keep all records discoverable.

Need a refresh? Check out: What's the difference between MiFID and MiFID II?

And, if you don't comply with MiFID II?

Given the substantial penalties and reputational damage that could result from a lack of compliance, ignoring regulatory guidelines is not an option.

And more, while MiFID II has required changes within businesses, it should not be seen simply as an additional cost. Businesses should recognise the opportunities it offers – enabling increased resilience productivity and efficiency, and more importantly increased protection of the security of the business.  

Then, there's the next immediate challenge.

One initial challenge is the RTS 28 reporting requirements, with the first report coming due on April 30, 2018. Firms must have identified sources for the data to be included in their first RTS 28 report -- and need to be able to publish it in the required format. Firms will also need to ensure that their monitoring procedures have been suitably enhanced to incorporate the vast amount of execution-quality data which venues and SIs will be required to publish on a quarterly basis starting in Q2 2018.

Where does a firm begin?

Simplest terms: businesses need to be capable of managing their archiving infrastructure from a single console. Anything else will be too chaotic and run the business in multiple directions, which will detract from the central functions of the organisation.

The console must have automation features, be legally-defensible, and come from an organisation that understands the regulatory landscape in USA, Europe, and APAC. Elements of personalisation must be included within the console as well; every business is different.

Hanzo for MiFID II

Our solution works for eDiscovery, compliance, and investigations -- and we’re already helping financial services companies with MiFID II concerns. Explore our site or reach out for more information or a demo.



Explore compliance existentialism in this sci-fi inspired thriller:

 Does collaborative, dynamic content signal the dark ages for compliance organisations? Or, is our cumulative culture a beacon of humanity?