White Paper. The Impact of MiFID II and MAR on Communications Compliance

Transcription

1 White Paper The Impact of MiFID II and MAR on Communications Compliance June

2 1 Introduction Overview of MiFID II and MAR Delta to current Communication requirements Obligations deep dive Capture Monitoring Evidencing Implementation challenges Tracking and analysing National transposition rd country complications Extraterritorial application Interdependencies Digitisation of voice trading Keeping records of unexecuted orders Use of mobile phones within firms Trade reconstitution Flexibility on formatting of records Implementation approach Conclusion

3 1 Introduction Financial services organizations worldwide are under increasing pressure from mounting global regulations. The latest regulations MAR (effective since 3 July 2016) and MiFID II (takes effect on 3 January 2018) are broadening the scope of employees, asset classes, communication channels, and devices that need to be recorded and monitored, while also mandating proof of compliance and imposing escalating fines for compliance lapses. NICE has asked JWG Making Sense of Financial Regulations to review in this White Paper the communications related requirements under the MAR and MiFID II frameworks, as well as other relevant legislation. JWG also explains in this White Paper the key challenges for complying with MAR and MiFID II with regards to policies and procedures, applications, data and infrastructure. In the Summary of this White Paper we will highlight the NICE solutions that are available to help financial institutions to comply with these growing financial communication regulatory requirements of MAR and MiFID II. For more information and the latest updates on MiFID II with regards to communications compliance go to 3

4 2 Overview of MiFID II and MAR The first Markets in Financial Instruments Directive (MiFID) came into force in November 2007 replacing the Investment Services Directive. MiFID had relatively modest aims of improving competitiveness and to ensure adequate levels of investor protection were maintained within financial markets across the European Union (EU). As with most EU legislation, MiFID obligated the European Commission to review the application and impact of the regime for many years after its implementation. MiFID followed the financial crisis of 2008 and consequently, the review resulted in new legislation; comprised of the second Markets in Financial Instruments Directive (MiFID II) and the Markets in Financial Instruments Regulation (MiFIR). This new legislation deals not only with the shortcomings of MiFID but also with the lessons learnt during the financial crisis, taking the growing complexity of technology and financial innovation into account. Therefore, although the origins of MiFID II can be traced back to its precursor, the new Directive and the accompanying Regulation (MiFID II/R) represent a complete overall of the existing obligations. Although these changes were set to take effect from 3 January 2017, growing concern surrounding whether the regulator and the industry would be ready in time, resulted in the decision to delay the effective date of the legislation, until 3 January In parallel EU policy makers reworked the market abuse framework, producing a new Market Abuse Regulation (MAR) and the recast Directive on criminal sanctions (MAD) which were drafted and adopted in conjuncture with MiFID. Although the provisions listed in Article 39(2) of MAR will apply from 3 July 2016, many MAR requirements will become applicable on the MiFID II deadline (3 January 2017), due to their affiliation with MiFID II. The new MAR was established to ensure that regulation keeps pace with market developments, such as new technology, and aims to strengthen the fight against market abuse across commodities and related derivative markets. MAR expands the definition of Market Abuse to include more offences including, attempted insider dealing and the manipulation of benchmarks. It also increases the obligations on firms by shifting the emphasis towards intended abuse and global monitoring. Whilst MAD complements MAR, by requiring all Member States to provide harmonised criminal offences of insider dealing and market manipulation, the new Directive is not adopted in the UK. Even so, many regulations, including the Criminal Justice Act 1993, Fraud Act 2006, Financial Services Act 2012 and Companies Act 1980, protect the industry from market abuse offences. With MAR and MiFID II together, they are set to change the regulatory landscape as we currently know it. The impact on banks and other financial institutions will be significant. MiFID II will ultimately result in a more transparent market place with customers receiving more information than ever regarding the nature of products and services offered. This will drive competitiveness in financial markets and, in the end, enable firms to leverage the MiFID II challenge into an opportunity to create an enhanced customer experience. Whilst MAR has enormous implications for the scope of market abuse monitoring. Communications is an area of significant impact in terms of both regimes, with new and more prescriptive requirements across trading, investor protection, reporting and governance work-streams (see figure 1). This means that firms will be required to capture a much larger scope of data, across a much larger scope of activities, store it for longer periods of time, apply more robust monitoring and real-time analytics to it and then be much more effective and efficient in evidencing this process to the regulator. 4

5 Stream Records Investor protection Trading Reporting Client classification: initial assessment of suitability and appropriateness as well as changes to the status of the client, by whom and when Providing information to clients, including marketing communication and investment research Recording details of the product and service offered Best execution stats Execution of the order: including logging how aggregated orders / splits are dealt with, identifying the amount allocated to each client with date and time of allocation; re-allocation; revealing inducements and giving appropriate warnings on risks; records kept on sending and receipt of order by client Noting what the internal and external rules of conducting trades were at the time Records that support trading execution decisions, e.g. pre and post-trade analytics Disclosing pre and post trade data to the market as close to real time as technically possible Maintaining records of execution of client orders Maintaining a record of transactions Recording periodic statements sent to clients Governance Records that show how the firm is safeguarding client assets Noting activities that might engender detrimental conflicts of interest A tamper-proof environment with auditability of any changes or deletions and why they were made, when and by whom Maintaining records of the firm s internal organisation, policies and procedures for compliance Maintaining records of written reports to senior management Maintaining records of complaints received and how these were dealt with in writing Figure 1: Communications obligations across work streams Ultimately, this is going to require firms to reconsider several key business decisions. Initially, firms will have to rethink their commercial strategy focusing particularly on the products offered, trading platforms operated and the sustainability of certain business functions. Firms will also have to determine the impact of the legislation from an operational perspective and the legislation is likely to impose a great degree of change in the trading workflow, such as; how certain products are traded, how traders or business functions interact with clients and how clients are categorised. The onerous data capture, monitoring and reporting requirements under MiFID II and MAR will heavily impact technology systems. 5

6 3 Delta to current Communication requirements For most firms, the logical place to start with these new communications related requirements will be to review the level of change from existing communications requirements under the existing MiFID framework, as well as other legislation. MiFID I requires records to be kept of its business and internal organisation, including all services and transactions undertaken by it, which must be sufficient to enable the appropriate regulator to monitor the firm's compliance with the existing requirements with respect to clients. This is typically interpreted to mean communications with clients regarding classification, suitability and appropriateness, product and service offering and best execution. When analysing the new requirements there are 4 key deltas: Activities to be captured: The combination of MiFID II and MAR greatly expand the number of activities which need to be captured. In particular, MiFID II, being much more prescriptive than its predecessor. Activities such as all telephone and electronic communications and market communications are now explicitly in scope. Data to be captured: The number of data fields which must be captured is also greatly increased from current obligations. For example, for transaction reporting purposes the number of required data fields has expanded from 23 to 65. This fact in combination with the increase in the number of activities which need to be captured meant that the net effect is a massive expansion in the necessary capture capabilities. Monitoring: The emphasis in both MiFID II and MAR shifts away from the existing emphasis on simply capturing records in order to be able to retrospectively understand any problems or discrepancies towards obligating firms to be actively monitoring and running analytics against their data in order to identify issues prior to their occurrence. This includes monitoring phone records of transactions (MiFID II) and monitoring communications for the intent to commit any form of market abuse (MAR). Evidencing to regulators: Obligations regarding providing evidence to regulators are set to become much more invasive which will necessitate greater data retrieval and reconciliation capabilities. The focus of the new rule is on being able to demonstrate compliance to the regulator on request on an ad hoc basis. Understanding these deltas is crucial to determining the impact and implementation strategy for these new regulations. However, more fundamental is that the existing requirements are being met effectively and efficiently to the correct extent. The reality is that for many, a MiFID II communications implementation begins with a remediation of existing requirements which have not been implemented fully. There are also a significant number of firms which only come into the scope of these rules under MiFID II, as it widens the scope of an investment firm. For these firms looking at the delta from existing requirements is redundant as they will have to implement the full set of new requirements from scratch. This will be the case in particular, for many commodities trading firms and firms which exclusively deal on their own account. 6

7 4 Obligations deep dive This is an overview of the communications related requirements in MiFID II and MAR: Area Detail Activities to be captured and stored A non-exhaustive list of minimum records have been prescribed to harmonise practices across the EU. Delegated Acts 79,80 MIFID II Recording of all telephone conversations and electronic communications is now required. - MiFID II article 16.7 ESMA considers that some internal calls are subject to the MiFID II recording requirement where the internal call in question relates to or is intended to result in transactions in the provision of investment services subject to the telephone recording requirement. ESMA technical advice 2.6 MiFID II The content of face-to-face conversations with clients should be documented (by a file note), with the minimum content of the file note prescribed. ESMA has noted that this record need not be kept in a minuted form, specifically, but should be kept in a durable medium. ESMA technical advice 2.6 MiFID II (FCA have clarified that these do not necessarily need to be taped) Collect and keep all records of insider lists, market soundings and investment recommendations Market Abuse Regulation Monitoring Firms must take reasonable steps to prevent employees and contractors engaging in telephone conversations and electronic communications on privately owned equipment that the firm is unable to record or copy. Firms can adopt a proportionate, risk-based approach to monitoring phone records of transactions ESMA technical advice 2.6 MiFID II Monitor all client communications for any investment recommendations meeting the criteria laid out in the Market Abuse Regulation in order to ensure appropriate disclosure is provided Monitor communications for intent to commit market abuse - Annex II Section 1 MAR Evidencing to regulators An investment firm shall, in relation to every initial order received from a client and in relation to every initial decision to deal taken, immediately record and keep at the disposal of the competent authority at least the details set out in Section 1 of Annex IV to this Regulation to the extent they are applicable to the order or decision to deal in question. EC Delegated Regulation of article 74 MiFID II Investment firms shall establish, implement and maintain accounting policies and procedures that enable them, at the request of the competent authority, to deliver in a timely manner to the competent authority financial reports which reflect a true and fair view of their financial position EC Delegated Regulation of article 21(4) MiFID II Figure 2: Overview of communications related requirements in MiFID II and MAR 7

8 4.1 Capture Telephone conversations (MiFID II Article 16.7): All telephone and electronic conversations are now in scope for recording including internal calls where the internal call in question relates to or is intended to result in transactions Order records (MiFID II Delegated Acts 79, 80): All order records must be kept for the much-expanded scope of MiFID II activity in terms of in scope instruments, products and trading venues. Records are needed for all conversations involving a firm s representatives when dealing, or intending to deal, on own account. Where orders are communicated by clients through other channels than by telephone, such communications should be made in a durable medium. Face to face records (MiFID II ESMA technical advice 2.6): The content of face-to-face conversations with clients should be documented (by a file note), with the minimum content of the file note prescribed. Investment recommendations (MAR Article 3.1): The contents of any investment recommendation provided to a client must be kept. The difficultly that firms are facing here is the sheer amount of work and effort that will go into being able to track who has said what to who and when. A person may make dozens of recommendations each day over the phone or face to face that s how relationships between the sell-side and buy-side are nurtured. To comply with MAR, the very essence of how business is conducted will need overhauling. Trading records (MAR Article 8 and 10): Any employees that have access to or come in contact with Material Non-Public Information must be recorded. Benchmarks (MAR Article 3): Firms that are a benchmark submitter must capture all communications with other submitters, within the same firm, or externally. 4.2 Monitoring Telephone records (MIFID II Article 16.7): Firms must take reasonable steps to prevent employees and contractors engaging in telephone conversations and electronic communications on privately owned equipment that the firm is unable to record or copy. Firms can adopt a proportionate, risk-based approach to monitoring phone records of transactions Investment recommendations (MAR Article 3.1): A clear distinction will need to be made between hard facts and opinion, estimates or interpretations and any forecasts and price projections will have to be labelled as such. If any of the inputs are considered to be unreliable, these will have to be disclosed. Conflicts of interest (MAR Article 3 and MIFID II Article 38): A conflict of interest is defined as arising if relationships and circumstances exist that may reasonably be expected to impair the objectivity of the recommendation. This captures commercial relationships (e.g., market making for the issuer s instruments) through to positions/holdings that the recommender may have in the relevant issuer. Intent (MAR Annex II Section 1): Firms will need to monitor all forms of communications for Fraudulent Trading Practices and Intent. 8

9 4.3 Evidencing Evidencing (MiFID II EC Delegated Regulation of article 74): An investment firm shall arrange for records to be kept of all services, activities and transactions undertaken by it which shall be sufficient to enable the regulator to fully understand, upon request that the investment firm is meeting its obligations Telephone conversations (MiFID II Article 16.7): Telephone records must demonstrate the development of firm-client relationships and verify compliance with regulatory obligations as well as detect and prove the existence of market abuse Investment recommendations (MAR Article 3.1): A recommendation s/strategy s history will need to be included, as will a history of recommendations made for that particular issuer or instrument an incredibly difficult task. How do you keep track of all conversations which may have contained a recommendation? Where a recommendation is made using extracts from another recommendation, or when it is altered from the original, this must be made clear to the recipient, and there should be no attempt to mislead. Conflicts of interest (MAR Article 8 and 10): Any conflicts of interest will need to be disclosed, together with a description of any Chinese walls designed to prevent conflicts of interest. Intent (MAR Annex II Section 1): Firms will need to record to identify possible fraudulent behaviour and any failure to reproduce requested data will result in penalties. 9

10 5 Implementation challenges 5.1 Tracking and analysing MiFID II is an enormous piece of regulation which to date encompasses over 1.4 paragraphs of obligations cut across 3 levels of regulatory tools; legislation, technical standards and supplementary guidance. Communications as a topic is effected by a broad range of the obligations across disparate topics such as trading, governance and investor protection. There tracking and analysing the collective requirements and implications on communication is a tough task. 5.2 National transposition Due to the implications of MiFID II and MAR being split between a Directive and a Regulation at the legislative level (i.e. rules within the Directive will be subjected to national transposition) each national jurisdiction may employ differing rules on the recording of telephone and electronic conversations rd country complications The application of MiFID II and MAR on an extraterritorial basis (i.e. outside of the EU) causes complications and conflicts with certain domestic data protection laws. For example, there many Asian jurisdictions which have data protection laws which clash directly with MiFID II data retention requirements for client data. Firms will need to manage this legal conflict. 5.4 Extraterritorial application MiFID II and MAR contain a complex web of extraterritoriality rules which govern how the MiFID II rules apply to non-eu firms. Communication recording rules apply in instances in which the investment firm is within the EU. This means that the rules not only apply to EU investment firms, but also to EU branches and subsidiaries of non-eu investment firms. In other areas of MiFID II and MAR requirements that rely upon communications recording, such as monitoring for market abuse apply globally to EU firms, therefore capture any non-eu branches or subsidiaries of EU investment firms. 5.5 Interdependencies There are a vast number of other record keeping requirements spread across other regulatory initiatives, for example EMIR, Dodd-Frank and GDPR. Doing regulatory reform regulation-by-regulation is tough - the requirements are too many and doing them one-by-one wastes time and requires you to change course every time a new capability requirement is identified 5.6 Digitisation of voice trading MiFID II requires that, for Systematic Internalisers, on a pre-trade basis for orders which meet certain criteria (e.g. liquidity and volume) that a quote be made available to all client before it may be executed with the original requestor. It also prohibits trading in products which have profiles with certain requirements. This requires that an order be subject to a eligibility checking engine prior to execution to determine its trading eligibility and pre-trade obligations, creating a problem for voice trading, and it is considered too time consuming to enter the required detail manually. A significant technical challenge is digitising such voice quotes in a timely and accurate manner to be able to meet these requirements. 5.7 Keeping records of unexecuted orders Firms are obligated to keep records of unexecuted order under MiFID II which requires functionality that typically does not exist within firms today. 10

11 5.8 Use of mobile phones within firms Although the policy which employing a policy that bans the use of mobiles may technically cover the obligation, it may not work from a compliance perspective and that national competent authorities may still request these records. 5.9 Trade reconstitution In order to demonstrate compliance to a regulator under MiFID II a firm can be asked to reconstitute the full life cycle of a trade from order to execution. This will rely on being able to retrieve and match communications records. Firms are grappling with questions of how they will record events, trades, transactions and all types of communication accurately enough in order to be able to do so in a timely manner Flexibility on formatting of records Not being compliant with the specified formats required under MiFID II, would result in a large technology impact. Although firms can use any medium they would have to use the prescribed format at the time of reporting. Therefore, building a bridge between the two formats would form an added level of complexity 11

12 6 Implementation approach The initial challenge in implementing something as large and impactful as MiFID II is how to structure the program. As a useful guide, the below reflects a typical MiFID II program; Market structure. A work stream to cover the new market infrastructure. Key standards include how to operate like and identify Systematic Internalisers (SIs) and how to consume consolidated tape (CTP) data. Trading. A way to manage new rules relating to trading. Key standards include how to identify algorithms and what kind of microstructural controls will meet operational risk s needs. Reporting. The mother of all data management challenges. Key standard challenges include what is reportable, who reports and how and how to fill in the fields. Investor protection. A work stream focused on improving fairness and conditions for customers and investors. Key standards include more client classification, financial promotions and new best execution rules. Governance. Includes requirements relating to governance and structures. Key standards include new record keeping requirements and new authorisation rules. This work stream is also primarily based on text from the directive. For MiFID II and other interdependent regulatory regimes firms will rapidly need to: Review current and incoming regulatory changes and understand which are relevant to their business models and how to apply them, Inform clients of the coming changes and repaper them accordingly. Implement new policy and on-boarding frameworks. Implement the appropriate IT systems to support each requirement. Align reference data suppliers (internal and external sources). Turing specifically to the challenges specific to the obligations which impact communications related requirements there are 4 stages to the implementation process: Scope and strategy: Identify the problem and interpret the requirements. What is it that the new regulation requires and what is our strategy for achieving this? This can be carried out by legal functions or external council? 12

13 Detailed requirements and planning: What are the detailed requirements and where are the gaps in terms of what we currently undertake? This can be carried out by compliance and technology functions or external consultants. Organisational responsibilities: Who is responsible for this within the organisation and where will this activity be carried out? This can be resolved by compliance functions or external consultants. Technical solutions: How do we meet the requirements, what formats and structures do we need? This is the challenging aspect and the question here is can we build something internally or is this something that we need to go out to market for? Ultimately within each of these stages there are 4 key challenges to get right: Policies and procedures: Do all the required policies currently exist? Where are the gaps and do the existing policies include all the information it is necessary to capture? Applications: Do they capture all the data that must be captured and store it in a format that will allow reconstitution at any time in the following years? Data: Is everything captured? Are there any risks related to the capture, storage and retrieval processes? Infrastructure: Will the growth of each set of data be accommodated by the current infrastructure? 13

14 7 Conclusion Considering the large expenditure that firms are likely to face within this space, firms should consider focusing on implementing in the most efficient way possible, getting MiFID II right the first time, otherwise even larger budgets will be needed to tweak new policies and recalibrate new systems builds. Ultimately firms should be looking to leverage this spend to not only successfully meet the requirements but also to enhance the business decision making and the client experience. Considering the changes that MiFID II will impose on technology, affected firms will be carefully determining their implementation measures and will be considering technology solutions. One of the available technology solutions today is NICE COMPASS, a comprehensive solution to address all of the MAR and MiFID II challenges for communications compliance. NICE COMPASS combines omnichannel recording with automated compliance assurance, and combined with NICE Communications Surveillance can help firms ensure complete compliance across the enterprise. Some of the key capabilities of NICE COMPASS are: Omnichannel recording, search and replay Enterprise-wide omnichannel solution for recording turrets, mobile phones, PBX (desk phones), and Unified Communications (e.g. Skype for Business, Cisco Jabber), enabling complete reconciliation and reconstruction of all communications at each stage of the trade transaction lifecycle. Firms can also set configurable retention periods for different asset classes, lines of business, and regulated user groups, to comply with specific global and/or regional regulations for records retention. The solutions has a centralized portal and search engine that compliance managers can use to find all communications related to any trade or transaction. Compliance assurance NICE COMPASS goes beyond recording to provide evidence of compliance, another key requirement of MiFID II. It monitors recording processes through scheduled, automated health checks that test for network, gateway, PBX, recording, audio quality, archiving, and retention anomalies. NICE COMPASS also simulates calls to ensure that regulated personnel are recorded and that recordings are properly retrained -- auditing, documenting, and reconciling every step for evidence of compliance. A compliance assurance dashboard makes it possible to visualize real-time recording compliance status across the enterprise. In addition to the dashboard, NICE COMPASS offers automated reports for compliance personnel which provide a step-by-step reconciliation of the entire recording lifecycle for evidence of compliance. NICE Communications surveillance Market abuse can result in huge fines and damage a firm s reputation. To counter this risk, financial institutions monitor communications, but they often resort to manual methods which are cumbersome and time-consuming. NICE Communication Surveillance saves time and minimizes risk by using advanced speech and behavioural analytics to monitor 100% of trade-related interactions across all communication modalities, to detect potential market abuse and complies with the Market Abuse Regulations (MAR). 14

15 15

16 Communication Surveillance 3.0 <Document Title> ABOUT NICE NICE (NASDAQ: NICE) is the worldwide leading provider of enterprise software solutions and is bringing about The End of Not Knowing by generating insight based on advanced analytics of structured and unstructured data. NICE solutions help the world s largest organizations deliver better customer service, ensure compliance, combat fraud and safeguard people. Over 25,000 organizations in more than 150 countries, including over 80 of the Fortune 100 companies, are using NICE solutions. More info on ABOUT NICE FINANCIAL COMMUNICATION COMPLIANCE Financial Communication Compliance is a significant business line within the NICE organization and focusses on delivering new technologies to facilitate regulatory requirements. NICE is a leader in the RegTech market, serving the largest financial services organizations globally. These compliance solutions respond to an increasing demand in the financial services market, where regulatory compliance is on the rise. NICE is focused on the communication compliance market and has together with NICE Actimize an unmatched presence in the domain of Holistic Surveillance. More info on ABOUT JWG MAKING SENSE OF FINANCIAL REGULATIONS JWG are operations and technology professionals, trusted by the global financial services industry as experts in regulatory change management. For the past decade, a team of independent analysts has helped the industry interpret large quantities of regulatory reform and action it in a smart and intelligent way. More info on CONTACTS Global International HQ, Israel EMEA, Europe & Middle East T T Americas, North America Asia Pacific, Singapore Office T T NICE Financial Markets Communication Compliance fmc@nice.com The full list of NICE marks are the trademarks or registered trademarks of Nice Systems Ltd. For the full list of NICE trademarks, visit all other marks used are the property of their respective proprietors. Copyright 2017 NICE Financial Communication Compliance. All rights reserved. 16