Last year was a landmark year for regulatory change across the European financial services industry.
The Markets in Financial Instruments Directive II (Mifid II) came into force on January 3 2018. And with the General Data Protection Regulation introduced just four months later, it has been a busy year for European businesses trying to stay on top of compliance.
Under Mifid II, financial services companies must now have much stricter controls on how they monitor and supervise their communications.
This has forced European companies to completely reassess the way they monitor and capture their communications and collaboration information.
Many companies are now realising that what proved to be suitable for Mifid II may not be suitable for future compliance regulations.For many, coming to terms with Mifid II has been a challenging process.
Below are the five key lessons that companies have learnt over the past year and why the challenges are set to persist in 2019 and beyond.
1. New communication and collaboration platforms mean increased complexity
Mifid II requires all communications concerning business transactions in the financial services industry to be monitored and stored for at least five years.
This has become harder for many companies due to an increase in cross channel communications and productivity platforms such as Microsoft Teams and Slack – platforms that have become firm favourites of millennial and Gen-Y employees.
Slack and other collaboration tools use a range of file formats, including video and audio messages, emojis, Gifs and hashtags.
Many financial services companies still use legacy archiving systems that were created when email was the primary form of communication among colleagues and clients.
This creates a massive problem for companies looking to archive and monitor these new multi-dimensional communications. Archiving this new wave of communications to Mifid standards has proven a near impossible challenge for those still using these legacy systems.
Unless firms invest heavily in modern archiving systems that can store these myriad forms of communication in a scalable way, they will be faced with a choice: ban productivity-enhancing tools like Slack or risk non-compliance.
2. GDPR requirements appear to be at odds with Mifid II
Financial institutions have, in the past, kept hold of data for longer periods of time than was strictly necessary.
Not only does this create greater exposure for these companies when considering litigation, but additionally with GDPR (and other data privacy regulations), much greater care needs to be taken with respect to how long they can hold onto personal data.
Consider a company being asked by the Financial Conduct Authority for all information it holds regarding two of their traders involved in a dispute. Under Mifid II, companies are required to retain this data for at least five years.
However, under GDPR greater care is required with regards to what personal information is being retained, and whether the company has consent to retain it, as well as whether the data has legitimate business use.
During assessments and implementations of Mifid II projects, these contradictions have become obvious.
While the answer to this issue is still unclear, businesses are realising that they need to heavily scrutinise what data they retain and how long they retain it.
3. The Mifid II compliance bill has not been fully paid
The new regulations introduced by Mifid II are widespread and costly.
The implementation of Mifid II has meant that businesses will have already spent much of 2018 preparing and adjusting to the new regulatory landscape.
Opimas Analysis, a research consultancy, estimated that it would cost the financial services industry €2.5bn alone to implement Mifid II.
The cost is expected to be significantly higher over time, with firms expected to spend over €700m to maintain compliance annually over the next five years. The Mifid II bill has yet to be fully settled.
4. Firms are seeing the benefit of technology investment
Despite high costs and some initial road bumps, companies that have invested heavily in their data capture technology are starting to see the benefit.
Most fundamentally, advanced technology is helping companies to stay on top of the ever-changing regulatory landscape.
However, companies are also finding value in capturing their internal communications data.
Productivity platforms like Slack are increasingly offering their users add-on tools that can provide a wealth of insight into the ways that teams work with one another.
As data analytics becomes an increasingly integral part of the future workplace, those companies that invested data capture technology because of Mifid II will be ahead of the curve.
5. There are further compliance challenges ahead
Regulatory change does not stop with Mifid II and GDPR.
New regulations include the European Market Infrastructure Regulation, Mifid III (potentially), and a host of UK-specific regulation following the UK leaving Europe.
Many companies are now realising that what proved to be suitable for Mifid II may not be suitable for future compliance regulations.
The only way to stay on top of the ever-evolving regulatory landscape is to invest in technology that can meet the requirements of current regulations and adapt when the regulatory landscape changes again.
Shaun Hurst is technical director at Smarsh
