The Ultimate Guide to MiFID II Compliance for Your Team

The original Markets in Financial Instruments Directive (MiFID) came into force in November 2007, aiming to “eliminate barriers to cross-border trading and thus inject fresh competition into the European investment services industry” and to enhance investor protection in order “to attract new investors to EU capital markets.”

However, the global financial crisis that followed shortly afterwards exposed the shortcomings in financial markets legislation across the world, including in the EU. The result for Europe was the introduction of MiFID II in 2018. This sought to create a true single market across the EU, creating more stringent oversight and regulation for the financial industry.

At the time, the European Commission stated that “restoring investor confidence following the financial crisis is one of the main aims of MiFID II.” As such, the directive places a number of requirements on in-scope organisations. This article explores those requirements and a guide to achieving MiFID compliance for those teams that oversee it.

1. What is MiFID II?

MiFID II is the updated version of the Markets in Financial Instruments Directive and standardised financial markets and enhances investor protections across the European Union. The directive, and the accompanying Markets in Financial Instruments Regulation (MiFIR), came into force on 3 January 2018, allowing for more stringent market activity supervision and setting rules regarding a range of topics, including transparency and market infrastructure, transaction reporting, investor protection, product governance and rules on inducements.

2.Scope of MiFID II

MiFID II applies to “investment firms, market operators, data reporting services providers” within the EU. Also within the scope of the directive are non-EU organisations which provide such services or have a base within the bloc from which they conduct these operations.

In fact, companies from third countries – non-EU nations – that want to engage retail or institutional investors within the union must apply to the member state to request permission to establish a base within that country. If the regulator in that country authorises this request, they must supervise the company’s work.

Non-EU companies can provide services to an experienced, professional category of clients called eligible counterparties (ECP), who are professional clients such as governments, central banks and insurers, without needing to establish a branch in the bloc.

The directive applies to any financial instrument traded on European regulated markets, multilateral trading facilities (MTF) and organised trading facilities (OTF).

This includes:

all equities

debt instruments

currencies

commodities

futures and options

exchange-traded funds.

3.What does MiFID II compliance include?

3.1 Market abuse

Identify risks

Conduct a comprehensive assessment of your business to understand which areas are susceptible to market abuse by stakeholders. For example, if the company advises clients on high-value trading, there is the potential for employees to use that information for their own benefits, against the best interests of the client, the company and the market in general.

Implement monitoring

To ensure compliance within these risk-exposed areas, use RegTech to supervise trading activity. The monitoring technology should flag unusual behaviour or trading patterns that might indicate the presence of market abuse or manipulation. This allows you to mitigate illegal actions before they develop.

Establish reporting protocols

In addition to monitoring, you should create an internal reporting system to allow stakeholders to alert you to suspected market abuse activity they spot during the course of their work. To encourage reporting, implement confidential or anonymous whistleblowing channels. There should also be a procedure by which you investigate these claims and report them on to regulatory authorities.

3.2 Conflicts of interest

Develop a conflict of interest policy

Create a document that encapsulates what constitutes a conflict of interest and the reasons why it can be damaging for the organisation. The policy should outline the consequences of non-compliance and must be reviewed and updated regularly.

Create a disclosure process

Ensure there is a straightforward process by which employees and executives can disclose potential conflicts of interest. This ensures they alert the company to possible issues promptly, allowing the compliance team to manage the situation more easily and effectively.

Implement mitigation strategies

You should have mitigation strategies in place to manage conflicts of interest in a way that maintains MiFID II compliance. This allows you to choose the most appropriate course of action for each individual conflict. Whether it involves assigning duties, stepping aside from decision-making or compelling an individual to sell stock that conflicts with the company’s interests, make sure there are potential remedies created in advance.

3.3 Employee personal trading

Create a company trading policy

Set out a policy to inform employees which stock they can and cannot trade in. For example, you may choose to limit their ability to buy shares in competitors. Set out blackout periods and establish restrictions on certain types of trading. For example, you might prevent certain roles from trading in the company’s own securities where it might lead to a conflict of interest.

Develop a pre-clearance process

Establish a procedure for employees to request permission for personal trades. Automate this process by using personal account dealing software on which you can set parameters to indicate what constitutes an acceptable trade. This also allows you to monitor employees’ ongoing trading to spot any issues in the future.

Maintain records

Keep detailed records of employees’ trades, including their pre-clearance requests, denials, approvals and subsequent transactions. These will allow you to prove that you have a compliant process in place and have made every effort to ensure your employees are trading with integrity.

3.4 Insider trading

Create an insider list process

Develop a process to create, populate and maintain insider lists in accordance with the legal standards. You should also ensure you understand the requirements for delayed disclosure of inside information and your obligations once it becomes public.

Automate reminders

Implement automated reminders to ensure that all insiders understand their status with regards to each piece of inside information and that they enter their full details on the list. This is important to show that the company has made every effort to provide comprehensive detail on all insiders.

Update lists in a timely manner

As soon as insiders gain or lose access to inside information, they should be added or removed from an insider list, respectively. You should update the list and archive the previous version as part of creating an audit trail.

3.5 Transaction reporting

Identify reportable transactions

Understand which transactions require reporting to authorities under MiFID II, including those executed across multiple trading venues or which involve complex instruments. Research the data that need recording to ensure accuracy and completeness.

Maintain records of communication

Keep thorough records of all communications made regarding transactions, in all media. This should allow the company to accurately reconstruct the events involved in the trade in the future, if necessary for an investigation.

3.6 Best execution

Evaluate trading venues

Regularly evaluate the trading venues your firm uses to ensure they are consistently providing the best possible outcomes for your clients. Consider factors such as price, liquidity and transaction costs to ensure you are using the most profitable routes.

Review order execution arrangements

Monitor the effectiveness of your order execution arrangements to confirm that your procedures are working in the interests of your clients. If necessary, review and adjust to improve performance.

Report to clients

Provide clients with regular detailed reports on the quality of execution with regards to their trades. This transparency demonstrates your commitment to providing the optimal service.

3.7 Client communications

Sense-check communications

Review all client communications to ensure they are clear, accurate and not misleading. Check for potential misrepresentation or ambiguous language to be certain that the material you communicate is complete and provides a full picture.

Use a CRM

A customer relationship management (CRM) system helps you to automate the process of sending the necessary disclosures to clients. This provides consistency and timeliness in your communications.

Maintain comprehensive records

All communication with clients should be recorded, including emails, transcripts or recordings of telephone calls, marketing materials and other transactions. Maintain them in an easily accessible and searchable format in the case of a regulatory request in the future.

Create a personal device policy

You should have in place a policy to ensure that no conversations regarding deals go unrecorded. This may involve banning the use of personal mobile devices when discussing transactions or necessitating that employees use recording software to be certain that you keep comprehensive records.

3.8 Commodity speculation and high-frequency trading (HFT)

Test algorithm

Monitor the performance of your trading algorithms to ensure their resilience and compliance. Keep detailed records on the procedures you have in place and the results of your testing. Make changes if necessary.

Report trading activity

Report accurately on your strategies for commodity speculation and HFT. Explain the strategies and algorithms used and make this available to regulators and clients alike.

Create guidelines

Ensure your employees have guidelines on compliant use of HFT. This helps to steer them away from potential market manipulation or abuse.

3.9 Governance and supervision

Establish a robust governance framework

Develop a governance framework that clearly defines roles and responsibilities, creating accountability for senior management in areas such as compliance and risk management.

Implement effective compliance and risk management functions

Empower compliance and risk management functions to monitor your adherence to MiFID II and to act on any incidences of non-compliance. These functions should report to the board so that executives can gain oversight of compliance efforts.

4. MiFID II compliance in practice

Once you understand the specifics of MiFID II compliance, you can implement a broader strategy to ensure that all the different working parts contribute to a framework that meets the requirements of the legislation. Each department will have its own responsibilities, but the compliance team must take a holistic approach to the company’s obligations.

Step	What to do	Explanation
1	Conduct a compliance risk assessment	Analyse your current operation to discover how compliant your business is and where the gaps are. The assessment will help you prioritise where you designate your resources and where the biggest threats are. Create a questionnaire and send it to internal stakeholders to find out how well you are adhering to the law.
2	Establish a compliance monitoring programme	Implement policies and RegTech to oversee the actions of the organisation and its people to ensure they are meeting their obligations. For example, by using TradeLog, you can find out when employee personal trades come into contravention of your policies and where conflicts of interest can arise.
3	Promote a strong compliance culture	A culture of compliance means that employees, leaders and other stakeholders act in an ethical manner as a default. This is driven by developing clear codes of conduct and ethics, training, rewarding ethical behaviour and being shown to value compliant activity. Work to ensure all staff understand their requirements under MiFID II and the reasons behind them.
4	Establish clear reporting systems	To prevent problems occurring and festering within the organisation, you must implement systems whereby the compliance team can be alerted to potential non-compliant behaviour. This includes whistleblowing reporting channels, disclosure processes and other alerts that can resolve issues before they cause a regulatory problem.

5. MiFID II compliance challenges

Increased data volume: As part of its push towards better transparency, the directive requires the collection and reporting of a vast array of data points for each transaction. Collating and storing this information requires a robust process.

Real-time reporting: The requirement for near real-time transaction reporting puts pressure on existing data processing systems. For equity and equity-like products, you must publish within a minute of execution, for example.

Integration challenges: Implementing new technology that integrates seamlessly with existing systems can be complex. You must make sure that you choose platforms that are user-friendly and intuitive.

Cybersecurity risks: Enhanced data collection increases vulnerability to cyber threats, requiring robust security measures. You must always bear in mind your responsibilities under GDPR, including not holding onto the data for too long.

Cross-department coordination: As the requirements of MiFID II are complex, this means you will rely on other departments to play their part in meeting your obligations. Coordinating between the compliance team and IT, operations and other areas of the business needs to be smooth and efficient.
Comprehensive recording: Capturing all communications (calls, emails, messages) that could lead to a transaction is logistically challenging. It needs to be accurate and you should be able to reconstruct the events. Employees using personal devices for conversations that should be recorded is another concern.

6. Penalties for non-compliance

National competent authorities (NCAs) have various options for addressing non-compliance with MiFID II. These range from publicly announcing a company’s failure to comply to suspending it from a trading venue or imposing substantial financial penalties. These currently stand at:

A fine of up to €5,000,000 or up to ten per cent of the total annual turnover for legal entities

A fine of up to €5,000,000 for individuals

NCAs issued €21 million in administrative fines in 2022 for breaches of MiFID II.

7. FAQ

7.1 What is the role of ESMA (European Securities and Markets Authority)?

ESMA oversees compliance with MiFID II through developing regulatory standards and guidelines, supervision and monitoring of activity and market surveillance.

7.2 How does Brexit affect MiFID II?

The UK was a member of the EU when MiFID II came into force and the legislation has been transposed accordingly. In the UK version, though, it applies to markets and financial instruments within the country. UK companies will still need to adhere to MiFID II for their operations within the EU.

7.3 What is the US equivalent to MiFID?

There is a combination of US laws that provide similar outcomes to MIFID II. They include:

The Securities Exchange Act

The Dodd-Frank Wall Street Reform and Consumer Protection Act
Regulation Best Interest (Reg BI)

8. Conclusion

This MiFID compliance guide provides an overview of the many different elements that make up the approach companies should take to adhere to the law. The process can be challenging and time-consuming, which is why digital tools are essential for reducing manual work and providing warnings and alerts about non-compliant behaviour.

Elevate your MiFID II compliance process with TradeLog—streamline conflict of interest management and strengthen your pre-clearance procedure for employee trades. TradeLog enables you to prevent non-compliant transactions by cross-referencing employee interests with your client and supplier lists, flagging potential conflicts before they become issues. Discover how TradeLog can protect your firm’s integrity and take control of compliance. Request your demo today.