Photo: Ewais/Shutterstock.com

The new MiFID II regulation, set to go into effect January 3, looms for financial organizations that have yet to figure out how they will retain business communications.

In the scramble to prepare for the European Union's Markets in Financial Instruments Directive (MiFID II), set to take effect in January, financial organizations are struggling to figure out if and how they can prepare their technology strategies for the new regulatory standard.

MiFID II requires that financial services organizations retain all communications related to deals, even where deals are ultimately not completed. Although the policy is an amendment to an earlier regulation (MiFID), the inclusion of telephone communications has introduced an added layer of data retention that many organizations have thus far been unprepared to deal with.

Marianna Shafir, corporate counsel and regulatory advisor at Smarsh, said that despite having over two years to prepare for MiFID II, many organizations are still feeling anxious about how ready they are.

“Businesses are definitely struggling,” Shafir said. “The rule comes into effect January 3; companies are still not ready. They don't know if they have to comply with the rule and, if they have to, where they should start.”

The UK's Financial Conduct Authority released guidance last December on how companies can prepare their processes prior to MiFID II's start date, but questions about the regulation apparently remain for many. A report released this June by financial services consulting group JWG found that 90 percent of buy-side firms believe they are at medium to high risk of noncompliance with MiFID II regulations.

Where technology is concerned, Shafir said it's not a question of if, but what technologies financial organizations should implement to comply. “It's not a matter of trying to use technology, it's a matter of you must use technology. It's the requirement. It's part of the rule,” she said.

“You would not be able to comply with the MiFID regulations unless you implement and stay up to the trends of technology,” she added, noting that the regulation requires retention of all business communication technologies, even when new technologies arise.

Shafir said that, especially with the regulation set to go into effect in just three months, it's not particularly viable for financial organizations to set about trying to archive their various communications on their own. “You have to choose a vendor,” Shafir said.

Shafir works for Smarsh, one such data archiving vendor. Pricing for Smarsh's service varies based on archive functionality and the number of archived connections, with packages starting at $129 per month. But those costs can add up for large organizations using a whole range of communication channels. Given that MiFID II requires retention of business communications records from not only phone and email but mobile devices, text messaging, social media platforms and other communication channels, the cost of vendor outsourcing can be very steep.

But the cost of noncompliance is likely steeper. And for companies who haven't spent the last few years preparing their IT departments for MiFID II to go into effect, solution options may be limited. Michael Lewis, partner at Osborne Clarke, said that financial organizations who need to come up with a solution quickly may need to look at purchasing, rather than constructing, the technology they need.

“Banks which do not already have their systems changes well underway have very little time to make the changes unless they can buy an off the shelf system or changes to the system which will enable them to meet their regulatory requirements,” he said in an email.

Off the shelf technology can be tailored to fit a particular organization, but it can't necessarily be tailored to fit specific processes. Dinesh Sawant, vice president and commercial head of contracts and compliance for Thomson Reuters Legal Managed Services, explained that there are some instances where more specific customization is required.

“For example, every organization will need to review their existing documentation as an initial step before amending and negotiating their agreements. However, there will be variations within each organization regarding the quality of their data and their ability to easily access the data within the documentation,” Sawant explained. Thomson Reuters recently announced an extension of an existing partnership with UK firm Clifford Chance to consult with financial institutions on a compliance strategy for the directive.

Sawant added that a technology solution alone cannot ensure that companies will meet MiFID II requirements. “Technology is key to compliance, but technology on its own without people who know how to get the most out of it is not going to help,” he said.

The key, Shafir said, is primarily just to figure out how technology may play into an organization's formal process for communication retention. “The rules are all new, so there's no right way of doing it. There's only so much you can do. It's really starting with policies in place and having the right solution in place to record all that data,” Shafir said. Regulators are likely to want to see these policies and procedures in place, she added.