The Impact of MiFID II on Data Management: Q&A with MarkLogic's Ken Krupa

Recently, the revised Markets in Financial Instruments Directions (MiFID II) launched in the EU. The sweeping regulatory changes will impact transaction reporting on all financial instruments traded in Europe and affect all U.S. firms that do business with European counterparts or customers. Firms will face new requirements in tracking data—including emails, texts, and documents related to every transaction—and will need to be able to quickly reconstruct trades and search across data silos,  presenting a significant challenge. Here, Ken Krupa, CTO at enterprise database company MarkLogic, discusses the impact to U.S. firms, and how new regulations underscore the importance of increasing transparency, consumer protection, and data integrity.

MiFID II went into effect in the EU at the beginning of January 2018. What does it address?

MiFID II addresses the integrity and fairness of European markets. It impacts transaction reporting on all financial instruments traded in Europe—stocks, bonds, derivatives, and more—as well as post-trade transparency and real-time data delivery. The broad idea is to make the markets more competitive, transparent, and fair to investors, while helping prevent future financial crashes and protecting everyone involved.

MiFID II is designed to harmonize regulations for investment services, securities trading, and processing. The rules have broad reach. Among other things, they require firms to more completely track trades throughout the trade lifecycle so that regulators can more easily reconstruct them if something goes wrong. This includes pre-trade and post-trade activity as well. The goal is to provide more transparency around trading and prices. Additionally, MiFID II specifies a requirement around what is called research unbundling, which forces fund managers to pay brokers and banks separately for research and trading services to help avoid conflicts of interest. In terms of data governance and compliance readiness, it also requires better execution with a specific need to be able to reconstruct past events and provide all types of communications related to a transaction.

What types of firms does it affect?

MiFID II affects firms involved in virtually all aspects of trading within the EU, including banks, institutional investors, exchanges, brokers, hedge funds, and high-frequency traders. 

Does it affect firms in the U.S. or just European companies? 

The rules affect nearly all major U.S. banks, since they have substantial operations in Europe.

What has changed since the original implementation of MiFID?

Europe harmonized rules for stock trading in MiFID I in 2007. In the wake of the financial crisis, even those rules were found to be lacking in some areas. MiFID II builds on MiFID I and extends to a broader range of market participants, execution venues, and financial instruments. Many of the new rules, such as those requiring brokers to store recordings of telephone calls, are designed to give regulators more information to reconstruct events. MiFID II also requires far more data collection. For instance, it demands 50 more data fields to be completed for transactions. 

How will it affect financial services firms’ operations?

Financial firms are building new data-reporting systems to deal with MiFID II. Some trading desks will have to rethink the way they do business. Employees will need to be educated on compliance. Systems that firms have been using for years may need to be updated or replaced. 

How does that affect data management and IT infrastructure?

The volume of data that needs to be recorded makes the regulation a huge technology challenge. Many companies are finding that they have to update their technologies, infrastructures, and data management processes. To be compliant, firms need transparency and the ability to maintain a consistent view of the trade landscape at any point in time. All of these requirements will have a broad impact on data management and IT infrastructure, in large part because the old ways of dealing with data are no longer sufficient. The evolution of the IT infrastructure in the financial services industry has led to proliferation of systems and fragmentation of data. Also, the rapid rise of social media, instant messaging, forum usage, unstructured data as a source of new content, and trader behavior analytics has increased the amount of information that grows outside transactional systems. All of this new information now falls under the remit of compliance and business planning.

Does MiFID II raise any data security concerns or needs?

When you create systems that store and retrieve data, security is always a concern. The weakest link is still the human user. Do all users need the same level of access to the data and to the functions provided by your applications? One of the best ways to protect data is with a flexible, role-based security model supported by the ability to redact sensitive information, advanced encryption, and element-level security.

What should these companies be looking at to ensure they are in compliance with the new regulation?

The first steps to compliance involve addressing data management—specifically, the flow of the data, validation of the data, and including a variety of content in the flow of information to decision makers and regulators. It is essential for an enterprise to have the ability to ingest data in any form as well as a clear map of its data. This involves non-trivial changes to enterprise data architectures and data governance strategies. And since MiFID II is not the only regulation that large banks are concerned with, they must look at their regulatory strategy more holistically than in years past.

What are the greatest challenges companies are facing with regard to compliance?

The greatest challenges to compliance for companies will be siloed controls, data in silos, and inflexible, legacy technologies. These older technologies are, in most cases, unable to handle multiple sources of data. Companies will need to be able to reconstruct past events and provide all types of communication—email, text, documents, social media, and video—related to every transaction. They’ll need to link this data together as events occur throughout the data lifecycle, often, across system boundaries. This requires a more agile approach to metadata, provenance, and data lineage. They’ll also need to have a grasp of what they knew in the past, when they knew it, and how it changed over time. This requires a bitemporal view of data and data lineage. They will also need to be able to retain records for long periods of time, requiring cost-effective and secure storage; be certain data is accurate, which can be a challenge if data is in silos across an organization; and be able to search across data silos and information silos, including emails and texts. And, finally, they will need to be flexible and adapt to changing regulations. New compliance regulations are likely coming and, rather than treating each one as a new project, find a solution that works for today and tomorrow.

Organizations that have deployed newer-generation database technology—that allows them to ingest the data as-is and reconcile the data in place—will find significant advantages and expedite the route to compliance. 

What should firms be doing now?

Firms are estimated to have spent $2.1 billion last year alone to prepare, according to the Boston Consulting Group. That approach will work for the short term, but they need to be thinking long term. MiFID II is just the latest regulation. There will be others.

We recommend a design approach, not only for MiFID II, but for future regulatory and business changes, too. Companies need regulatory and reporting platforms that ensure agility and flexibility, incorporate best practices and operational effectiveness, and allow for adoptive growth in scope and scale. The design goal should not be to remedy one-off reporting requests but to build in a capability to respond to emerging requirements with relative ease and cost efficiency.

MiFID II underscores one thing: Regulators are getting more serious about data integrity, and they won’t stop pushing the bar higher. MiFID II is not just a compliance exercise. It is an opportunity to seize a competitive advantage. Future regulatory requirements will be, too.


Subscribe to Big Data Quarterly E-Edition