by Robert Powell, Director, Global Compliance, IPC
First in a series to help manage adherence to MiFID II regulations on records retention.
As I write this, MiFID II has less than 300 days until it comes into force. With that in mind, several checklists will help your firm get ready for MiFID II. This checklist series is aimed at anyone who is implementing MiFID II in their organization or is involved in any IT infrastructure that creates the records required to be retained under MiFID II.
Three Key Components to Get You Started
Let’s begin by combining a few technical standards published by ESMA1 into the first checklist.
- Management oversight
- Knowing your estate
- Communications “Intended to lead to a transaction”
And here’s what your firm should make sure it has done or has plans to do soon:
✓ Have a named compliance officer/director/manager – preferably one who is senior and is registered with your regulator. The Financial Conduct Authority (FCA) has listed the following CF registration types that might be a suitable person: CF1 Director, CF2 Non-Executive Director, CF3 Chief Executive, CF4 Partner & CF29 Significant Management. This person should be heavily involved with creating written policy and the policy procedures along with testing the policies and procedures for effectiveness. This should also be the person who conducts the annual record keeping review.
✓ Know your estate – this should be relatively easy to achieve. You need to understand two fundamentals to achieve this item:
- First, who you need to record. As a start, all traders and sales people, anyone who commits the firm or discusses any kind of transaction with clients or counterparties. This list needs to be validated by the business and the compliance team. Validation should include the discussion of who needs to be recorded and what their retention period should be (more on this later).
- Second, what communications methods do you use and how are they captured? Starting with the easy and obvious: Email, Bloomberg, Thomson Reuters and instant message will be the norm for most firms add in fixed line phone calls and mobile calls and text message and 95% of firms will be covered. Specialist tools like ICE Chat, Slack, should also be looked at. For each system, you need to understand how they are recorded and retained, if you can consolidate them into a single archive, to reduce surveillance and recovery challenges and costs then now might be a good time to make that choice. Remember, for MiFID II purposes records retention is Critical and Important outsourcing, so you will need to subject your supplier to additional scrutiny that they may not have encountered before.
✓ Communications “Intended to lead to a transaction” – should be looked at in the context of the second item. You may need to increase the “recorded population” if, for example, you currently use policy to prevent employees from taking client orders or making transaction on their mobile phones. In this case, you will probably want to extend mobile recording to cover their calls and texts. You should look at internal calls. Mostly this will be covered but it’s worth having it as a discussion item between business, Compliance and IT to ensure you are compliant with the new rules.
Our second in this MiFID II Checklist Series will look at extending the retention period, what to do when your system fails and how to achieve Complete, Quality and Accurate records.
Watch the IPC Blog for Part 2.
 The European Securities Markets Authority.