The deadline for the industry to implement the complex changes for adhering to the new regulatory reporting obligations defined under the second Markets in Financial Instruments Directive (Mifid II) is less than 100 days away, at time of writing. Although the UK Financial Conduct Authority (FCA) has stated it will not initiate formal action against investment firms not fully compliant with Europe’s revised directive when it takes effect in January, it expects firms to show they are making their absolute best efforts to achieve compliance.
By now, firms should be in the final stages of their Mifid II projects and undergoing rigorous testing. NEX Regulatory Reporting considers the challenges associated with these reporting projects.
Reference data issues have played a key part in every reporting failure to date, and are well documented in the FCA’s sanction statements. Regrettably, under Mifid II the challenges around this element of the reporting requirements have increased significantly in complexity and coverage.
For the security identifier, the industry looks to obtain a golden source of reportable instruments and the accompanying reference data – as was the case with Mifid I. It is clear that firms and regulators alike will face real challenges to ensure the reference data around reportable instruments is complete and accurate. Although the industry should be able to rely on the European Securities and Markets Authority’s (Esma) Financial Instruments Reference Data System – which publishes security information daily by 7am – the list is still considered fundamentally flawed. While the new reference data obligations for venues will hopefully go some way towards addressing these issues, the industry will likely have reservations about relying on the Esma list, considering such uncertainty. Obtaining the data from a combination of sources will be necessary to reach a greater degree of confidence.
To date, Esma has only published a tiny fraction of the instruments that the industry knows will fall into scope. For firms attempting to ensure correct reporting, this poses a dilemma with current testing, which will be a key tool in their efforts to ensure reporting environments are in a healthy state for Mifid II implementation on January 3, the date the FCA has indicated it is targeting for delivery of its reference data into Esma. This highlights the difficulty the entire industry faces in ensuring it not only captures the appropriate International Securities Identification Number, but also validates what is reportable accordingly. As a result, the testing cycle will be impacted by a significantly reduced dataset to work against, which could produce false negatives – this must also be managed.
Client and counterparty identifier
Investment firms are scrambling to ensure that all of their static client and counterparty reference data is aligned with the appropriate legal entity identifier – which becomes the only acceptable identifier under the legislation, unless the identifier relates to a ‘natural person’. The industry will be moving away from the long-established business identifier code (BIC) and firm reference number identifiers, so it is important that mapping exercises are undertaken effectively – for some institutions this represents a mountain of work.
Despite the industry becoming accustomed to the new identifier under European Market Infrastructure Regulation legislation, the industry faces a major headache to ensure these identifiers are correctly allocated. Similarly, firms have previously fallen foul under the BIC allocation because complex and major organisations have multiple identifiers. Firms have incorrectly identified their client or counterparty, and even firms not subject to financial sanctions have been required to undertake correction or back‑reporting programmes at a sizeable expense.
Natural person identifiers
Natural person identifiers are a completely new burden and present new problems. Firms must not only ensure the appropriate protocol is followed when assessing the correct identifier, but will need to navigate the multiple data protection hurdles to ensure the data is managed appropriately. Various questions have been raised regarding the extremely onerous impllications for some jurisdictions around the movement of such data, and these demonstrate the broader challenges of the new legislation. Considering the sensitivity of the data, the industry must adopt effective measures to ensure the appropriate regulatory protection of data. This, in turn, increases the complexity of the reporting process and again requires ongoing effective data mapping and management to ensure continual compliance.
With Mifid II capturing a far greater number of financial institutions than before, and the obligations being dramatically increased, the industry faces an uphill struggle to source the appropriate expertise to navigate the new reporting regime. There has been considerable feedback and guidance from authorities, although – as is often the case with legislation – correctly interpreting it is not straightforward. Opinions are often divided, even among experienced market participants, which also threatens regulatory risk.
To highlight this, Esma published guidance in May on economically equivalent instruments to those traded on a traded venue, which underpins the reporting obligation. Dual-listed instruments and derivatives that mirror the Mifid venue and admitted securities are in scope, but understanding the precise details of the instrument and the varied reporting obligation creates another minefield that firms must tread through carefully to avoid the dangers of misreporting.
The industry has become accustomed to blanket over-reporting, but the new regulation will no longer permit this and, with the considerable increase in reporting, questions will be asked about the tolerance that regulators will apply to such failings. Firms should not overlook the possibility of being required to undertake cancellation projects as a result of such issues.
With the sheer scale of the changes, the resources required to capture, understand and deliver an effective reporting environment will be in short supply. Therefore, firms will need to look to external solutions. Service providers are available to assist institutions – however, it must not be overlooked that businesses operate in many different ways, and tailoring reporting requirements to suit a particular firm is vital to ensuring adherence to them.
To underpin an effective reporting environment and mitigate risk, firms must have an appropriate control framework. Although they are clearly targeting 100% accuracy around their reporting, the nature of the business means that – even for firms that achieve this – continual risks around systems and regulatory changes will impact ongoing reporting. Regulatory expectations are that firms have robust systems and controls, and this will be one of the first assessments regulators will make when identifying issues with reporting. It is apparent from the sanctions to date that the FCA has identified that failings in this regard are a key element of reporting errors.
A further area of significance that underpins the systems and controls expected by regulators is the regulatory obligation to undertake appropriate reconciliation of reporting. Once past the implementation barrier, firms face the ongoing challenge of monitoring their reporting and identifying any issues at the earliest opportunity. It is likely – as was the case with Mifid I – that further guidance will be forthcoming, and the industry will need to respond to this and amend its reporting to reflect the feedback. The regulators will have far more data at their disposal than before. Firms will need to look outside the specific reporting obligations to ascertain whether or not their overall regulatory reporting environment is fit for purpose to avoid regulatory scrutiny.
Regulators have made their feelings quite clear on the importance of reporting correctly, so the industry must effectively manage the risks that arise from these new reporting requirements. Solutions are available to assist firms in mitigating these risks, but it is apparent that, once over the initial implementation hurdles, the risks will not subside. In fact, the reporting environment requires continual assessment and management.