MiFID, Y2K and regulators

An anonymous reader of this blog posted a comment to 'MiFID time to stop talking and start acting', where they make an interesting parallel between MiFID and Y2K, they write: "Deadlines that a large number of people/orgs don't take seriously have a tendancy to slip back several months or years until they do." . I disagree.

One of the big question mark in the MiFID saga is the future attitude of regulators. What will they enforce ? Who will they target for enforcement ?

Some regulators run the risk of being the target of enforcement procedures themselves; but will they use enforcement as a way of creating 'hidden gold plates' ? After all if you are determined to preserve concentration, one way out of it is to quietly allow operators in your territory to have just one trading venue. (As somebody else wrote in another blog: Financial TechInsider).

As far as concentration is concerned I am a firm believer that ultimately the market will take care of it but on other part of MiFID the question is perfectly valid. Will regulators follow the example of the FSA (who has recently adopted a much stricter attitude towards November 1st as a deadline) when they themselves are spectaculary late ?

Who will they pick first when they decide to get tough on non compliance ? what will they decide to be tough about ?

Ultimately, I think that the biggest threat looming over non compliance is not a regulator, it is a client loosing money and taking an institution to court for breach of best execution.

Regulatory Cocktail and reference data hangover

I had dinner with a friend currently in London on business. He works for a coffee company who is planning an acquisition in the US. (Be patients, it is relevant). The company regularly trades coffee futures and therefore it will be carrying out investment business under MiFID. To ring fence the main company, they decided to create a trading subsidiary which will seek authorisation from the local regulator and of course by then will have to be compliant with MiFID and CRD (Basel 2). If the acquisition goes ahead SOX will also come into the picture. What are the potential consequences of this regulatory cocktail ? (Other than mass resignation, professional suicides, etc.)

Well MiFID and Basel 2 both call for Risk Mitigation functions and some of the organisational issues must be tackled with both in mind (no point doing one thing for MiFID and then starting all over again for Basel 2). As I pointed out in an earlier blog (Are you pulling up your SOX on MiFID) MiFID and SOX do not really cross path, except they both require an 'audit trail' and one has to be careful that the two live side by side in perfect harmony.

A common ingredient of this regulatory cocktail and possibly the main thing that needs to be considered with all three in mind is data storage. MiFID, Basel 2 and SOX have their data storage implications. Storage in itself is not a major issues, the issues is retrieving those informations in the appropriate way.

The three have different 'retrieval' logic : with MiFID you need to retrieve every information that proves best execution or compliance with your corporate policies without any shadows of doubt (in other words, no cracks that would allow the opposite legal counsel to make mincemeat of yours), therefore you need to save not just the transaction details but all the policies and procedures effective on that date, what conversations you have with your clients, etc. ; SOX is interested in corporate governance and therefore you need to retrieve what proves that everybody at the table had nice manners and did not do anything they should not have been doing (such as sending corporate funds to the Cayman Island or buying a Van Gogh with corporate funds and have it hanged in their living room); Basel 2 needs to build a risk history.

It make sense to create one storage/retrieval policy and the relevant set of reference data. This is where things get really tricky, the coffee company where my friends works has already set up the trading subsidiary and they want to be operational by November 1st. That means being compliant with CRD by January 1st and if the acquisition goes through SOX will join the party.

Reference data are the backbone of a corporate IT system, they have a few months to change their backbone. We should wish them well.

Wake up !

I have already quoted the FSA MiFID Permissions and Notifications guide and how the FSA has clearly changed its message (the paper is full of "If you want this to be effective by November 1st you have to ... by...") several times. Last Friday I was talking to quite a number of bankers in London and around Europe. Some were cold calls for my teleseminars (and therefore their answers could be biased towards getting rid of me), others were arranged conversations for a book I am writing on cross jurisdiction banking in Europe post MiFID and three were conversations with people who had called me. At the end of the day I started thinking that maybe I was on another calendar, if not on another planet.

Too many people from smaller institutions have not started yet! They face some major risks:

1) The client categories do not map 1:1. Retail will stay Retail, but Intermediate may map to Retail or Professional depending on whether the corporate client meets the new criteria to be eligible either to be a Professional Client or to be upgraded to Professional Client. If a company that currently has a permission only for Intermediate (which will be mapped by the FSA to Professional), they need to submit a Variation of Permission Application by August 1st. The FSA quite clearly states that those who need to apply for a permission for Retail Clients for the first time need to have clear evidence of process and procedures being put in place to deal with clients that need more protection. If they only deal with intermediate clients they are unlikely to have those process and procedures. So what is going to happen on November 1st, if they are do not have completed client classification, process and procedures by August 1st ? Well, it depends on the magnanimity of the FSA....

2) They have clients based in other jurisdictions. MiFID has two passporting regimes: physical presence (branch passport) and cross border services (service passports). This means that a firm with clients based in another jurisdiction within the MiFID area should apply at least for a service passport. Existing passport status will be mapped post November 1st but there may be a need to revise it depending on the financial instruments and the services provided. The sticky point here is for firms that operate with agents. Introducer will not be affected but tied agents will be like branches and therefore will require a full branch passport (maximum processing time is five months, so if you are in that situation... better send your agent on holiday between November 1st and the time you have sorted all the paperwork!)

3) They are outside MiFID. Well... MiFID client classification criteria are now part of the new COB. You just have some more time, i.e. the transitional regime will last till July 1st 2008 but if you need to make a VOP (Variation of permission application) you have till January 1st, 2008 to do that. In other words, you have about five to six months to re-classify your clients and see what happens (this is especially important to financial institutions that do commercial loans, trade finance, etc. and have a permission for intermediate clients only)

The second group that shocked me is... non EEA banks. At least a dozen executive I talked to told me that MiFID does not concern them, because they are not a European Bank (some of these banks have large investment banking operations based in London and others have branches all over the MiFID area). Well... first of all this is worse than hiding their head in the sand. If they are based in London, with an FSA supervision...MiFID is the law of the land in the UK ! There are no indications that November 1st deadline will be postponed or otherwise made ‘more flexible' than what it is right now.

Third group... bankers from some EU countries. An Italian banker (Consob has committed to transpose by the end of June and most Italians think it will happen by September) - the head of Legal Services of a major group who called me asked me "Why he should know about MiFID"; a smaller German bank has not started on anything because MiFID "it will not happen"; a Luxembourg based buy side institutions is not doing anything because "very few countries have transposed yet". All of this was supplemented by a conversation with PJ Di Giammarino of JWG-IT where he added a few stories of his own to my list.

In Greek mythology, Cassandra did not end up very well in spite of her ability to predict the future. I am no mystic Meg or Cassandra, but I think we shall see a rush of transposition by the end of September. If the FSA is any indication of the attitude of regulators in Europe there will come a point at their discretion where their attitude will change and they will issue their own guide that says what you need to do by when if you want to be operational by November 1st. So, who will wake up in a cold sweat on November 2nd? Recently NASD fined HSBC $250,000 for breach of best execution is that a harbinger of things to come in Europe for next winter? Will European financial services have ‘A Very Cold Winter' this year? And what will happen to commodity traders (Oil Companies, Energy Traders, etc.)?

Well, my Crystal Ball is getting a bit foggy now but I definitely think it is time to wake up!