I had dinner with a friend currently in London on business. He works for a coffee company who is planning an acquisition in the US. (Be patients, it is relevant). The company regularly trades coffee futures and therefore it will be carrying out investment business under MiFID. To ring fence the main company, they decided to create a trading subsidiary which will seek authorisation from the local regulator and of course by then will have to be compliant with MiFID and CRD (Basel 2). If the acquisition goes ahead SOX will also come into the picture. What are the potential consequences of this regulatory cocktail ? (Other than mass resignation, professional suicides, etc.)
Well MiFID and Basel 2 both call for Risk Mitigation functions and some of the organisational issues must be tackled with both in mind (no point doing one thing for MiFID and then starting all over again for Basel 2). As I pointed out in an earlier blog (Are you pulling up your SOX on MiFID) MiFID and SOX do not really cross path, except they both require an 'audit trail' and one has to be careful that the two live side by side in perfect harmony.
A common ingredient of this regulatory cocktail and possibly the main thing that needs to be considered with all three in mind is data storage. MiFID, Basel 2 and SOX have their data storage implications. Storage in itself is not a major issues, the issues is retrieving those informations in the appropriate way.
The three have different 'retrieval' logic : with MiFID you need to retrieve every information that proves best execution or compliance with your corporate policies without any shadows of doubt (in other words, no cracks that would allow the opposite legal counsel to make mincemeat of yours), therefore you need to save not just the transaction details but all the policies and procedures effective on that date, what conversations you have with your clients, etc. ; SOX is interested in corporate governance and therefore you need to retrieve what proves that everybody at the table had nice manners and did not do anything they should not have been doing (such as sending corporate funds to the Cayman Island or buying a Van Gogh with corporate funds and have it hanged in their living room); Basel 2 needs to build a risk history.
It make sense to create one storage/retrieval policy and the relevant set of reference data. This is where things get really tricky, the coffee company where my friends works has already set up the trading subsidiary and they want to be operational by November 1st. That means being compliant with CRD by January 1st and if the acquisition goes through SOX will join the party.
Reference data are the backbone of a corporate IT system, they have a few months to change their backbone. We should wish them well.
No comments:
Post a Comment