Integrity.Excellence.Results.

MiFID II:To Go-Live And Beyond

Delivering MiFID II compliance,avoiding regulatory entropyand building plans for Brexit.

www.citihub.com

18 July 2017

Introduction .....................................................................................

The Final Approach: 6 Months To Go-Live ........................................

Post Go-Live Projects............... ......................................................

Regulatory Entropy - Prevention Strategies................................... MiFID II and Brexit Readiness ......................................................... Summary ..........................................................................................

About Citihub Consulting ................................................................

3

4

5

6

7

8

99

Bob Mudhar, Partner, Citihub Consulting

Leading Citihub Consulting’s regulatory practice, Bob is a senior trading systems and regulatory technologist with

more than 20 years’ experience in blue chip investment banking institutions. His career has spanned a variety of

business facing technology roles with a strong etrading and regulatory focus.

Citihub Consulting’s MiFID II practice now supports seven active clients covering fifteen active engagements with

projects as diverse as research unbundling, wealth management and algo trading obligations.

About The Author

Contents

MiFID II: To Go-Live and Beyond 2

As we enter the final six months before MiFID II goes live, most firms are busy executing programmes of work to achieve compliance. However, few will achieve 100% compliance by go-live and most are consequently prioritising activities. With the focus clearly set on compliance, Citihub Consulting believes that it is time to begin evaluating and planning for the period after the 3rd of January 2018 - both in the context of MiFID II but also the United Kingdom’s exit from the European Union. In this paper, we consider three areas and recommend that decision makers should plan for continued investment and plan for continued investment and resourcing in MiFID II post go-live:

1. Closing of compliance gaps as quickly as possible and the completion of supporting workstreams;

2. Implementing control frameworks and strategies for minimising the risk of regulatory entropy;

3. The close correlation between MiFID II and Brexit planning projects.

Introduction

MiFID II: To Go-Live and Beyond 3

MiFID II goes live on the 3rd of January 2018. As all MiFID II programme managers know, this very public deadline is proceeded by a succession of interim deadlines covering internal systems changes, venue upgrades, and data collection for post go-live regulatory reporting. Clients must register legal entity identifiers and some re-papering may be necessary before transaction reporting or order submission at trading venues can begin. Sell side firms must fully prepare and test HFT applications and complete market making registrations. For some buy side firms, it might, depending on trading patterns as indicated in the latest ESMA QA on DEA and HFT, be necessarynecessary to register as an investment firm. Across the industry the impact of missing deadlines will be fines and public admonishment, and may also impact the services a firm may offer (for example if a manufacturer cannot meet cost and charging obligations then the distributor must withdraw the products).

A MiFID II compliance programme will most likely have many workstreams with tightly coupled interdependencies, and be reliant on time-pressured delivery resources that are shared with other projects. To achieve the right outcome, Citihub Consulting recommends centralised command and control based on a single plan of deadlines and with all dependencies (internal and external) built into a single enterpise roadmap. Independent execution of workstreams increases the risk of missing deadlines or creating pinch points elsewhere.

ForFor firms that will not achieve 100% compliance by the 18th of January 2018 deadline, difficult decisions must be made to determine priorities in such a way as to minimise risk and potential impact. A single roadmap will help programme managers communicate compliance gaps to stakeholders and secure their sign off/acceptance.

InIn recent months, Citihub Consulting has observed that, as the focus shifts from planning and into development and testing, workstreams are often under resourced or under-skilled. Some firms have made excellent use of commodity development and testing resources managed by a small team of MiFID II SMEs. This approach has the clear benefit that it is easier to retain a small number of experts with ‘in demand’ skills rather than building dependencies on large numbers of development and testing resources or expecting them to acquire deep MiFID II skills.

The Final Approach: 6 Months To Go-Live

MiFID II: To Go-Live and Beyond 4

Full documentation of traceability is needed from raw text, rule allocation, rule interpretation, business requirements, solution and data requirements, text plans and release plans. Internal audit and regulators will use this to understand how decisions were made. This will form a vital part of the firm’s institutional memory when individuals move on to other roles. Traceability is often de-prioritised as workstreams focus on immediate compliance objectives.

PPreparing and sending the first reports for best execution (Top 5 venues; Quality of Execution report) requires close inspection of data quality and the immediate resolution of issues. Data collection begins at go-live (and before the Top 5 venues report). The first reports will require very close attention at a time when many firms plan to reallocate MIFID II SMEs and development resources.

Live in September 2018. Static data at the counterparty-by-instrument level will be needed to trade report under the SI regime.

MustMust be completed within a year of go-live. Ensuring a consistent approach to stress testing and automating as much of the annual self-assessment as possible will be important to maintenance. Few (if any firms) will have this ready for go-live. However, the effort involved is easy to underestimate if the response is ambitious. There is little ESMA guidance to the composition of the self-assessment.

SomeSome businesses and some activities within businesses may have been deprioritised or overlooked. Whilst these gaps are inevitable, achieving compliance must be a priority. A successful approach for other regulations has been to deploy a team of dedicated MiFID II SMEs as first responders.

EngagementEngagement with Production Services teams is often overlooked during execution. However, after go-live, these teams form the front line of regulatory compliance. Educating support teams, implementing specific MiFID II operations, control and resolution policies and processes will all take time and effort. Escalation processes (that may ultimately lead to competent authority notification) need careful consideration.

TTwo costs and charges disclosures must be conducted. Ex-Ante or pre-trade and ex post, once a year (minimum) of actual costs. It will be necessary to establish business requirements and identify how data is captured and stored. Ex-post data collection must commence in January 2018.

Area Description

MiFID II Post Go-Live Programme Completion Projects

Traceability Completion

Initial Periodic Reports

SI Regime

Algo Stress Testing and Annual Self-Assessment

Fast Track Missed Business Activities

Operational Uplift

Post Trade Costs and ChargesData Capture

Post Go-Live Projects

MiFID II: To Go-Live and Beyond 5

In the period after go-live, firms should consider the necessary steps to close gaps and start building a framework for ongoing compliance with MiFID II. Funding and resourcing should be maintained at a level to complete activities that were de-prioritised. Examples could include:

Building and implementing a control framework that ensures long term compliance is vital as regulatory drift often sets in very quickly. Governance procedures for new business activity should assess the impact of MiFID II and ensure that implementation includes sufficient time and budget to achieve full compliance. Citihub Consulting advocates a detailed commercial assessment of new business activities to ensure financial viability and long term feasibility based on changes in volumes. As compliance costs rise, some activities may no longer be viable (e.g. if tradingtrading strategies change and an activity requires microsecond timestamping, the technology uplift for this may not be tenable).

MiFID II requires the annual assessment of governance frameworks themselves (RTS6, Article 1).

Buy and sell side firms must establish a control framework that covers their specific business activities and the elements of the regulation that apply. Some aspects will be common (e.g. the review of transaction reporting changes for MiFID II compliance). Others will be specific (e.g. the introduction of new etrading businesses and the specific microstructural aspects that apply).

NewNew business monitoring must ensure SI obligations are met, or that these new activities do not increase obligations that were not applicable at go-live. A specific MiFID II category of monitoring should be added to all impacted teams.

Monitoring examples include: HFT monitoring to ensure activities do not trip the firm into new obligations. Given the recent ESMA Q&A on microstructure, it may be necessary for firms to monitor their clients’ DEA flows and alert clients when these trigger HFT obligations;Liquidity providers must monitor activities to ensure they operate within schemes and agreements;Monitoring of incidents to determine which must be reported to competent authorities;Alerting of time signal interruptions or failuAlerting of time signal interruptions or failures;Ensuring new technology infrastructure does not impact clock synchronisation solutions (this could be as simple as an emergency fix installing an out of compliance network switch).

Data is so vital to meeting a firm’s MiFID II obligations that new mechanisms for dealing with data incidents and quality issues will be instant regulatory issues. Firms must reclassify their data catalogues to tag MiFID II data elements (see Citihub Consulting’s MiFID II Dictionary as an aid to this).

TheThere must be a control mechanism that ensures changes to MiFID II tagged elements are given specific testing and are implemented through well-defined release procedures. For example, incorrect counterparty data could result in providing inaccurate trade reports. Firms may need a complete overhaul of data incident resolution SLAs; improved alerting mechanisms and even in sourcing of services.

Control Framework

Monitoring

Data Quality

Focus Areas To Prevent And Control Regulatory Entropy Post MiFID II Go-Live:

•

•

•

• •

Regulatory Entropy – Prevention Strategies

MiFID II: To Go-Live and Beyond 6

Post go-live, it is crucial that new projects and BAU activities do not result in the creation of new compliance gaps. Citihub Consulting recommends proactive compliance monitoring and traceability (see prior section) to minimise the impact of regulator investigations, and to enable the business to focus on revenue generating activities.

The process of re-papering (re-contracting) and ensuring LEIs are registered will be a key data point as firms determine Brexit strategies. Understanding legal entity structure and transaction interfaces is a vital starting point to understanding if these relationships and interfaces should change post-Brexit.

Understanding MiFID II cross border obligations will be essential as firms design new structures post-Brexit. The MiFID II analysis will enable the testing of these structures to establish any changes in MiFID II obligations.

FirmsFirms should ensure adequate documentation and fact capture during MiFID II ready for Brexit analysis work. Brexit may demand a simplification of entity structure (move everything outside of the UK) or a more complex one (introducing new EU entities – one or many, or reuse of existing entities).

MiFIDMiFID II requires an understanding of obligations by entity and where entities interact with clients, sales and trading. It is exactly these factors which must be assessed as firms develop new entity structures for Brexit. Introducing a new entity is difficult and challenging. Many firms have had to restructure businesses in recent years because it is difficult to get right: (see: Business Re-Platforming Blog). Introducing a more complex entity structure may have cascading implications to trading venue membership, SI status and trade reporting eligibility.

TTo record orders for MiFID II, and for those records to be timestamped accurately, firms must understand their voice and electronic flows in detail. These flows are ultimately routed through physical hardware. The actual client connections into firms for electronic flows must be understood in case clients interact with new legal entities and if the new entities change order record keeping and/or timestamping points. Having a full inventory of client connections and trading connections is key. Brexit may be an opportunity to review client and venue connectivity and also extract some costcost efficiency as firms line up Brexit organisational plans with updated connectivity solutions – see here.

MiFID II obligations apply to MiFID II entities and to the venues firms interact with. Thus, having understood these for MiFID II, Brexit planners could have head start and an opportunity to consolidate and renovate memberships.

Area DescriptionFocus Areas And Overlapping Areas Of Scope For MiFID II And Brexit Preparation

Client Relationships

Cross Border Analysis

Entity Structures

Infrastructure Locations

Trading Venue Memberships

MiFID II And Brexit Readiness

MiFID II: To Go-Live and Beyond 7

Early in 2016, many MiFID II programme managers were awaiting the outcome of the UK’s Brexit referendum before mobilising execution activities. Some now face the difficult challenge of delivering both MiFID II compliance and the business restructuring activities required to continue operations in the (increasingly likely) event that the UK loses passporting rights. Citihub Consulting has previously outlined why MiFID II will continue to be important in the post-Brexit world. It is our belief that MiFID II programmes are best placed to form the foundations of Brexit scenario planning: MiFID II SMEs have deep knowledge of the organisation, record keeping, flowsflows and microstructural obligations that will reduce duplication of effort and deliver optimal Brexit strategies.

With less than six months until the implementation deadline, firms may find it necessary to re-plan and reprioritise. We recommend centralised command and control, and risk weighted planning of project objectives.

Programme managers must ensure that stakeholders are fully informed about potential compliance gaps and the risks of deadlines that may be missed. We recommend a single (enterprise wide) roadmap as a tool for effective communication.

TheThe industry is resource constrained and this pressure will increase in the coming months. We recommend building (and retaining) a small team of MiFID II SMEs that can manage commodity development and test resources so as to provide sufficient capacity, minimise the risk generated by dependencies on business aligned individuals, and to contain implementation cost.

NowNow is the time that MiFID II programme managers and compliance leaders should build the business case for post-implementation projects. We recommend retaining the core MiFID II team until compliance gaps are closed and an effective operating model and supporting controls – that fully mitigate the risk of regulatory entropy - are in place.

BBrexit outcomes are unknown. However, most firms are planning the transition of some activities to mainland Europe and are scenario planning for others. We recommend that MiFID II programme teams should be viewed as a foundational part of any Brexit initiative in order to leverage knowledge that covers organisational and legal entity structures, business units and instruments, record keeping arrangements, flows and microstructural obligations.

•

•

•

•

•

Summary

MiFID II: To Go-Live and Beyond 8

Citihub Consulting is a global, independent IT advisory firm with deep domain expertise across every layer of the technology stack – from business applications and data platforms down to core infrastructure. From IT strategy, architecture and solution development, through to cost optimisation, risk assessment and implementation – our trusted experts deliver the right results for your business.

ForFor us consultancy is personal. We have a relentless commitment to great execution, integrity and client success. We aim to redefine perceptions of our industry and our commitment to delivering the right results for our clients has never changed, even as the business has grown consistently over the last decades.

For more information, please visit www.citihub.com

Contact UsEMEA

Richard Hamstead

richard.hamstead@citihub.com

Moor Place

1 Fore Street

London EC2Y 9DT

+44 800 028 1901+44 800 028 1901

North America

Keith Maitland

keith.maitland@citihub.com

500 Fifth Ave, Suite 1610

New York, NY 10110

+1 646-780-1150

The Dineen BuildingThe Dineen Building

140 Yonge Street, Suite 200

Toronto, Ontario, M5C 1X6

+1 437 886 8390

Asia Pacific

Steve Rutherford

steve.rutherford@citihub.com

3 Pickering Street

#01-64

Singapore 048660

+65 3152 2777+65 3152 2777

About Citihub Consulting

MiFID II: To Go-Live and Beyond 9