Hatstand introduces MiFID II Advisory Service and Control Risk Assessment

Hatstand has launched its MiFID II Advisory Service and Control Risk Assessment

Hatstand has launched its MiFID II Advisory Service and Control Risk Assessment

In response to the growing regulatory, risk and compliance burden that’s now being placed on financial institutions, global capital markets specialist Hatstand has announced the launch of its MiFID II Advisory Service and Control Risk Assessment (CRA) framework that’s specifically designed to identify gaps in regulatory compliance before the January 2017 deadline.

The new advisory methodology breaks down MiFID II into 12 discrete modules encompassing the different aspects required for complete implementation of MiFID II/MiFIR. Through its service, Hatstand will work closely with organisations to establish which regulations they need to comply with and by when. This will “ensure a regulatory change pathway” for the fulfilment of companies’ obligations around the regulation.

The 12 modules include: Transaction Reporting, Record Keeping, Client Classification (and other KYC rules), Evolution of Non-Equity Trading Platforms, Product Governance, Best Execution – Equity, Best Execution – Non-Equity, Off the Record Messaging/Chat Rooms, Research Usage Review and the Impact of Unbundling, Impact Analysis for Non-Financial Companies and the MiFID II Readiness Assessment.

To further support this move, Hatstand’s CRA – a managed self-assessment solution – allows banks and other financial institutions to gain an accurate and comprehensive understanding of regulatory compliance levels around the globe combined with operational, technical and cyber security risks. It integrates with any business structure to identify risks and gaps across business, IT and production support for all eTrading, trade and transaction or risk reporting flows and information security.

There are three stages to the Control Risk Assessment:

*Stage 1: An application inventory is first completed which includes an analysis of in-scope systems and identifying any non-IT owned applications. Here, Hatstand carries out an analysis of risk proportional priorities. It also conducts business process flow analysis, mapping out applications to business process flow usage. At this point, the company can add client policies or regionally-specific regulations not covered in the initial offering

*Stage 2Hatstand goes into the management of the self-assessment process, the review of self-assessments, the management of the IT governance peer-review process and the subsequent client sign-off of findings

Stage 3: This includes the creation of regulatory gap/risk analysis and remediation plans

Stretched to breaking point

Frank Pottle

Frank Pottle

Frank Pottle, associate director at Hatstand, told Risk UK: “The pressures of regulatory change on the industry following the 2007-2008 financial crisis have been monumental. This has resulted in compliance, IT and other support functions within businesses being stretched to breaking point as firms scramble to meet the demanding deadlines. The message from the regulators is clear: firms need to show good progress towards meeting the deadlines and, at the minimum, should have tactical processes in place to meet the requirements backed up by robust planning for strategic solutions.”

Pottle continued: “While there is still some leeway for banks, by the time the MiFID II deadline comes around, they and other financial institutions will run into substantial difficulties if they cannot show that they’re either compliant or otherwise taking demonstrable steps to be so. It must be recognised that the complexity of both the regulation and underlying IT infrastructure means that the chances of achieving compliance by themselves will prove extremely low for many.”

The majority of today’s financial institutions don’t have adequate controls in place to prevent systemic failure in process or governance: failures which could lead not only to massive fines, but also reputational risk, financial risk or even complete business failure.

Moreover, they have little – if any – understanding of any legacy operational, technical or cyber security risks to which they might be exposed.

Pottle explained: “The only way financial institutions are going to attain a true risk position is to take control by using true industry experts to build a comprehensive risk profile of both new and existing risks by dint of detailed assessment. When organisations are able to proactively approach the regulator with a clear and proven risk state and roadmap for achieving compliance, they will not only demonstrate a complete and 100% awareness of the state of compliance, but also demonstrate to the broader political landscape that financial institutions are committed to reducing risk and co-operating with regulators, a fact that could go some way towards healing the huge trust gap that continues to hamper effective financial operation.”

 

 

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts