In response to the growing regulatory, risk and compliance burden that’s now being placed on financial institutions, global capital markets specialist Hatstand has announced the launch of its MiFID II Advisory Service and Control Risk Assessment (CRA) framework that’s specifically designed to identify gaps in regulatory compliance before the January 2017 deadline.
The new advisory methodology breaks down MiFID II into 12 discrete modules encompassing the different aspects required for complete implementation of MiFID II/MiFIR. Through its service, Hatstand will work closely with organisations to establish which regulations they need to comply with and by when. This will “ensure a regulatory change pathway” for the fulfilment of companies’ obligations around the regulation.
The 12 modules include: Transaction Reporting, Record Keeping, Client Classification (and other KYC rules), Evolution of Non-Equity Trading Platforms, Product Governance, Best Execution – Equity, Best Execution – Non-Equity, Off the Record Messaging/Chat Rooms, Research Usage Review and the Impact of Unbundling, Impact Analysis for Non-Financial Companies and the MiFID II Readiness Assessment.
To further support this move, Hatstand’s CRA – a managed self-assessment solution – allows banks and other financial institutions to gain an accurate and comprehensive understanding of regulatory compliance levels around the globe combined with operational, technical and cyber security risks. It integrates with any business structure to identify risks and gaps across business, IT and production support for all eTrading, trade and transaction or risk reporting flows and information security.
There are three stages to the Control Risk Assessment:
*Stage 1: An application inventory is first completed which includes an analysis of in-scope systems and identifying any non-IT owned applications. Here, Hatstand carries out an analysis of risk proportional priorities. It also conducts business process flow analysis, mapping out applications to business process flow usage. At this point, the company can add client policies or regionally-specific regulations not covered in the initial offering
*Stage 2: Hatstand goes into the management of the self-assessment process, the review of self-assessments, the management of the IT governance peer-review process and the subsequent client sign-off of findings
Stage 3: This includes the creation of regulatory gap/risk analysis and remediation plans
Stretched to breaking point
Frank Pottle, associate director at Hatstand, told Risk UK: “The pressures of regulatory change on the industry following the 2007-2008 financial crisis have been monumental. This has resulted in compliance, IT and other support functions within businesses being stretched to breaking point as firms scramble to meet the demanding deadlines. The message from the regulators is clear: firms need to show good progress towards meeting the deadlines and, at the minimum, should have tactical processes in place to meet the requirements backed up by robust planning for strategic solutions.”
Pottle continued: “While there is still some leeway for banks, by the time the MiFID II deadline comes around, they and other financial institutions will run into substantial difficulties if they cannot show that they’re either compliant or otherwise taking demonstrable steps to be so. It must be recognised that the complexity of both the regulation and underlying IT infrastructure means that the chances of achieving compliance by themselves will prove extremely low for many.”
The majority of today’s financial institutions don’t have adequate controls in place to prevent systemic failure in process or governance: failures which could lead not only to massive fines, but also reputational risk, financial risk or even complete business failure.
Moreover, they have little – if any – understanding of any legacy operational, technical or cyber security risks to which they might be exposed.
Pottle explained: “The only way financial institutions are going to attain a true risk position is to take control by using true industry experts to build a comprehensive risk profile of both new and existing risks by dint of detailed assessment. When organisations are able to proactively approach the regulator with a clear and proven risk state and roadmap for achieving compliance, they will not only demonstrate a complete and 100% awareness of the state of compliance, but also demonstrate to the broader political landscape that financial institutions are committed to reducing risk and co-operating with regulators, a fact that could go some way towards healing the huge trust gap that continues to hamper effective financial operation.”