You can say one thing for a business disaster these days: it's usually a lucrative "opportunity" for IT people. The next such opportunity is going to be MiFID – the EU Markets in Financial Instruments Directive, which goes live in November 2007.
MiFID affects only a subset of UK companies, those in financial services (check out the FSA web pages at the above link), although some that are affected may not realise it yet – some will be coming under regulation for the first time – and it will have a major impact on those affected.
A guide to the MiFID state of play in the UK, from Michael Folger of the FSA, is available here; and another, Jitz Desai's MiFID: The roadmap to implementation, can be obtained from the MiFID documents section of the JWG-IT think tank pages (registration required).
MiFID is intended to increase transparency for trading in financial instruments and will, possibly, provide better consumer protection in this market. But, it has consequences for the IT group in firms affected (and remember that it will be a large and therefore high-risk project, highly visible, attracting board-level interest, and dealing with external regulators).
And, as usual with implementation of regulatory change, such work is likely to be well-paid - either because the legislators have unrealistic timescales or, more likely, because many businesses will leave compliance to the last possible moment.
What this new directive means (among other things) is that customers will be able to expect "best execution" of their trades according to published rules (and select their financial services partners according to their own preferred interpretation of "best execution").
However, there are few prescriptive rules as to how exactly to implement this (ILOG's Jean-Baptiste Dezard provides a useful summary of the likely requirements in his paper Addressing MiFID's Best Execution challenge - more from ILOG on MiFID here).
Financial services firms will be expected to be able to point to a documented process that implements MiFID to the satisfaction of the regulators. They may also have to defend their interpretation of best execution if this is disputed (going back five years) and be able to supply timely information on the completion of deals to their customers and regulators.
This may be good news for financial services customers, and it promises to reduce capital costs and provide increased business for financial services firms – although high implementation costs are also anticipated.
However, it will be a real headache for a hard-pressed IT department, especially if resources haven't been allocated to MiFID, since the MiFID rules (which were supposed to be formulated by the national regulators for the beginning of 2007) have not generally been implemented across Europe yet, and the MiFID "go live" date is November 2007.
Luckily, the UK FSA is ahead of the game - although MiFID is an international issue, in general, even for UK companies.
At SunLIVE07, Nick Gibson, head of regulatory stream, EU MiFID Programme, ABN Amro, discussed some of the potential technical challenges associated with implementing MiFID. These include:
- Knowing what application logic is needed - Dutch law, for example, is unlikely to be finalised until shortly before MiFID goes live, giving Dutch IT groups little time to code and test the necessary logic.
- Deciding what the "best execution" requirements really are; not just the rules applying when the trade is made, but any logic required to report on best execution from trades five years ago – do we need to actually recreate the market at the time of the trade? Gibson thinks not, but this isn't clear.
- Managing the operational risk is associated with traders having to work out which rulebook applies to, say, a French client trading with the London branch of a Dutch bank.
- Improving the user interface to financial systems, to make supplying more information to customers and other stakeholders easier ("self service" facilities may be needed).
Gibson also points out (ironically) that transaction reporting is "a joy" - with 27 potential variants and a choice of the applicable regulator and regulating engine (internal or external) to worry about.