From regulation to supervision – the trajectory of MiFID II

The attempt of the EU to re-regulate the financial industry took effect. Companies are struggling with their complex disclosure requirements, which can only be met by costly IT solutions. Although MiFID II is unworkable that it may soon have to be replaced, the worry is that it may be the precursor of a surveillance apparatus.

A trader at the Deutsche Boerse in Frankfurt, Germany
A trader on the floor of the Deutsche Boerse in Frankfurt, Germany. © dpa

In a nutshell

  • EU financial institutions face stringent disclosure requirements to curb fraud and abuse
  • Costly and powerful IT solutions are needed to comply with MiFID-II
  • Early evidence suggests the new regulations won’t be effective; but that is the least of their problems

The global financial crisis of 2007-2009 revealed pervasive misconduct in the financial services industry, involving some of the largest and most prestigious American and European financial institutions. Ranging from abusive practices in mortgage securities and commodities markets to the manipulation of foreign exchange and interest rates, not to mention questionable accounting, fraud in the financial sector appeared in many guises. Its scope and pattern convinced many economists that financial malfeasance – and the failure of regulatory systems designed to cope with it – were at the root of the debacle that surprised the world 10 years ago, plunging its leading economies into their longest and deepest recession since World War II.

In the aftermath, there has naturally been a deep concern among policymakers on how to reform the regulation of financial markets to make them a safer place for investors. In this context, the European Union came up with an ambitious project to reregulate the financial industry. This new “Markets for Financial Instruments Directive” (MiFID II) went into effect in January 2018, after repeated delays.

The original 2014 directive, along with the accompanying regulation (MiFIR) of the same year, is part of a voluminous regulatory package that also includes various recommendations, guidelines or technical standards elaborated by the European Securities and Markets Authority (ESMA) and other supervisory bodies. Furthermore, market regulators are counting on upcoming changes to EU banking law (including provisions on bank recovery and resolution) to profoundly transform the legal framework for investment services.

MiFID II is actually a recast version of MiFID I, which was passed by the European Parliament in 2004 and finally implemented in 2007 – just before the crisis hit. This earlier legislation attempted to harmonize financial regulation in Europe, but was quickly made obsolete by the growing complexity of contemporary financial instruments and the rapid changes in postcrisis markets. Under these circumstances, MiFID I obviously did not live up to expectations.

MiFID II was designed to solve some of its precursor’s problems. However, it introduces many new challenges to the financial industry whose impact, at least for now, is extremely difficult to assess.

Investor protection

The goals of the MiFID II/MiFIR package are manifold. First, trading platforms are to undergo drastic reform to make them more transparent. The aim is to restore the lost confidence of retail investors in stock markets, investment firms and credit institutions.

For instance, regulators are seeking to get under control and limit so-called “dark pools,” the mostly private and opaque trading venues where neither the stock price nor the size of buy or sell orders are revealed in advance. Under MiFID II, much of European equity trading is being forced back into so-called “Lit” (for light pool, or public) stock markets.

The new regulations seek to curb some commonplace strategies in banking and asset management.

The directive also seeks to curb some commonplace strategies in banking and asset management that are considered prejudicial to retail investors. To protect customers from being tricked into buying needlessly complex financial products, firms are forbidden from remunerating employees (or even positively assessing their performance) based on their ability to sell instruments that are not strictly in the client’s interests. The typical sales targets that banks impose on their staff are banned by the new regulatory regime.

In the same vein, MiFID II targets the widespread practice of inducements for independent advisory services and third-party discretionary portfolio asset management. Traditionally, such advisors were offered substantial commissions by fund managers. These fees, charged to the fund, amount in fact to a cost paid by the investor. Furthermore, the fee structure of such services is usually opaque and arbitrary. With MiFID II, these so-called retrocessions will shrink to practically nothing. Jobs will be lost and whole branches of activity will disappear. The asset management industry will struggle to reinvent itself.

Protecting (supposedly vulnerable) investors by increasing the transparency and clarity of the services they receive – and ultimately, the risks they take – is one of MiFID II’s main goals. Another is detecting abusive trading early on and deterring it through the threat of sanctions.

Fraud prevention

To deliver on investor protection, MiFID II (Article 69) gives market regulators unprecedented supervisory and investigatory powers. They include the ability to:

  • Obtain any document or data considered relevant to their activities
  • Demand information from any person, including the power to issue a summons for questioning
  • Carry out on-site inspections and investigations; this includes access to the premises of natural or legal persons with probable cause
  • Require investment firms, credit institutions or other regulated market entities to supply on demand recordings of telephone conversations, electronic communications or other data traffic records; this information must also be supplied by telecommunication operators on demand
  • Freeze and/or sequester assets
  • Temporarily suspend business activities
  • Demand additional information from company auditors, regulated markets and data service providers

Moreover, the directive strongly encourages employees of financial institutions to report potential or actual infringement they have witnessed, while providing adequate protection for whistleblowers.

Finally, the competent authorities are empowered to levy fines on individuals and institutions responsible for abuses that are “sufficiently high” (to quote the directive) to offset any benefit accruing to the wrongdoer. These fines are intended to deter individual and institutional investors from engaging in unethical trading behavior.

Clients under scrutiny

Under MiFID II, users of financial services could be better protected than ever against market abuse, but they will also be under unprecedented surveillance. Indeed, financial institutions are obliged, on the regulator’s behalf, to closely monitor and report on clients’ trading activities. Their new legal duties include large-scale data retention, extending to relevant pre- and post-trade information.

Most financial firms do not possess the in-house expertise and resources to shoulder the compliance burden.

For example, face-to-face conversations with clients must be recorded, either technologically or through written minutes or notes; telephone conversations involving client orders must be taped and made available on request; email exchanges should be kept in easily retrievable files that can be delivered to supervisors at any time. Copies of all the data must be stored in dedicated facilities to minimize the risk of loss or damage.

For companies, these reporting obligations create enormous amounts of work. They require special data classification systems that must be constantly updated, mountains of complex reporting sheets, elaborate “Know Your Customer” procedures to verify client identities, and ever more efficient alert mechanisms to cross-reference all this data. Most financial firms simply do not possess the in-house expertise and resources to shoulder the overwhelming and constantly growing compliance burden, which requires, among other things, powerful and costly IT solutions.

Regulatory technology

Not surprisingly, much of the work has been outsourced to service providers who specialize in helping financial institutions monitor their client base. Innovative solutions to improve the handling of financial data are now in great demand.

This is already spawning a new sector on the fringes of the heavily regulated financial industry. The new entrants offer so-called RegTech (or “Regulatory Technology”) solutions, using artificial intelligence to handle the staggeringly complex demands of MiFID II.

Skyline of the City of London
London-based financial companies are best equipped to cope with MiFID II’s demands, but Brexit may exempt them from its rigors by March 2019. © dpa

The simple act of understanding, interpreting and implementing tens of thousands of provisions imposed by the European regulators over the past decade (MiFID is but one of many) is proving nightmarish for the financial industry. RegTech offers companies customized models and algorithms for filtering, tagging and rewriting “slices” of the regulations through machine technology, making sense of them for business. Undeniably, RegTech has a bright future given the pace, volume, diversity and ambiguity of financial regulatory activity – not to mention the complexity of the industry and of markets themselves.

All this costs a lot of money, imposing a significant loss on financial institutions. A recent survey found that regulated firms spent an average of 4 percent of their total revenue under MiFID I; this share could soon rise to 10 percent or more under MiFID II. Large companies that can afford RegTech will find compliance costs hefty; for smaller companies, they could quickly become prohibitive.


Six months after MiFID II came into force (after a year’s delay), many companies are still struggling to upscale their compliance budgets. Only about half of European companies consider themselves ready for the regulation, according to one survey.

Even that total might be optimistic, since the United Kingdom’s vast financial sector – probably the best equipped to cope with MiFID II – may be out of the EU and thus exempt from the new requirements by March 2019. It is difficult to say what that means for financial companies in the remaining EU states, but there has been speculation that a hard Brexit could potentially jeopardize the entire regulation.

Some observers believe MiFID II’s sheer complexity could soon make it impractical.

Some observers believe MiFID II is already a nonstarter. Its sheer complexity could soon make it impractical, forcing regulators to revert to a “souped-up” version of MiFID I that has already been dubbed “MiFID III.”

The effectiveness of MiFID II is also contested. There is no evidence so far that dark pools, a prime target of the directive, will disappear from the financial landscape. On the contrary, the brokerage community can be expected to develop a new arsenal of tools to keep trading in the dark, as one European dark pool operator told Bloomberg News.

Getting shut out of dark pools can hurt investors in markets where high-frequency trading (HFT) is the norm. High-frequency traders use algorithms to spot big orders and trade against them in milliseconds, making a quick profit on infinitesimal price disparities. This predatory trading potentially puts at risk the inputs of slower and larger players, such as pension and mutual funds.

Aware of this problem, MiFID II grants certain large-scale traders, as defined in a special July 2016 regulation, a waiver to stay in dark venues. But even smaller traders seem to be finding ways to do so, with the help of companies or trading networks (like Goldman Sachs, Nasdaq, CBOE and Liquidnet) offering services that allow smaller players to flourish there, such as periodic auctions or so-called systematic internalizers.

These shortcomings make MiFID III a plausible scenario in the years to come. What such an amended regime would look like – less complex or possibly even more – is anybody’s guess at this stage.

From RegTech to SupTech

What seems likely, however, is that the protection/control issue at the heart of MiFID II will live on in future frameworks. Each new generation of EU regulators seems more determined to transform financial professionals into compliant agents of a global supervisory process.

The trajectory to what some have called “SupTech” seems already clear. Regulation would be replaced by close supervision, or more precisely, by an implacable surveillance apparatus with global reach, based on machine-learning. Financial transactions would be placed under the control of a supervisor who one day soon could stream virtually any trading data in real time and intervene on the spot, such as by blocking a transaction in progress if the system detects fraud or compliance violations.

For now, this vision is still hypothetical. A supervisory regime in which all financial market participants – including the most ordinary retail bank customers – would be monitored in real time may appear “efficient” to some. But the cost of such paternalism would be intolerably high, further curbing personal freedoms with little tangible benefit.

Related reports

Scroll to top