With the implementation of the revised Markets in Financial Instruments Directive (MIFID II) less than 6 months away, investment firms are gearing up to the comply with the upgraded directive before the deadline. From the numerous upgrades and revisions to different elements, one of the biggest changes relates to the regulation regarding how firms record transactions and their dealings with clients. Under MiFID I, firms were subject to a few record keeping requirements compared to under MiFID II. Investment firms are required to keep records of every client order and every decision taken to execute the order. Firms must also keep records of transactions while executing or transmitting an order. European Securities and Markets Authority (ESMA) has provided a non-exhaustive list of minimum records to be kept which firms must adhere to. The period of time for the retention of a record shall begin on the date when the record is created. As per the directive, data must be stored for at least five years (with an option to extend it to seven years) and should be in a medium that can be easily accessed by National Competent Authorities (NCAs). One might say firms have limited and straightforward record keeping requirements under MiFID I. However, in order to fill the gaps left by MiFID I and due to the rapid development of the internet, the commission has significantly enhanced the record keeping requirements.

Under MiFID II, there is an increased need for investment firms to provide required information to NCAs. These enhanced records will assist NCA in confirming whether a firm has complied with its obligations in respect to its behaviour relating the integrity of the market. As a result, record keeping requirements under MiFID II are much more granular. MiFID II rules require investment firms to store records of all services, activities and transactions and ensure the data is sufficient so that a regulator can reconstruct each stage involved in the processing of a transaction. This means all the initial forms of communications must now be recorded as well, which is quiet an ask. In addition, records have to be ‘readily accessible’ by the relevant competent authority. However, there isn’t an explicit definition by ESMA or the FCA on what ‘readily accessible’ means. They expect a firm to identify what is appropriate based on the type of transactions involved. Firms at the moment might be looking at market benchmarks set by other regulations such as the American Dodd Frank regulations which imposes a requirement of a 72-hour turnaround. Investment firms must now ensure the stored records cannot be manipulated in any way, unless it is for amendments. In this case, a clear audit trail is required to show the changes that have taken place. MiFID II also requires firms to immediately record every initial order received from a client and in relation to every initial decision to deal taken for the disposal of any NCAs.

MiFID II has improved regulations regarding recording of voice and electronic communications as well. The new regulations require firms to operate an effective policy which covers the rules surrounding the recording of telephone conversations and electronic communications. It is mandatory for firms to keep records of telephone conversations and electronic communications relating to transactions whether they deal on own account; or receive, transmit or execute client orders. Keeping in mind the evolution of internet compared to a decade ago when MiFID I was introduced, MiFID II also extends its scope of communication to any form of electronic media like emails instant messaging, video conferencing, SMS and so on. This might turn out to be a tricky affair for firms as the widespread use of smart phones over the past few years has resulted in various messaging applications being used for communication. Firms must also inform new and existing clients that telephone calls which may result in transactions will be recorded.

With uncertainties still looming over a lot of the granularities over MiFID II, firms are still waiting for NCAs to localise the MiFID II guidelines and make them more specific. According to an estimate from auditors E&Y, a standard medium-sized UK wealth manager is expected to spend between £3 million to £5 million on preparations for MiFID II compliance. Enhanced compliance requirements including the ones on record keeping is expected to change how wealth managers conduct their research and how they bundle information. It is obvious that regulatory changes to processes like record keeping will affect all ends of a firm including IT, marketing and HR. How managers will align their firms with these changes and how NCAs across Europe will bring a sense of clarity to these vague requirements remains to be seen.

Six months remain. January is looming. It seems as if there is some anxiety building up about the impact of MiFID II and the compliance deadline.

The Markets in Financial Instruments Directive II or MiFID II is the biggest regulatory shake up of European financial markets in at least a decade. Its aim is to enable greater transparency and protection for customers across a range of asset classes and its financial instruments.

The time left to comply is not the only reason investors and firms alike are showing some signs of anxiety. In part, some of this anxiety emanates from the regulators themselves. The sense is that there needs to be further clarity on the scope and greater level of detail for meaningful guidance.

A study by JWG found that 90% of institutional investors in Europe risk non-compliance, are under-prepared and over-stretched in efforts to comply with nearly 1.5 million paragraphs of rules.

Whether more time will be granted beyond the one year delay will be interesting. The reality is that probably one third of the rules are yet to formalised or the provision of technical guidance for their implementation.

However, most firms or investors affected by the regulation will wish not to take the chance to miss compliance. Getting locked out of particular markets they operate in or face significant penalties would not be a great start to the new year.

One of world’s leading universities in London was victim to a significant cyberattack.

University College London (UCL) is one of London’s leading multidisciplinary universities. The attack targeted the institution’s IT systems, shared drives and management systems, affecting over 35,000 students and 11,000 staff.

The ransomware attack started appearing through phishing emails. UCL email system of both students and staff were infected with links and attachments as the anti-virus was unable to detect it. Once the email and its attachments were opened, the local and shared drivers were targeted, compromised and encrypted.

UCL is unable to access the system and specific files. Shared network drives were locked by the UCL’s Information Services Division.

They also released the following statement ““It is vital we all maintain a high level of vigilance when opening unexpected emails. If the email is unexpected or in any way suspicious then you must not open any attachment or follow any link in the email. Doing so may lead to loss of your data and very substantial disruption to the university.”

In order to avoid the negative consequences of ransomware, such as losing important files, preventing detecting and responding to security breaches in information technology system quickly is vital. Ensuring individual access to websites is secure and only opening attachments from trustworthy and known sources – is a good preventative measure. It is both the responsibility of the individual and the business to prevent these attacks and address them quickly and effectively.


Looking to the future – Steven Maijoor addresses FIA IDX conference, no more MiFID II delays
• The chair of ESMA has pledged there will be no further delay on the implementation of MiFID II.
• Speaking during the FIA IDX conference in London, ESMA’s Steven Maijoor eased concerns that the regulation would face further delay.
• “Contrary to some recent coverage and commentary, MiFID 2/MiFIR will come into effect on 3 January 2018, there will be no further delay in its implementation. One delay has been enough for all concerned,” said Maijoor.
• ESMA informed the European Commission in October 2015 “that a delay to the technical implementation of MiFID II was unavoidable.”
• ESMA is on track with all MIFID 2/MIFIR IT projects, in particular the Financial Instruments Reference Data System (comprising the collection of reference and trading data and the transparency calculations), and the double volume cap mechanism,” said Maijoor.

Financial fraud is a crime which involves deception of financial transaction for personal gain. It involves complicated transaction usually conducted by “white collar criminal” such as business professionals. Financial Fraud is an increasing problem across industries and this could be due to the difficulty of checking identities of companies and individuals as it is easy to set up fake websites, steal personal information and change IP location. The ease of using the internet contributes to making internet fraud a growing problem.

Financial fraud results in catastrophic losses each day, Financial Fraud Action UK reports that in 2016, the UK lost £2 million each day and a total of £768.8 million, an increase since 2015.

There are many methods of financial fraud, it can be through post, phone calls, emails or even face-to-face interaction.

The developments in technology, and the easiness of the conducting transactions over the internet without face-to face interaction increases the threat for the financial industry as fraud opportunities are ever-growing.

Law firms are especially in risk, as it is one of the most targeted sectors due to its sensitive nature. The consequences are extremely serious. Client funds and records are at risk, and solicitors will be held responsible and will be subject to pay money to lender as well as lose their reputation and suffer brand damage. Simple actions such as sending emails which includes bank details can put the firm at risk.

The Guardian Reports that during the first half of 2013, every fifteen seconds a financial scam was committed. Some of these scams include fake law firms and lawyers. Dovernor, which is a scam law firm website, looked very convincing as pictures of staff and information was stolen from a legal practice in the USA. These law firms take advantage of vulnerable people who need lawyers, and

This isn’t only occurring in the west, in Hong Kong, Two individual, aged 30 to 48, were said to have posed as directors of two different law firms. The Solicitors Regulation Authority reports “more and more reports” of these incidents by day.

There is however a lot that firms can do to protect themselves and reduce the risk, companies should not only hire specialists who should keep up with the growing technological threats but should also train their employees to become more diligent with every-day information, such as noticing changes in email addresses.

It is of the utmost importance to increase the alertness and vigilance of employees, however clients and investors should also be aware. For investors, it is important to always be suspicious of opportunities which sounds “too good to be true” or say you have to act quickly. Regarding technology, ensure your firewall and antivirus software is up to date, never click on links from emails or send your PIN number over email or phone.

Stock trading monitor (black and white)

ESMA has added 14 new Q&As to its document on the implementation of investor protection topics under the MiFID II/ MiFIR. The new Q&As cover the topics of ‘information on costs and charges’, ‘post-sale reporting’, and ‘appropriateness’. The overall MiFID II Q&A provide clarifications on the following topics:

  • Appropriateness;
  • Best execution;
  • Suitability;
  • Post-sale reporting;
  • Inducements (research);
  • Information on charges and costs; and
  • Underwriting and placement of a financial instrument.

ESMA will continue to develop this Q&A on investor protection topics under MiFID II in the coming months, both adding questions and answers to the topics already covered and introducing new sections for other MiFID II investor protection areas not yet addressed in this Q&A.

Islamic Finance goes back centuries, however it has recently gained world-wide recognition. With the rise in ethics, Islamic Banking bridges this gap between capitalist and socialist financial systems through the values and rules it follows.

Islamic Banking provides financial services that follow Shari’ah Islamic law and rules. This mean receipt and payment of interest is forbidden as it is seen as exploitative and each transaction needs to have an economic purpose. Fairness is very important in Shari’ah law therefore equally shared risk and benefit is emphasised. Equity financing is allowed however investment in pornography, weaponry, alcohol or other markets considered harmful to society is not. Excessive uncertainty is also forbidden, all transactions must be asset-backed. Purely monetary transactions are not allowed — activities must be anchored in the real economy. Asset-backing provision is often ignored in traditional banking, increasing the risk related to the transaction.

Islamic Finance is rapidly growing, Technavio’s market research predicts that the global market for Islamic Finance will create a CAGR of 19% until 2019. It also shows that with the growth of Islamic financing in Asian countries such as Pakistan, Bangladesh and Indonesia, the market size of Asia will be over $985 billion by 2019. While the last decade saw double- digit growth rates in the value of the Islamic finance industry, it is still a very long way from saturation.

This growth emerged in an environment where there is no fully-developed financial and economic system based on Islamic principles. Therefore it faces a number of challenges.

Firstly, regulation protecting the depositors is lacking as there is no type or level of protection assigned to Islamic banking instruments. There are also challenges on the asset side, Islamic Banks are the legal owners of all the products they sell and finance, however the disclosure of the these contracts and transparency is not yet available due to the lack of regulatory regimes.

Accreditation of the Shari’a scholars and the development of these rules to approach Islamic finance is also a limitation to this field.

Within each country, Shari’a compliance varies, some products are considered to Sharia’ compliant in Malaysia for instance may be forbidden in the UAE. There are organisations which can address this problem and standardise this, such as AAOIFI. This harmonisation will not only aid Islamic financial reporting but will additionally enable western regulators to understand and work with the Islamic Finance Industry

Despite these ethics, disputes are bound to occur and investors may not be familiar with Islamic contracts, and different court systems may handle these disputes differently depending on their legal system, such as when the dispute between Shamil Bank of Bahrain and Beximco Pharmaceuticals ended up in an English court in 2004.

Although Islamic banks use the same management tools as traditional banks, they still face unique risks. Their risk management is limited by inadequate short-term liquidity management as well being affected as the prohibition of derivative instruments. There is a need to innovate the risk measurement and monitoring process.

There is considerable scope for Islamic financial Institutions to foster innovation to face regulation challenges, create standardisation, settle disputes and identify and manage risks efficiently. There is a high expectation of increased widespread participation and many banks will continue to increase their Islamic products.

While Islamic finance industry has already established itself as a niche market, especially for Muslim customers, and has registered robust growth it faces some important issues and challenges, from regulation and standardisation to risk management. This breeds the opportunity for innovation and new business opportunities.


With Brexit occurring, more and more investors are less willing to invest due to the economic turbulence. However, crowdfunding is offering an alternative to the traditional services in response to difficulties that may be faced by enterprises attempting to generate funding.

Fintech continues to disrupt and revolutionise traditional services. The accessibility, mobility and technology has made it possible for a new generation to engage directly and donate or invest in a campaign they personally have an interest in. Crowdfunding has democratized the movement of funding from institutions to smaller micro investors.

Ultimately, Fintech Equity crowdfunding provides a platform that allows donors to invest money in exchange for equity in the venture.

Fintech equity crowdfunding will help firms attract loyal customers. Through allowing their customers to become shareholders, they are also ensuring the customer will be loyal to their product therefore increasing the number of engaged customers as well as funding their ventures.

Many fear Fintech Crowdfunding will replace venture capital firms. SME’s have direct access to crowds of investors, who invest at any stage of business (Seed, development and most recently IPO). According to Business Insider Investment levels in Fintech are not only increasing but they are becoming favoured investment among VC’s and angels.

Beauhurst’s research shows that Equity crowdfunding investors are happy with lower equity stakes for the same investment in comparison with traditional investors.

Crowdexpert (2016) reports the total Global Crowdfunding Industry estimated fundraising volume in 2015 is $34 Billion, with real estate crowdfunding growing by 156% in 2014, just breaking the $1 billion mark, with campaigns ranging in size from less than $100,000 to over $25 million.  Equity crowdfunding is expected to continue growing this year, especially considering Brexit.. More regulation will be implemented into this sector by the FCA to increase transparency and protection.

Follow us on LinkedIn, Twitter and Facebook to learn more about FCA regulations and keep up with the industry.

Has your organisation updated its procedures, forms and wording for obtaining individual consents to ensure compliance with the GDPR?

Despite the GDPR deadline quickly approaching and requirements it holds, only half of the UK’s IT decision-makers are aware of this EU data protection regulations. GDPR calls for an upgrade in technology in the Healthcare sector.  An appropriate level of privacy and risk mitigation is required for higher risks situations such as these.

GDPR will apply to NHS and other health organisation’s as it protects European citizens. The new regulation will give large accountability to the NHS. In cases of breaches, the Healthcare sector will suffer the most consequences, in one study across 16 industries the highest cost of data breach was in the healthcare at $355 per patient record. Another report by the Freedom of Information request shows that 28 NHS trusts have been attacked within just a year.

According to Experian’s Data Breach Industry Forecast 2017, the health data will be the most targeted sector next year. This is due to the sensitive nature of the records kept with healthcare organisations. The NHS will need to employ stringent privacy measures to protect customers to prepare to comply with GDPR and work to avoid the risk of breaches as new advanced attacks emerge.

GDPR will prohibit the processing of certain health data, including genetic data such as physiology or hereditary and data concerning mental or physical health. There are exceptions and health organisations which collect data will need to ensure they have either obtained explicit consent for specified purpose (unless it’s a “life or death” situation and they are physically or legally incapable of consenting) or prate process is pessary of preventive or occupation medical or public interest.

Organisations will need to establish a robust data programme and target their budget and resources to ensure they comply with GDPR by May 2018. This will not only help reduce the risk of breaches but will build the trust of stakeholders such as patients and partners. By complying with GDPR they are less likely to come across enforcement or legal action from data subject and suffer reputational and negative publicity.

International law firms are preparing for GDPR, the EU General Data Protection Regulation.

GDPR intends to strengthen and unify protection for individuals within the EU through a harmonised set of regulations. This makes it easier for non-EU companies to comply. GDPR will give citizens back the control of their personal data, extending the scope of EU data protection to all foreign companies processing data of EU residents. It will also simplify the regulatory environment for international business.

Given the sensitive data international law firms hold of EU citizens, they must be prepared to implement GDPR to avoid fines as high as 20 million Euros or up to 4% of global turnover. According to a survey by information management experts Crown Records Management, 44% of Law Firms in the UK had already appointed a data protection officer.

Data Protection impact assessments are necessary, as well as receiving and recording consent from clients on how their personal data is to be used. Clear information and explanation of how the collection of data is completed and what the firm will be doing with it is a requirement of GDPR.

International Law Firms will need to notify the data subject if a breach is likely to negatively affect the protection of the personal data or privacy of a data subject. Implementation will include allowing individual the right to have their data erased and forgotten which will may require an updated software system.

International Law Firms are urgently working to reduce the risks of breaches and ensure they follow GDPR by the 2018 deadline. In security and privacy, prioritisation of safeguards and targeting of limited budgets and resources is key to ensure both compliance with GDPR by the 2018.


To keep up with the latest news follow us LinkedIn, Twitter and Facebook