One could argue that the current, slightly surreal world in which we live – where even the certainties of death and taxes seem under threat – can trace its origins back to the global financial meltdown of 2008. Austerity has been the order of the day ever since, and the political world has, as a consequence, witnessed extraordinary scenes, such as the UK’s decision to leave the European Union and the election of ‘non-political’ presidents, such as Donald Trump in the USA and Emmanuel Macron in France.
Determined to prevent a repeat of 2008, Europe’s policy-makers have been busy updating the Markets in Financial Instruments Directive (MiFID) and the accompanying regulation (MiFIR). The objective is to provide a safer, more stable investment market, thus restoring consumer confidence, by enhancing consumer protection. MiFID II comes into force on 3 January 2018 (2018 is a busy year for those with an interest in compliance legislation, as the GDPR also arrives!), and places the emphasis on creating fairer, safer, more transparent and more efficient markets. Bloomberg Professional Services describes MiFID II as ‘arguably the broadest piece of financial industry legislation ever and having the potential to significantly change market structures’.
MiFID II applies to all financial industry organisations that operate in and/or do business with European firms providing investment services. So, regardless of Brexit (!), chances are that, if you work in the financial sector, MiFID is going to place a whole series of new, legal obligations on your organisation and, surprise, surprise, this means the creation and retention of a whole new set of data. Data that needs to be ‘above suspicion’ when the regulator comes knocking on your office door and demands to see the audit trail for any particular one-off, or series of, transactions.
For example, the European Securities and Markets Authority (ESMA), via its Regulatory Technical Standards (RTS), indicates that financial organisations will have to carry out a large amount of data analysis to determine their obligations under the MiFID. And then there are the rules covering the provision and receipt of investment research, not to mention those covering transaction reporting and best execution.
For data centre owners/operators, perhaps the most interesting parts of the MiFID regulation are the requirements surrounding record keeping, trade reconstruction and surveillance. Investment firms must keep a record of all services, activities and transactions ‘in a readily available manner that cannot be modified or deleted’ for a period of five years. These records include email, instant messaging, telephone conversations and documents – even if they do not lead to a transaction.
This record-keeping requirement thus places heavy emphasis on the development and use of order management systems to ensure pre- and post-trade transparency reporting, UTC clock synchronisation and time stamping, compliance and surveillance checks, transaction and best execution reporting, as well as more general record keeping and trade reconstruction.
It’s worth quoting just a couple of paragraphs from an EC Explanatory Memorandum on regulatory technical standards for the level of accuracy of business clocks, to give just a flavour of how detailed, and complex, the MiFID requirements promise to be:
“Operators of trading venues and their members or participants shall synchronise the business clocks they use to record the date and time of any reportable event with the Coordinated Universal Time (UTC) issued and maintained by the timing centres listed in the latest Bureau International des Poids et Mesures Annual Report on Time Activities. Operators of trading venues and their members or participants may also synchronise the business clocks they use to record the date and time of any reportable event with UTC disseminated by a satellite system, provided that any offset from UTC is accounted for and removed from the timestamp.
“Operators of trading venues shall ensure that their business clocks adhere to the levels of accuracy specified in Table 1 of the Annex according to the gateway to gateway latency of each of their trading systems. Gateway to gateway latency shall be the time measured from the moment a message is received by an outer gateway of the trading venue’s system, sent through the order submission protocol, processed by the matching engine, and then sent back until an acknowledgement is sent from the gateway.”
In simple terms, investment organisations need to be operating to a common, standard and centralised time clock. And they need to be able to time stamp transactions down to the microsecond level. Theoretically, this means that there can be no time-related discrepancies in any investment transaction. (Writers of detective fiction will be relieved to know that UTC will not be introduced into the world of crime, so they can still have their felons wind back clocks and watches to try and mask their dark deeds!).
On a more serious note, there’s little doubt that the arrival of MiFID places a huge responsibility on the compliance and record keeping activities of many financial organisations. And it doesn’t require much imagination to realise that where there’s record keeping, there’s going to be large quantities of new data that need to be stored securely, accessed quickly and, whisper it quietly, maybe even deleted after the required five years.
So, the spotlight is very much on the data centre. Reliability, flexibility, speeds, feeds and security are about to become just that little bit more important. Maybe it’s a step too far to trust someone else with such sensitive data, but it could be that some of the less critical IT in your own facility could be moved elsewhere to make room for the required MiFID infrastructure. Or maybe your organisation will be taking advantage of one or more of the burgeoning MiFID Professional Services offerings, where a degree of flexibility as to what data is held where could well be a part of the offered solution?
The (UTC) clock is ticking. Make sure that you stamp your authority on your organisation’s MiFID project, before time stamping, Actionable Indications of Interest, Approved Publication Arrangements, IBIAs, COFIAs, SSTIs, LISs, LEIs, RMs, MTFs and OTFs become the stuff of nightmares.