Firms subject to the new Markets in Financial Instruments Directive (MiFID) could be facing a collective IT bill of as much as e6bn (£4bn) in order to change systems to meet the new regulations.

But nobody is quite sure for two reasons. First, the final details of how the regulations will apply in the UK won’t be published until 31 January 2007. The consultation process isn’t even finished (see box).

Second, the IT costs that individual firms incur will depend very much on the current state of their legacy systems. Firms that have built some future-proofing into their IT architecture – for example, by using service oriented architecture – have developed common standards and have developed interoperability between systems will find it easier than those whose IT is still stuck in legacy silos.

Are the IT professionals ready for this new challenge? Yes and no.

Positively, a MiFID Joint Working Group is working away to define a series of IT models that will help IT professionals create appropriate new systems in their own firms. The IT services industry is also developing a range of services.

Negatively, a survey of 16 compliance and IT directors at UK banks and investment firms as recently as June found that IT functions “had yet to be fully engaged in MiFID projects”. But the survey in The Banker magazine found that IT professionals realised the impact of MiFID would be “fundamental” and “far-reaching”.

MiFID will apply in all EU countries, although there will be differences of detail in the way the directive is implemented in each. The Financial Services Authority will administer and police the rules in the UK. It’s likely that British regulation will initially be more thorough than in most other European countries, especially new central European accession states.

New landscape

The challenge for IT is that MiFID, which replaces the Investment Services Directive, introduces a completely new landscape for securities trading. Until now, as much as 50% of EU stock trading hasn’t been conducted through stock exchanges – for example, off book dealing between two parties that want to trade shares.

Now, these other trades will need to be treated as systematic internalisers, following the same trading principles as brokers on an open exchange. As a result of this, and a combination of other information gathering and retention rules, some firms may need to store as much as four times the volume of data they currently hold, according to Ash Saluja, partner at CMS Cameron McKenna.

But that’s not the only problem facing IT. MiFID will fundamentally change both workflows and record keeping in most firms affected by the rules. For example, there will be two main categories of client under the new regime – retail and professional – with a separate category, eligible counterparty, for a limited range of businesses.

IT will need to change systems to allow for the fact that boundaries between the categories are not the same as under the current Conduct of Business rules. One effect is that systems will have to allow for more retail clients – where regulatory procedures are stiffest.

Another factor that IT will need to build into systems is best execution – the principle that a financial services firm carrying out a trade for a client must, according to Article 21 of MiFID: “take all reasonable steps to obtain the best possible result, taking into account price, costs, speed, likelihood of execution and settlement, size, nature or any other consideration relevant to the execution of the order”. IT systems will need to hold data that defines which of those – sometimes conflicting – criteria are most important for individual clients and audit trail data to show that trades were completed in compliance with the criteria.

Where next?

How will IT handle all these changes? MiFID gurus suggest that many firms will seek to use a mixture of tailored and bespoke systems together with services provided by third parties. For example, the FSA may approve a number of trade data monitors – IT suppliers authorised to collect and process trading data on behalf of those banks, investment houses or brokers that engage them to do so.

As it becomes clearer what the detailed rules will be, the MiFID Joint Working Group should announce IT operating models for a number of key areas of MiFID admin. These could include:

• Systematic internalisation;
• Post-trade price publishing; and
• Reporting and best execution.

To help firms move towards MiFID compliance, a number of consultants and IT services suppliers, such as Daydream, are announcing compliance implementation management tools and services. There is no question that MiFID represents another big IT challenge for those firms affected.

However, they can tackle it by going back to the basics of good IT management – breaking down the project into logical parts such as data management, process documentation, data warehousing, systems implementation, testing and system integration. Project management skills will be important as well as specialist MiFID implementation skills. Unfortunately, there are already signs that the latter may be in short supply. Says Saluja: “If I was an IT director in an investment bank, I’d be thinking about my budget for next year – because I’m going to need a lot more resources.” n

Peter Bartram