Security risks are in danger of being overlooked by Investment firms in the rush for Markets in Financial Instruments Directive (MiFID) compliance according to experts.

Many firms will be late to hit the 1 November compliance deadline, and in complying firms could be failing to build security into record keeping processes.

'As firms get to grips with identifying and storing the vast amounts of information required by MiFID, they need to be mindful that it will expose existing flaws in their security, as well as introduce new threats that they will now have to manage,' said Phil Higgins, executive partner at Brookcourt Solutions.

Research suggests that the cost of MiFID IT implementation, in the UK alone, is set to surpass £1bn, with typical UK investment banks spending upwards of £10m each. 

'While it’s important to implement compliant processes and systems, these also need to be secure,' said PJ Di Giammarino, chief executive of financial services industry think tank JWG-IT.

MiFID presents a major opportunity for IT security & storage vendors and service providers,' said Graham Titterington, analyst at Ovum. 'The main requirements lie in the area of secure, long-term and high-volume storage of information, with audit and reporting functionality built on top of it to allow MiFID compliance to be demonstrated.'

The panel also found that there needs to be a change in mindset inside firms, as many risks come from ‘soft’ factors such as people’s behaviour and attitude.