November 11, 2015 - In response to the growing regulatory, risk and compliance burden that is being placed on financial institutions, global capital markets specialist, Hatstand announces the launch of its MiFID II Advisory Service and Control Risk Assessment (CRA).
The new advisory methodology breaks down MiFID II into 12 discrete modules, encompassing the different aspects required for complete implementation of MiFID II/MiFIR. Through its service, Hatstand will work closely with organisations to establish which regulations they need to comply with, and by when, to ensure a regulatory change pathway for fulfilment of its obligations for the regulation. The 12 modules include:
- Transaction Reporting
- Record Keeping
- Client classification and other KYC rules
- Evolution of non-equity trading platforms; registering as an OTF
- Product Governance
- Best Execution - Equity
- Best Execution - Non-Equity
- Off the Record (OTR) Messaging/Chat Rooms
- Research Usage Review and impact of unbundling
- Impact Analysis for non-financial companies
- MiFID II Readiness Assessment
To further support this, Hatstand's CRA, a managed self-assessment solution, allows banks and other financial institutions to gain an accurate and comprehensive understanding of regulatory compliance levels around the globe combined with operational, technical and cybersecurity risks. It integrates seamlessly with any business structure to identify risks and gaps across business, IT and production support for all eTrading, Trade and Transaction or Risk reporting flows and information security.
There are three stages to the Control Risk Assessment:
- Stage 1 – an application inventory is first completed, which includes an analysis of in-scope systems, identifying any non-IT owned applications. Here Hatstand carries out an analysis of risk proportional priorities. It also conducts business process flow analysis, mapping out applications to business process flow usage. At this point the company can add client policies or regionally specific regulations not covered in the initial offering
- Stage 2 – Hatstand goes into the management of the self-assessment process, review of self-assessments, management of IT governance peer-review process and subsequent client sign-off of findings
- Stage 3 - includes the creation of regulatory gap/risk analysis, and of remediation plans
Frank Pottle, Associate Director, Hatstand comments, "The pressures of regulatory change on the industry following the 2007-2008 financial crisis have been monumental. This has resulted in stretching compliance, IT and other support functions to the breaking point, as firms scramble to meet with the demanding deadlines. And the message from the regulators is clear: firms need to show good progress towards meeting the deadlines, and should have at a minimum tactical processes in place to meet the requirements backed up by robust planning for strategic solutions.
"Whilst there is still some leeway for banks, by the time MiFID II deadline comes around, they and other financial institutions will run into substantial difficulties if they cannot show that they're either compliant or are taking demonstrable steps to be so. However, the complexity of both the regulation and underlying IT infrastructure means that the chances of achieving compliance by themselves will prove extremely low for many."
The vast majority of financial institutions today do not have adequate controls in place to prevent systemic failure in process or governance, failures which could lead not only to massive fines but also reputational risk, financial risk, even complete business failure. Moreover, they have little, if any, understanding of any legacy operational, technical, or cybersecurity risks to which they might be exposed.
Frank concludes: "The only way financial institutions are going to attain a true risk position is to take control by using true industry experts to build a comprehensive risk profile – of both new and existing risks - through detailed assessment.
"When organisations are able to proactively approach the regulator with a clear, proven risk state and roadmap for achieving compliance, they will not only demonstrate a complete, 100% awareness of the state of compliance, but also demonstrate to the broader political landscape that financial institutions are committed to reducing risk and cooperating with regulators, a fact that could go some way to healing the huge trust gap that continues to hamper effective financial operation."
In addition to MiFID II, Hatstand's Control Risk Assessment can also cover operational, technical and information security risks relating to: BaFin MaRisk, BaFin 07/2012, BaFin 06/2013, BCBS 239, Dodd-Frank EPS, Dodd-Frank Business Conduct Rules (Internal), Dodd-Frank Business Conduct Rules (External), Dodd-Frank Title VII (Trading and Trade Reporting), MAS TRM, SEC Reg SCI, European Directive on Cybersecurity, NIST Cybersecurity and best practices.