New regulations – improving or gold-plating Fintech compliance?

From January 2018, new rules and regulations are being introduced covering businesses that provide services to clients linked to ‘financial instruments’ and the venues where those instruments are traded.
The Markets in Financial Instruments Directive II (MiFID II) is an EU directive transposed into the home law of all single-market members. MiFID II imposes new rules designed to “give customers more protection and force greater transparency across everything from fixed income to swaps”, according to the Financial Times. The paper describes it as “the biggest regulatory shake-up of European financial markets in a decade” – and a much-delayed reaction to the 2008 financial crisis.
MiFID II’s goals are to achieve a shift in trading towards more structured marketplaces, to improve execution, encourage orderly trading within markets and provide consumers with lower and more explicit costs of trading and investing.
Not only will MiFID II have an impact on firms’ data storage resources to support this new, deeper reporting but the same will also have implications for the security of that storage.
MiFID II significantly updates current FCA (Financial Conduct Authority) sourcebooks on such activities as the secure recording and archiving of telephone calls with consumers, extending the records of conversations covered to include anyone involved in the chain of a trade, including financial advisers, both human and robotic.
MiFID II stipulates a minimum period of data retention – albeit potentially at cross-purposes to its sister directive, GDPR. MiFID II will affect everyone engaged in the dealing and processing of financial instruments from finance business and their operating models, systems and data to data, people and processes in companies classified as “investment firms” according to Thomson Reuters. The definition of these entities is deliberately wide and vague.
Fintech companies – especially those regulated in an EU home market – are struggling to comply with the new regulations in time for the deadline. Fintech firms big and small are inundated by the scope of change driven by the directive; the immoveable implementation date and the lack of specific detail and guidance on what has to be done and how, at a national and EU-level.
It does not help that a rolling pattern of consultation and discussion of some specific regulations remain under discussion. The UK’s FCA has frequently chosen to ‘gold plate’ EU directives in order to promote the UK as stable and well-regulated location for financial services, adding to the regulatory burden of firms in the UK compared to their counterparts in the rest of the EU.
However, the FCA has published some guidance on its website and a PDF guide to help businesses through what parts of the regulations are relevant to them.  Fintech firms may also sign up for email updates from the FCA.