The following article was provided to OUT-LAW by Gary Fisher.
While much has yet to be confirmed, content and document management will be a key component of complying with the upcoming Markets in Financial Instruments Directive (MiFID). A European initiative to update investment banking regulations, MiFID aims to create a single market for financial services and reduce the cost of conducting cross-border business – therefore opening markets up to more potential clients. However, with much of the regulatory requirements still under consideration and awaiting approval, and a deadline for compliance of 1st November 2007, it is creating concern among financial organisations.
Any organisation that must comply with MiFID faces potentially considerable changes in business process and practice. Those that will have most impact relate to changes in how financial organisations publish information and retain records. Worryingly for industry commentators and the financial markets in general, research conducted by the MiFID Joint Working Group on IT earlier this year revealed that 60% of respondents still did not know how they were going to tackle many of the publishing obligations that will be enforced by MiFID.
The overall complexity, the number of ‘documents’ to be managed (authorisation, legal, client records, process and tracking, internal resource, information sharing and publication within given frameworks), the tight timescales and no confirmation yet as to final requirements MiFID will demand, is leading to a certain level of trepidation in the finance industry.
Not surprisingly, given the number of documents, records and notes involved in any financial transaction, MiFID’s determination that information should be made more available, and requirements that financial organisations can prove they have provided clients and other parties with certain advisory documents or updates, interest in methods that can automate these processes is high.
Enterprise Content Management or ECM (providing electronic document and records management plus support for the online functions that are now a fundamental part of the finance environment) is one of the solutions under the microscope at present.
However, analysts at TowerGroup predicted earlier this year that an average sized broker will have to spend $22 million on IT alone to meet MiFID’s demands. Clearly the cost of getting any ‘IT’ decisions wrong could be considerable. Also, while an ECM solution can potentially provide the document/records repository, file sharing structure, tracking and automation being sought, a standard ECM solution cannot possibly fit all financial organisations requirements. An ability to tailor to current processes, adopt industry or organisational language and terminology and support specific and possibly unique structures is critical, and all in a dynamic environment where the change is a constant.
So what I am about to say will hopefully make some sense, even if it does seem shocking coming from a company that ultimately provides technology-based solutions. MiFID should not be seen as an IT project – to do so is to invite disaster. MiFID is a piece of legislation. That makes it a business process problem, but one that uses IT as a key enabler.
As with any regulation, records management will be a cornerstone of MiFID enforcement. Surprisingly, given the amount of regulation already in place across the finance industry, this could still cause a problem – Working Group research also indicated that only 20% of respondents have a unified data storage strategy. This suggests the data and records are being held across various business units and branch-offices and a lack of any central repository could cause problems, especially with regard to retrieval and fast access to files, let alone guaranteeing accuracy or promptness of disposing of records at the appropriate time.
To comply with MiFID you must not only be able to send or publish required information, and be seen to be complying, but must also be able to prove without doubt that you have complied. So, if a financial organisation cannot prove that it followed procedure in the timescales determined it could still be fined, even if it has actually complied. Without some way of managing information (virtually) in one place, where all actions related to each document, records or insert are recorded and tracked, this could present a major problem.
Tracking when information has been published, by whom, to where and so on, plus methods that enforce the process being tracked are critical. MiFID and other regulations call this ability to prove ‘best practice’ – what it comes down to is accountability – and a financial organisation’s only protection may be the ECM solution it has installed. That alone should make you think twice.
Flexibility should be the watch word for any organisation looking at ECM solutions to support compliance with legislation. ECM can provide an invaluable method of enforcing and proving compliance, but it has to work in a way that is best for the particular organisation so that it does not impact on productivity or reduce effective response times. ECM solutions are most effective when they have all the functionality you require, in one place, but can be tailored to fit your business requirements.
Lastly, MiFID is an ongoing process. November 1st 2007 is a deadline, not a cut-off point. Reporting and tracking processes are going to be critical; and achieving this is something that IT executives will be central to delivering. For financial organisations MiFID presents incredible opportunities, and significant challenges – but complying with the directives on the publishing and sharing of information should not have to be one of them. And if you are keen on installing ECM, which I strongly recommend financial organisations do, a final piece of advice: always try before you buy.
Gary Fisher is CEO of Objective Corporation. The company is exhibiting at Documation UK in partnership with AIIM. The event, at Olympia, London, 18-19 October 2006, will address the latest issues in information management, including web content, email and fax management, document management, records management, storage, business processes and compliance.
