There are a number of new and updated regulations coming into place in 2018, leading many businesses to seriously reconsider their approach to data security and how they manage sensitive data. We have heard plenty about the GDPR (General Data Protection Regulation) that will replace the current Data Protection Act, but there is another 2018 regulation that firms in the financial services industry must also consider: the Markets in Financial Instruments Directive II (MiFID II). The new regulation will come into place as early as 3rd January 2018, meaning that businesses in this industry must act as soon as possible to ensure that they are compliant.
MIFID II For Dummies – Who does MiFID II affect and how?
The Markets in Financial Instruments Directive II (https://www.fca.org.uk/markets/mifid-ii) affects all businesses that provide investment services and activities. The regulation affects dealing, broking, asset management and advisory services of all types, whether these services are provided by banks, non-banks or other service providers. As a result, this means that investment firms, market operators, data service providers, third-country firms providing investment services and central counter-parties must all comply with the rules set out in the new directive.
The MiFID II regulations stipulate that, if a business provides customers with any type of financial advice over the phone, whether this involves making transactions, or simply recommending a product, they must record these calls. Any face-to-face meetings must also be formalised and have minutes taken, recording all transactions which take place.
How can businesses ensure compliance?
There are a number of things businesses can do to ensure they comply with MiFID II:
- Reconsider their business framework- Firms will need to reconsider the products they offer, how they make these available to clients, and how they interact with them.
- Changes in technology- MiFID II means many businesses will need to update the technology they use in order that it complies with the directive’s regulations. Firms must ensure transparency when it comes to their client database, customer portals, trading activities and post-trade reporting. Technology will also need to be accurate for the recording of costs and charges and will need to be able to provide full disclosure.
Establish a framework to coordinate activity- The main basis of MiFID II is data, and requires firms to understand their data, record it, report it and store it responsibly. However, as the GDPR must also be considered, firms will also need to ensure the quality, availability and transparency of data.
What will happen to old data and technologies?
Updating data and technologies to comply with the new regulations means that businesses need to consider the correct disposal of their old end of life technology. Failure to do so could result in a data breach, but it is possible to avoid this. To ensure complete transparency, the directive requires this disposal to take place in one central location. Ideally, businesses should seek help and guidance from an accredited ITAD team, who will be able to provide a guarantee for the safe management and disposal of their end of life data and IT assets. To comply with the GDPR, businesses will also need to obtain proof of a chain of custody, which proves that old data bearing assets have been disposed of securely and responsibly.
Though the implementation of new regulations can be stressful, businesses should avoid the mindset that new rules are a burden. The worry of compliance should be outweighed by the view that these regulations are an opportunity for firms to offer the highest level of security and best service possible to their clients, at the same time as updating and improving business infrastructure which may have otherwise been left untouched. As with all new regulations, the sooner you embrace the changes that ensure compliance, the better.
If you have any further questions about how to dispose of data bearing assets securely, please do not hesitate to get in touch with EOL IT Services, the UK’s most accredited IT Asset Disposal Company. Contact us today on 0845 600 4696 or visit https://www.eolitservices.co.uk/services/it-asset-disposal/ to find out how we can help you dispose of your data safely and reliably.