The following article was provided to OUT-LAW by Gary
Fisher.
While much has yet to be confirmed, content and document
management will be a key component of complying with the upcoming
Markets in Financial Instruments Directive (MiFID). A European
initiative to update investment banking regulations, MiFID aims to
create a single market for financial services and reduce the cost
of conducting cross-border business – therefore opening markets up
to more potential clients. However, with much of the regulatory
requirements still under consideration and awaiting approval, and a
deadline for compliance of 1st November 2007, it is creating
concern among financial organisations.
Any organisation that must comply with MiFID faces potentially
considerable changes in business process and practice. Those that
will have most impact relate to changes in how financial
organisations publish information and retain records. Worryingly
for industry commentators and the financial markets in general,
research conducted by the MiFID Joint Working Group on IT earlier
this year revealed that 60% of respondents still did not know how
they were going to tackle many of the publishing obligations that
will be enforced by MiFID.
The overall complexity, the number of ‘documents’ to be managed
(authorisation, legal, client records, process and tracking,
internal resource, information sharing and publication within given
frameworks), the tight timescales and no confirmation yet as to
final requirements MiFID will demand, is leading to a certain level
of trepidation in the finance industry.
Not surprisingly, given the number of documents, records and
notes involved in any financial transaction, MiFID’s determination
that information should be made more available, and requirements
that financial organisations can prove they have provided clients
and other parties with certain advisory documents or updates,
interest in methods that can automate these processes is high.
Enterprise Content Management or ECM (providing
electronic document and records management plus support for the
online functions that are now a fundamental part of the finance
environment) is one of the solutions under the microscope at
present.
However, analysts at TowerGroup predicted earlier this year that
an average sized broker will have to spend $22 million on IT alone
to meet MiFID’s demands. Clearly the cost of getting any ‘IT’
decisions wrong could be considerable. Also, while an ECM solution
can potentially provide the document/records repository, file
sharing structure, tracking and automation being sought, a standard
ECM solution cannot possibly fit all financial organisations
requirements. An ability to tailor to current processes, adopt
industry or organisational language and terminology and support
specific and possibly unique structures is critical, and all in a
dynamic environment where the change is a constant.
So what I am about to say will hopefully make some sense, even
if it does seem shocking coming from a company that ultimately
provides technology-based solutions. MiFID should not be seen as an
IT project – to do so is to invite disaster. MiFID is a piece of
legislation. That makes it a business process problem, but one that
uses IT as a key enabler.
As with any regulation, records management will be a cornerstone
of MiFID enforcement. Surprisingly, given the amount of regulation
already in place across the finance industry, this could still
cause a problem – Working Group research also indicated that only
20% of respondents have a unified data storage strategy. This
suggests the data and records are being held across various
business units and branch-offices and a lack of any central
repository could cause problems, especially with regard to
retrieval and fast access to files, let alone guaranteeing accuracy
or promptness of disposing of records at the appropriate time.
To comply with MiFID you must not only be able to send or
publish required information, and be seen to be complying, but must
also be able to prove without doubt that you have complied. So, if
a financial organisation cannot prove that it followed procedure in
the timescales determined it could still be fined, even if it has
actually complied. Without some way of managing information
(virtually) in one place, where all actions related to each
document, records or insert are recorded and tracked, this could
present a major problem.
Tracking when information has been published, by whom, to where
and so on, plus methods that enforce the process being tracked are
critical. MiFID and other regulations call this ability to prove
‘best practice’ – what it comes down to is accountability – and a
financial organisation’s only protection may be the ECM solution it
has installed. That alone should make you think twice.
Flexibility should be the watch word for any organisation
looking at ECM solutions to support compliance with legislation.
ECM can provide an invaluable method of enforcing and proving
compliance, but it has to work in a way that is best for the
particular organisation so that it does not impact on productivity
or reduce effective response times. ECM solutions are most
effective when they have all the functionality you require, in one
place, but can be tailored to fit your business requirements.
Lastly, MiFID is an ongoing process. November 1st 2007 is a
deadline, not a cut-off point. Reporting and tracking processes are
going to be critical; and achieving this is something that IT
executives will be central to delivering. For financial
organisations MiFID presents incredible opportunities, and
significant challenges – but complying with the directives on the
publishing and sharing of information should not have to be one of
them. And if you are keen on installing ECM, which I strongly
recommend financial organisations do, a final piece of advice:
always try before you buy.
Gary Fisher is CEO of Objective Corporation. The company is
exhibiting at Documation UK in partnership with
AIIM. The event, at Olympia, London, 18-19 October 2006, will
address the latest issues in information management, including web
content, email and fax management, document management, records
management, storage, business processes and compliance.
