Call Accounting Featured Article

MiFID II is Here; GDPR Springs Up in May

March 02, 2018

So many regulations, so little time. So much complexity, so many questions.

The regulations we’re referring to in this case are MiFID II and General Data Protection Regulation. GDPR and Markets in Financial Instruments Directive II affect organizations doing business in the EU.

GDPR is supposed to kick in on May 25. MiFID II officially took hold in January.

And now, some folks are suggesting the two regulations may come into conflict. But in the piece at this link, the author ultimately concludes that while these requirements may seem at odds, “with the right interpretation, technology, and processes” compliance “shouldn’t cause too much stress….”

Uh, OK.

In any case, here are the basics of what we know about GDPR and MiFID II today.

MiFID II applies to the EU efforts of financial services organizations. It requires them to record all conversations related to financial transactions. This applies to both personal- and company-owned mobile devices. And it requires those affected to hold on to those records for five years.

Although Jan. 3 was the MiFID II deadline, there may be some wiggle room on that. And there is still confusion about this new regulation, as is so often the case.

Reuters in September reported the following comments by Mark Steward of Britain’s Financial Conduct Authority. “[W]e have no intention of taking enforcement action against firms for not meeting all requirements straight away where there is evidence they have taken sufficient steps to meet the new obligations by the start-date.”

But others, like Deloitte (News - Alert), warn companies that not all regulators will be so relaxed about compliance. (Of course, Deloitte is in the business of offering services related to compliance.)

The goal of GDPR is to standardize data protection regulations across the EU. Thomson Reuters (News - Alert) says “GDPR is arguably the biggest overhaul of data protection rules in two decades.” And it expects penalties for GDPR non-compliance to be severe.

Edited by Mandi Nowitz