Mifid II: An organisational checklist

Earlier this week, the European Commission released its latest list of delegated acts for Mifid II. Here, The Trade has summarised the key areas of which businesses need to be aware.

In May, The Trade will be holding a series of events in London, Paris, Frankfurt and Stockholm, examining the key issues buy-siders need to consider in their MiFID II planning. For more details and to register, click here, but in the meantime here's our checklist of the top issues revealed in the European Commission's delegated acts so far.

High Frequency Trading

  • Firms sending two messages a second, trading one instrument on European markets will be considered high frequency traders from 2018.
  • Alternatively, firms sending four messages per second across all instruments will also be considered high frequency traders.
  • HFT firms must store trading algorithm details for five years (minimum).
  • HFT firms that are a member of an exchange must be authorised by the national regulator.


Market Data

  • The price of market data needs to be commensurate with the cost of producing and disseminating it – plus a ‘reasonable’ margin.
  • These production costs need to include any “appropriate share” of joint costs for other services provided by APAs and CTPs.
  • Data providers will have to disclose price lists and percentage of revenue earned from data sets.


Systematic Internalisers

  • Companies executing client orders on their own account equivalent to 0.4% (or more) of the total average daily volume of a stock over six months will be expected to register as a Systematic Internaliser.
  • For bonds, client orders need to be 2.5% or more.
  • For structured finance, client orders need to exceed 4%.
  • For derivatives, client orders need to be 2.5% or more.



  • Firms must monitor their exposure to risk and have a policy to detect any risk of the business failing.
  • Compliance teams need to operate independently.
  • Every year (minimum), compliance team to produce a report to the ‘management body’ on risks identified from customer complaints.
  • Compliance teams must be given the ‘necessary authority’, resources, expertise and access to any relevant information. It does not stipulate who decides what is ‘relevant’ information.
  • Compliance pay and bonuses should not compromise objectivity.


Risk management

  • Firms must have a way of quantifying the level of risk that they can withstand and draw up policies identifying key threats.
  • Firms shall have a risk management function, which operates independently.
  • Every year (minimum), risk management team to produce a report to the ‘management body’, which also details any corrective actions.


Internal audit

  • Firms should have an audit plan, which monitors systems and controls.
  • There should be individuals responsible for internal audit who are separate and independent from other functions in the business.
  • Internal audit should issue recommendations in a report at least every year.


Senior management

  • Senior management need to periodically review the effectiveness of the above policies to address deficiencies.
  • Specific responsibility for each of the above requirement areas should be allocated to a member of senior management. The responsibility should be documented and a record kept.
  • Senior management must be aware of any remedial measures that have been taken as a result of problems discovered by the audit, risk or compliance teams.
  • There should be a ‘supervisory function’ within the firm that keeps watch over the senior management.


Complaints handling

  • Firms must have clear procedures for handling complaints – not just from clients but potential clients also.
  • The complaints management policy should be up-to-date and endorsed by management.
  • Clients and potential clients should be able to complain free-of-charge.
  • A ‘complaints management function’ should be established at all firms.
  • This individual/team should keep a log of complaints data for the compliance team.


Pay and bonuses

  • Companies must have remuneration policies that keep in mind clients’ interests and ensure they are treated fairly.
  • Remuneration policies must not create a conflict of interest for a person to favour their own interests over a client’s.
  • Senior management are responsible for the day-to-day remuneration policy and monitoring compliance risks relating to the policy.
  • Pay structures should not be based purely on quantitative commercial criteria and should include metrics on regulations, client treatment and quality of service.
  • There should be a balance between fixed and variable remuneration components.

Personal transactions

  • Firms shall put in place arrangements to prevent people making personal transactions based on the misuse of confidential information.
  • Company employees must not disclose delicate information to others, knowing that they or one of their associates would enter into a financial transaction benefitting them.
  • Firms must ensure they chart and record personal transactions of staff.
  • Outsourced firms must keep records of their staff’s personal transactions.



  • Firms who outsource important operational functions are still liable for all regulatory obligations.
  • Firms must be able to prove their outsourcing partner has the ability, capacity and resources to meet all regulatory obligations.
  • The outsourced firm must be able to show it has established methods for assessing its own standard of performance.
  • Firms must ensure overseas outsourcing partners are authorised or registered in their home country and that a co-operation agreement exists between the regulator of the firm and the regulator of the outsourced firm.


Conflicts of interest policy

  • Firms must have a conflicts policy which is appropriate to the size of the company.
  • The policy must clearly identify what constitutes a ‘conflict of interest’.
  • The policy must include considerations on remuneration as outlined in the pay and bonuses section above.
  • Senior management need to review the conflicts of interest policy at least once a year.
  • Companies should not ‘over rely’ on employee disclosure of conflicts of interest and any attempt to do so will be frowned upon under Mifid II rules.


Investment Research / Communications

  • Research and communications staff should not trade in a personal capacity on the basis of knowledge obtained from corporate financial research.
  • Chinese walls should exist between research analysts and other persons in the business that may become conflicted by learning of research findings.
  • Financial analysts should not accept financial inducements.
  • Financial analysts should not promise favourable coverage.
  • Those outside of the research team should not be permitted to review a draft of investment research prior to publication.