Most institutions will currently find themselves in the middle of this phase, having taken an initial knee-jerk reaction to impending regulation or remediation of an infraction. The planning team has set out implementation goals and over a phase of many months the systems and surrounding processes will be put in place to conform to the new requirements. It is vital that any decision rights, accountabilities and authorities are established at the start, rather than half way through a process when a challenge arises.
Given the typically long timeframe for this development cycle, it is important to establish plans with full knowledge of the regulatory requirements and to ensure a regular review with the a relevant industry (regulatory) expert. Details and timings can often change mid-cycle, so ensuring the plans remain aligned to both the strategy and subsequent regulatory changes will save time and money in the long run.
The surrounding development work is normally in IT speak; a 'non-trivial' development plan. Often the work has had to start before the final regulatory outcome is completely defined. For instance, preparation for the investor protection elements of MiFID will require funding approval and planning to be taking place in 2015 for any chance of having the IT infrastructure ready for launch ahead of January 2017. The development starts before the final technical rules have been finalised by the authorities. Whilst the wider outcome is well understood, the finer details may not yet be set in stone. As institutions review preparedness today, the degree to which the initial two phases (strategic planning and implementation planning) were consciously managed, combined with the regular review step, will often affect the relative success of the outcome. Taking a step back to the first stage to undertake a strategic review is often a sensible idea, if only to ensure that the development plans will deliver on what has now become the expected outcome. Considering that applications for new regulatory approval (think MTF, OTF, SI etc...) need to be in by July 2016, time is short!
MiFID II planning is exactly at this stage. The RTS are just now nailed down in general, and with FX being declared illiquid as an asset class, pending more data gathering, the wider scope is less than certain. Yet if an institution waits for final definition of these rules they will have less than a year to budget, plan and implement the broad set of solutions that will be necessary for compliance.
Many of the details may not be finalised, however the thrust is often well understood and preliminary planning, if not actual development can take place. Two examples would be:
Client name capture.
The name of the client must be captured at the time of trade as part of the trade ticket details alongside trader name, and input accordingly. Whilst the additional name field itself may be a simple thing, capturing the data in a process-oriented way that will guarantee 100% surety of compliance is certainly not.
Client appropriate marketing - and proving it.
Any marketing will have to be directed to clients on a specific basis that ensures the material is appropriate to their risk appetite, maximum appropriate potential loss and investment understanding, to name but a few criteria. Having them sign a piece of paper declaring an understanding will not begin to cover the business liability. Once a trade is executed, the institution must be able to recall all touchpoints from initial marketing to settlement, including phone conversations - and link any of those touch-points into the trade life-cycle... database nightmare....
Budget and planning have to start early in 2015 if not already started. Any delay risks significant penalties down the road - with the original rush to catch up that took place when the first MiFID was implemented highly unlikely to be acceptable to the authorities.