The latest enterprise risk management news from around the world

A study of IT managers & decision makers and risk & compliance managers within UK financial services businesses has found a lack of preparation and understanding of the requirements of MiFID II legislation, which is due to come into force in January 2018.

A survey for the study, carried out in January 2017 for voice security services company Aeriandi, shows that managers and decision makers within these institutions have little understanding of the severity of potential penalties and are struggling to apply the legislation to their businesses.

Key findings of the survey include:

  • Almost three quarters (73 percent) of risk & compliance managers in the financial sector admit they’re not aware of penalties of up to 5 million euros or 10 percent of annual turnover; 58 percent of IT managers and decision makers are also unaware.
  • 17 percent of risk & compliance managers are unaware that a company could receive a cease and desist order for non-compliance;
  • Almost a quarter of those surveyed (22 percent) say that, although they feel they understand the MiFID II legislation, they are not sure how it applies to their organization;
  • Over a quarter (29 percent) do not yet have the technology or the infrastructure needed in place for compliance;
  • Only 10 percent are currently communicating with partners and suppliers about their preparations for compliance with MiFID II.

The study highlights a concerning gap between general awareness and understanding of the legislation and an understanding of the practical detail, knowledge and planning that is needed to prepare for compliance. 

Understanding of the legislation peaks in firms with 50,001 – 100,000 employees, with 88 percent saying they are totally confident in their understanding of the legislation.  It then falls sharply to 67 percent in organizations with 100,001 – 150,000 employees, and again to 65 percent in companies with 150,001+ employees.

When comparing the responses of IT professionals and those responsible for managing risk & compliance within a business, IT teams have a better overall understanding of the consequences of non-compliance.  62 percent of risk & compliance managers admitted to not knowing a company can be fined up to 5 million euros or 10 per cent of annual turnover, compared to only 42 per cent of IT managers and decision makers.

It would appear however that a countdown to compliance has begun and organizations are now starting to invest time and money in preparations.  30 percent of respondents say that budget has been allocated this year to help with preparations, and over a third (36 percent) report that policy and procedure have now been developed.  

Matt Bryars, co-founder and CEO at Aeriandi, commented: “There appears to be a real lack of detailed knowledge around MiFID II in UK financial services organizations.  With less than a year to go until penalties for non-compliance will kick in, you’d hope that those responsible for delivering compliance – the IT and risk & compliance teams – would have this nailed.  However, for many, preparations are still at a very early stage.

“Ultimately compliance and IT teams will have their work cut out for them.  They’ll need to carry out a detailed risk analysis, mapping out the required processes and procedures required under MiFID II, and then determine task by task if their existing solutions will be adequate or if the organization finds it needs to procure and roll out a new set of tools and supporting processes."

About the study

This study was carried out by research company Opinion Matters on behalf of Aeriandi in January 2017.  It was conducted amongst a sample of 250 professionals working in the UK’s Financial Sector in companies which process payment transactions over the phone and have 1000+ employees.  The sample was split equally between managers with risk/compliance in their job titles and IT decision makers/IT managers

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.