The Markets in Financial Instruments Directive (MiFID) is an EU law that harmonizes EU regulation of investment services. MiFID’s objectives are to increase competition and consumer protection in investment services. In April 2014 the EU approved MiFID II, which expands the scope of MiFID. It will come into effect January 3, 2018.
MiFID II applies to financial services businesses undertaking MiFID business anywhere in the EU, as well as those providing services cross-border. This includes:
(1) Investment firms;
(2) Trading venues;
(3) Data reporting service providers; and
(4) Third country firms providing investment services or performing investment activities into the EU (either on a services basis or via a branch)
MiFID II Article 16 (6) requires an investment firm to arrange for records to be kept of all services, activities and transactions undertaken by the business, which must be sufficient to enable the competent authority to fulfil its supervisory tasks and to perform enforcement actions.
This includes all communications that are intended to result in a trade even if they ultimately do not.
MiFID II Article 16 (7) states that records must include the recording of telephone conversations or electronic communications and minutes from face-to-face meetings related to the reception, transmission and execution of orders on behalf of clients or on one’s own account. Article 16 (7) also requires records to be kept for a period of 5 to 7 years (depending on the jurisdiction) and states that records must be provided to the client involved upon request.
MiFID II para 57, 82, article 4 (62), article 25 (6) – requires records to be stored in a ‘durable medium’ that allows them to be replayed or copied. Records must be retained in a format that does not allow the original record to be altered or deleted. In addition, records should be stored in a searchable medium to ensure they are accessible and readily available upon request.
‘Durable medium’ is akin to WORM and is defined as allowing ‘the unchanged reproduction of the information stored.’ (Article 4(62)).
Requirements are defined further by the European Commission MiFID II explanatory memorandum.