What does MiFID II mean for Alternative Finance Platforms?

By James Hogbin on Tuesday 12 December 2017

Alternative Lending

With the impending launch of MiFID II looming in January 2018, platforms are going to have to adjust to the new regulations rapidly

With the impending launch of MiFID II looming in January 2018, alternative financial platforms are going to have to adjust to the new regulations rapidly. 

For those that are smaller in size, the rules on research payments, data security and monitoring, and marketing regulations could cause significant issues, both in cost and in management time.
In short, the second Markets in Financial Instruments Directive is a revamped version of the original MiFID, a framework of EU legislation that will now apply to all regulated financial firms. The update is designed to foster greater security and transparency around pricing in the European investment market, while offering greater protection for investors.

Primarily, the rules will force asset managers to separate out the cost of paying for the research they use to make investment decisions, a process also known as “unbundling”, ending the opaque system of managers receiving research at a discount in exchange for trades. Most of the large asset management firms have chosen to absorb the cost of research into their own profits, rather than charge it out as an additional fee to investors, but those that are smaller might find themselves having to raise fees to drum up the extra cash.

The New Data Rules

Going deeper into the Senior Management Systems and Controls (SYSC) rules, which are applicable to all regulated financial firms regardless of size, MiFID II will be placing stricter surveillance requirements on internal and external communications and data management processes. In the first instance, the FCA may require all calls, including mobile and landline, as well as online communications such as webmail, LinkedIn and WhatsApp, to be recorded, monitored and archived for five years, if they could possibly be related to the marketing of a product or service or be part of an investment transaction.

The large majority of firms in the alternative finance sector, whether that’s digital banking, peer-to-peer lending or digital wealth, are now highly automated, utilising chat bots, mobile apps and form interactions to conduct most of their customer communication. Luckily for them, it’s highly likely that all of this information is already being archived, and therefore the expansion of the retention rule from three months to five years isn’t going to prove too costly or difficult to implement.

What’s more important to note is that MiFID II will now require these firms to monitor the data that’s going into those archives. This means that all regulated financial firms will now have to construct systems which require a human who is educated in compliance to sample the data being stored, and confirm that there’s nothing suspicious going on. Any phone calls made will have to be transcribed and monitored before they go in the vault, as well as every email, instant message or chat bot conversation. Before it was good enough just to save the information, but now you have to surveil the contents.

Potential Pitfalls in Marketing and Comms

When it comes to web communications, MiFID II’s marketing regulations are going to make things a bit more challenging. It’s always been the rules that all communications relating to a potential sale of a product or service with an outside person should begin with a disclaimer that states the body’s regulatory status and how you can contact them. However in the digital world, this has rarely been implemented outside of an email footer. As the FCA begin to crack down on marketing communications, alternative finance firms are going to have to think about how these disclaimers can be incorporated into a chat bot conversation, a LinkedIn or Facebook message, or even a tweet.
Finally, all of a firm’s internal data is going to become monitored and will require extra security under MiFID II. For example, no plain username and password web-based services for employees, such as webmail, Dropbox or Gmail, will be good enough unless secured with Multi-Factor Authentication. 

Few internal conversations will be out of the scope of marketing communications or investment chain regulations. The fact is that unless you can archive the messages your employees are sending over Facebook, Twitter, LinkedIn or using their personal webmail, you will not be allowed to use those systems on site, on a smartphone or at home as a regulated entity. Platforms like Whatsapp and Telegram, even just for personal use, are absolutely forbidden because the messages being sent and received are encrypted, and therefore 
cannot be archived. 

So there you have it, a breakdown of what MiFID II will mean for those in the alternative finance space. Best practice has always been, “if you can’t archive it, you shouldn’t have it”, but now supervision of data has been included to strengthen the rule. In addition, firms are going to have to be more focused on data security, as well as ensuring they meet stringent regulations on sales and marketing. As we enter the next phase of the digital era, compliance is beginning to make its mark.

What are three things you should make sure you do tomorrow?


What are three things you should keep in mind for the future?


Look at how you archive data: You need to be able to hold five years’ worth of information, and for it to be easily retrievable for an investigation.



As the implementation date of the General Data Protection Regulation (GPDR) is fast approaching, you’ll need to make sure you’re protecting data correctly, and that the policies you have around data management are embedded in your day to day.


Think about how you’ll surveil your data: noting down potential buzzwords could help shorten your workload, as well as hiring an in-house or virtual compliance officer.



Think about how you’ll go about disclaiming & archiving short form communication messages, like Twitter direct messages, as well as monitoring & preventing your employees’ use of encrypted platforms like Whatsapp.


What voice calls and web communications should you record, and how will you monitor them? Take a look at where you might get caught out in the new marketing regulations.



With the arrival of Artificial Intelligence that learns on the job, how will you regulate that AI to make sure it stays compliant? There’s only so much a compliance officer can do to supervise an AI chatbot.

James Hogbin is Director at IP Sentinel
James can be contacted at james@ip-sentinel.com
IP Sentinel have a unique insight into the why’s and how’s of IT Systems, based on their experience in building services and support for a wide variety of firms both in terms of size and strategy.
Find out more at www.ip-sentinel.com 

Sign up for our newsletters

Your daily 7am download of all things alternative finance and fintech.

Fintech and alternative finance headlines with an exclusive Editor's Note each week. Delivered Monday at midday.

AltFi's new weekly US newsletter breaking down the ins and outs of America's burgeoning fintech sector. Delivered Monday 9am EST/ 6am PST.

Companies in this Article:

IP Sentinel
Financial Conduct Authority

People in this Article: