The New Year may have just begun but it is only ten months until a key EU directive will come into force. MiFID or Markets in Financial Instruments Directive is a EU directive which must come into effect across the EU by November 2007. It will profoundly affect outsourcing arrangements within the financial services sector in Europe. The deadline for implementation approaches fast but at the same pace so the window for first-mover advantage disappears.

MiFID addresses the conduct of business and approach to operational risk of investment firms - including banks, insurance and pension providers and other financial services institutions – which operate within the EU. MiFID is explicit in addressing and will directly impact upon the provision of outsourced services to such investment firms, whether those services are provided from within or outside of the EU.

In the UK, nearly all Statutory Instruments bringing MiFID into UK domestic legislation have been published; the Financial Services Authority (“FSA”) in the UK is in full swing in its substantial changes to its Handbook and Guidance, including the Conduct of Business Rules. Whilst an increasing amount of print is being devoted to MiFID, only a few investment firms and even fewer service providers have properly begun to address the effect MiFID will have on their businesses.

The Legislative Background

MiFID is one of the pillars of the European Union’s Financial Services Action Plan which is designed to create a single European market for financial services together with other key directives. These include the Market Abuse Directive, Prospectus Directive and the Capital Adequacy Directive which will address Basel II. Originally intended to focus upon the regulation of securities, the scope of the Plan has substantially widened banking, insurance and pensions businesses.

MiFID is intended to replace the current Investment Service Directive when it comes into force in November 2007. Unlike that directive, MiFID in explicit in addressing the role and management of outsourcing within the financial services sector. But leaving aside those explicit references to outsourcing , MiFID will impact more generally upon the provision of specific services to financial institutions at both a compliance level and an organisational/strategic level. It may sound crass, but don’t just read the bits which say outsourcing; MiFID’s effect on outsourcing in the FS space is goes far beyond the few sections that contain the word “outsourcing”.

In February last year, the Commission published its draft Level 2 measures for MiFID. These measure put substantial technical and operational detail around the text of the original draft directive. By now EU member states should have produced draft domestic legislation to implement MiFID – the UK has now published most of the draft legislation but many members states are far behind. As with so many aspects of Community law, deadlines fall but the Commission is clear that the November deadline for implementing MiFID remains.

Key Provisions effecting Outsourcing Relationships

The key provision of MiFID for the outsourcing world is Article 13(5):

“An investment firm shall ensure, when relying on a third party for the performance of operational functions which are critical for the provision of continuous and satisfactory service to clients and the performance of investment activities on a continuous basis, that it takes reasonable steps to avoid undue additional operational risks. Outsourcing of operational functions may not be undertaken in such a way as to impair materially the quality of its internal control and the ability of the supervisor to monitor the firm’s compliance with all obligations”

The Level 2 measures provide more detailed and practical guidance on how they envisage Article 13(5) should be implemented, including:

In many ways, these requirements may be seen as being no more onerous than general market practice. Indeed, for those used to UK regulation, much of this goes no further and has already been addressed by the FSA. But MiFID does go further and is more prescriptive.

It requires that a service provider be “effective” and that the investment firm assess such effectiveness. On a simple reading, that could be read as the usual raft of service levels and other quality mechanisms. But what is “effective”. In the UK, with the FSA moving from detailed rules to a principle-based regulatory regime, definitions are less likely to be forthcoming and compliance potentially harder to assess.

A second prong of MiFID which is more detailed and, arguably, more onerous is the requirement that an investment firm retain internal expertise to supervise the outsourced function. This drives towards the implementation of effective and properly skilled vendor management teams within financial services institutions which outsource functions.

There is an additional requirement if an institution outsources any aspect of its asset management function for retail customers to a service provider in a country outside the EEA. The investment firm must ensure that:

For example, if a service provider in India provides back-office functions for the asset management part of a retail bank in London which is regulated by the FSA, then the service provider will need to enter into an agreement with the Reserve Bank of India to provide a mechanism for supervision. The practical effect of such a requirement is far from clear and it appears to be a rather passive form a regulation. However, if the service provider does not subject its self to prudential regulation then, on the basis of the current draft of MiFID, the regulator of the bank will not permit the outsourcing.

Outside the scope of this article are the core provisions of MiFID which deal with conduct of business. For example, there are new rules concerning the ‘best execution’ when processing securities transactions. MiFID requires that all reasonable steps are taken to obtain “the best possible result for the client”, not only in terms of price but also timing. For service providers who provide securities processing functions to financial institutions, it will be crucial that they review and adapt their technology to take account of such requirements.

The Effects of MiFID

Many commentators believe that MiFID will lead to consolidation amongst smaller or medium size financial institutions in order to reduce and share additional regulatory costs. In order to comply, investment firms will need to front load costs in order to be compliant in November but how will those costs be dealt with between providers and procurers of FS outsourced services?

As part of their overall risk management strategy, financial institutions will have to develop specific risk management plans in relation to their outsourced functions. Such plans have to be dynamic and not only assess risk on execution of an outsourcing deal but create a framework for the continuous monitoring, assessment and management of risk arising from all outsourcing relationships.

MiFID substantially empowers regulators of financial service institutions in the EU in their ability to influence intended outsourcing relationships before they are agreed between the parties.

For those intending to enter into an outsourcing relationship in the financial services sector, there will be a renewed focus upon service levels and, more generally, upon reporting and audit requirements. For those currently in outsourcing relationships, the parties will need to focus upon addressing the concerns of MiFID, whether that be through renewal, renegotiation or contract change.

It is crucial for service providers to prepare for the impact of this Directive not only upon existing and intended outsourcing relationships with financial institutions. It is also important that these providers examine structural and operational changes that will be needed within their own organisations.

MiFID will provide a new regulatory challenge for service providers and financial institutions alike but at the same it also opens up new opportunities for the provision of services to specifically prepare for and address MiFID.

MiFID is not merely a compliance issue but also a strategic issue for providers and procurers alike of outsourced services within the financial services sector. In complying with any law or regulation, there are as many solutions as there are compliance officers, lawyers, IT professionals, consultants and more. However, in working towards creative solutions to address MiFID, organisations will need more than ever to take a whole systems approach to their many (disparate) parts.