MIFID 2, Timestamps and Rudyard Kipling

"I keep six honest serving-men (They taught me all I knew);
Their names are What and Why and When
And How and Where and Who."

Or, Some thoughts and comments on implementing MIFID 2 for a buy-side within the specific field of timestamps.
Note that this is not legal advice and should not be relied upon as such.
As the clock ticks down to the implementation date for MIFID 2 many buy-sides are behind the curve on establishing what they must do.  In part this is because the delay in implementation has moved the "when".  Yet in many cases the "What" is also unclear. But, delay while waiting for complete certainty is arguably a very short sighted, high risk, high cost strategy which is hard to advocate when aware of the impact of not being MIFID 2 compliant.
In essence the regulations are being written in an iterative process, whereby feedback is gathered and further levels of detail added to the regulation.
For timestamps, one way to look at this is in three parts:
  • Data
  • Application
  • Storage
What does this mean?

In order to timestamp anything there must be
  • A source of time delivered to the firm
  • Distribution of that time to the points where time-stamping may occur
  • Validation that the time distributed is accurate to the source and consistent within the point of time-stamping within the firm
  • Demonstrable verification (audit trail) of time such that a regulatory investigation can be satisfied that the timestamps displayed for some date in the past were accurate at that time.
Or, as the late, great President Reagan said in Reykjavík "Доверяй, но проверяй - "Trust, but verify"
Accurate time delivered to the point of time-stamping is necessary but not sufficient.  It's essential that trading applications involved are good citizens and do their part:
  • The applications that will create timestamps need to have access to the correct time
  • The applications that will create timestamps need to use the correct time
  • The data stores used by the applications need to be able to store the correct time
The data generated by applications that includes timestamps must be stored in a manner that is secure and which cannot be manipulated after the event.  This storage may include a vast quantity of data for a considerable duration. It will have to be retained and made available to audit with a guarantee of reliability.

The questions I put to any firm are:
  • What time sources do you use at present?
  • Do you use NTP, PTP or something else?
  • What in-house applications do you use, do you have the source code and do you have developers who can modify if required?
  • What operating systems do you use? Are you up to date with the latest version?
  • What third party applications do you use? Are you up to date with the latest version?
  • Can your software vendors guarantee that they will have a tested version ready to implement? Can you implement that version in time? What makes you believe you can?
  • How many datacentres do you have?
  • How many business analysts are on your MIFID 2 project team?
Beyond that is the controversial question:

What is your mitigation strategy if you cannot get legacy in-house or third party software changed in time?

The mitigation I advocate involves non-invasive techniques including packet capture, cleaning, decode, ETL/ELT

Extract from 2015-esma-1464_annex_i_-_draft_rts_and_its_on_mifid_ii_and_mifir.pdf

Type of trading activity 



Maximum divergence from UTC

Granularity of the timestamp

Activity  using  high frequency algorithmic trading technique  

High frequency algorithmic trading technique.

100 microseconds

1 microsecond or better

Activity on voice trading systems

Voice trading systems as defined in Article 1(7) of RTS transparency requirements in respects of bonds, structured financial products ect..

1 second

1 second or better

Activity on request for quote systems where the response requires human intervention or where the system does not allow algorithmic trading

Request for quotes systems as defined in Article 1(6) of RTS 9 transparency requirements in respects of bonds, structured financial products ect..

1 second

1 second or better

Activity of concluding negotiated transactions

Negotiated transaction as defined under Article 4(1)(b) of  Regulation (EU) 600/2014

1 second

1 second or better

Any other trading activity

All other trading activity not covered by this table.

1 millisecond

1 millisecond or better