"I keep six honest serving-men (They taught me all I knew);
Their names are What and Why and When
And How and Where and Who."
Or, Some thoughts and comments on implementing MIFID 2 for a buy-side within the specific field of timestamps.
Note that this is not legal advice and should not be relied upon as such.
As the clock ticks down to the implementation date for MIFID 2 many buy-sides are behind the curve on establishing what they must do. In part this is because the delay in implementation has moved the "when". Yet in many cases the "What" is also unclear. But, delay while waiting for complete certainty is arguably a very short sighted, high risk, high cost strategy which is hard to advocate when aware of the impact of not being MIFID 2 compliant.
In essence the regulations are being written in an iterative process, whereby feedback is gathered and further levels of detail added to the regulation.
For timestamps, one way to look at this is in three parts:
Data
In order to timestamp anything there must be
Application
Accurate time delivered to the point of time-stamping is necessary but not sufficient. It's essential that trading applications involved are good citizens and do their part:
The data generated by applications that includes timestamps must be stored in a manner that is secure and which cannot be manipulated after the event. This storage may include a vast quantity of data for a considerable duration. It will have to be retained and made available to audit with a guarantee of reliability.
The questions I put to any firm are:
What is your mitigation strategy if you cannot get legacy in-house or third party software changed in time?
The mitigation I advocate involves non-invasive techniques including packet capture, cleaning, decode, ETL/ELT
Extract from 2015-esma-1464_annex_i_-_draft_rts_and_its_on_mifid_ii_and_mifir.pdf
References:
MiFID II Final report - ESMA
Delay
Guidelines on Transaction Reporting Reference Data Order Record Keeping and Clock Synchronisation
Text of the delegated Regulation
For timestamps, one way to look at this is in three parts:
- Data
- Application
- Storage
Data
In order to timestamp anything there must be
- A source of time delivered to the firm
- Distribution of that time to the points where time-stamping may occur
- Validation that the time distributed is accurate to the source and consistent within the point of time-stamping within the firm
- Demonstrable verification (audit trail) of time such that a regulatory investigation can be satisfied that the timestamps displayed for some date in the past were accurate at that time.
Application
Accurate time delivered to the point of time-stamping is necessary but not sufficient. It's essential that trading applications involved are good citizens and do their part:
- The applications that will create timestamps need to have access to the correct time
- The applications that will create timestamps need to use the correct time
- The data stores used by the applications need to be able to store the correct time
The data generated by applications that includes timestamps must be stored in a manner that is secure and which cannot be manipulated after the event. This storage may include a vast quantity of data for a considerable duration. It will have to be retained and made available to audit with a guarantee of reliability.
The questions I put to any firm are:
- What time sources do you use at present?
- Do you use NTP, PTP or something else?
- What in-house applications do you use, do you have the source code and do you have developers who can modify if required?
- What operating systems do you use? Are you up to date with the latest version?
- What third party applications do you use? Are you up to date with the latest version?
- Can your software vendors guarantee that they will have a tested version ready to implement? Can you implement that version in time? What makes you believe you can?
- How many datacentres do you have?
- How many business analysts are on your MIFID 2 project team?
What is your mitigation strategy if you cannot get legacy in-house or third party software changed in time?
The mitigation I advocate involves non-invasive techniques including packet capture, cleaning, decode, ETL/ELT
Extract from 2015-esma-1464_annex_i_-_draft_rts_and_its_on_mifid_ii_and_mifir.pdf
|
Type of trading activity
|
Description
|
Maximum divergence from UTC
|
Granularity of the timestamp
|
|
Activity using high frequency algorithmic trading
technique
|
High frequency algorithmic trading technique.
|
100 microseconds
|
1 microsecond or better
|
|
Activity on voice trading systems
|
Voice trading systems as defined in Article 1(7) of RTS transparency
requirements in respects of bonds, structured financial products ect..
|
1 second
|
1 second or better
|
|
Activity on request for quote systems where the response requires
human intervention or where the system does not allow algorithmic trading
|
Request for quotes systems as defined in Article 1(6) of RTS 9
transparency requirements in respects of bonds, structured financial products
ect..
|
1 second
|
1 second or better
|
|
Activity of concluding negotiated transactions
|
Negotiated transaction as defined under Article 4(1)(b) of Regulation (EU) 600/2014
|
1 second
|
1 second or better
|
|
Any other trading activity
|
All other trading activity not covered by this table.
|
1 millisecond
|
1 millisecond or better
|
Comments
Post a Comment