Firms Should Combine MIFID II and GDPR Compliance Efforts

Linda Gibson


Firms should combine MiFID II and GDPR compliance – BNY Pershing

Regulatory expert Linda Gibson has argued that firms should run their compliance efforts for MiFID II and the General Data Protection Regulation in parallel, rather than take a siloed approach.

In the run up to the MiFID II and General Data Protection Regulation (GDPR) compliance deadlines, a regulatory expert has argued that firms should be combining their compliance efforts for the two regulations, or risk doubling their workload.

“Indications suggest that some firms are taking the approach of first focussing on MiFID II and then later on GDPR. Firms think of the commercial impact of the regulation and tend to see GDPR more as a data collection exercise, but the danger is here that you may need to unpick some of the work you have done for MiFID II, for example for on‐boarding clients,” Linda Gibson, director of regulatory change and compliance risk at BNY Mellon’s Pershing, told Global Investor Group.

MiFID II requires firms to increase the amount of data they collect and store; according to some estimates data collection for MiFID I is just 10% of what will need to be gathered from January 3, 2018 onwards. GDPR will require firms to change the way in which they store and process that data.

On Wednesday, four trading venues and the Electronic Debt Markets Association wrote a letter warning European regulators and law maker of contradictions between the need to provide personal information in the MiFID II reporting requirements and privacy regulations.

“In the worst case scenario, the decisions on where you hold and store information for MiFID II could potentially cause conflicts with GDPR,” Gibson said. She urged firms to review how they handle data and what systems are used to retain client information and not run compliance projects in siloes.

“If for example a firm uses a vendor for MiFID II requirements, it is key that they should have a contract in place to make sure there is data security and also service level agreements,” she concluded.

Linda Gibson

Linda Gibson is a Director and Head of Regulatory Change and Compliance Risk at Pershing, an affiliate of Pershing, a BNY Mellon company. Linda has overall management responsibility for reviewing emerging regulations and working with colleagues and clients to anticipate and advise on the impact and opportunities. Linda joined Pershing in 2009 as head of compliance advisory and moved to her current role in 2014.

Linda has more than 20 years' experience in financial services. Prior to joining Pershing, Linda was head of compliance for Penson Financial Services and before that worked at the FCA where she managed a team responsible for all aspects of ongoing supervision for wholesale firms.