Go Back

Understanding MiFID II Regulations for the Financial Sector  

Regulatory changes are nothing new in the financial industry. Constantly updated to protect customers as markets evolve and change, the rules often see big, sweeping changes following large failures and previous misconduct. Growing concerns for privacy and security for consumer funds have been the largest impetus for governments enacting new regulatory frameworks for financial markets in the past 30 years. 

The Markets in Financial Instruments Directive (MiFID) is one of these market-changing frameworks that was introduced by the European Union (EU). MiFID II is the latest version and went into effect in January 2018. It helps traders and investors operate in a transparent and fair environment. 

The MiFID II update includes many new requirements for financial institutions, requiring them to maintain compliance for all financial instruments, maintain more information in their records, and ensure availability for review. 

These regulations apply to all financial institutions in the EU, whether the customers they serve reside in the EU or another country. Understanding what MiFID is, its origins, and how it evolved to meet the changing financial market is essential for institutions that need to implement the rules—and with EU regulators imposing millions in sanctions for breaking the rules, you can’t afford to ignore them. 

Background of the MiFID Regulatory Framework 

The MiFID regulatory guidelines were introduced in 2004 and rolled out to the entire EU in 2007. Its goal was to bring together the financial markets in the EU by providing financial institutions with rules to improve consumer protection and increase competition and transparency. 

MiFID also introduced the “best execution” rule. Under this rule, institutions are required to execute an order in the most advantageous way possible for the client, leading to lower transaction fees and faster execution. 

These requirements have made operating in the financial sector more complex—but they also make navigating the markets safer for consumers and increase the transparency of financial services. However, the original MiFID regulations had many flaws, making it less effective in many scenarios. For example, since MiFID focused primarily on stocks, it offered limited visibility into the countless other financial products available. MiFID also left interactions with non-member states up to each individual member of the EU, leading to a competitive advantage for some companies. 

The MiFID II regulations were proposed in 2012 to resolve the issues found in the original framework and came into full effect in 2018. 

Goals and Objectives of MiFID II 

The MiFID II directive aims to expand on the original MiFID to improve transparency, improve investor protections, and ensure fair financial markets for all types of investments.  


  • Requires that financial instruments are only traded on regulated trading platforms, or, in the case of over-the-counter (OTC) trading, transactions adhere to the transparency requirements in MiFID II 
  • Provides a code of conduct and operational mandates for financial institutions 
  • Provides protection for every type of financial instrument 
  • Makes trading data public and transaction information available to regulators 
  • Includes rules to prevent financial institutions from not giving investors the best deal when trading 
  • Requires institutions to record all communications, whether online or over the phone 
  • Offers rules for recordkeeping processes to ensure accurate information and a complete audit trail 
  • Includes monitoring requirements to identify and address any issues 

The MiFID rules, as with all regulations, are also continuing to evolve as the financial industry and the nature of misconduct changes. MiFID II received an update in 2022 to detail rules for tokenized assets like cryptocurrency and other non-fungible products. 

Requirements for Communication Surveillance 

Transparent communication is a cornerstone of a well-run financial sector. It ensures financial institutions stay accountable to stakeholders, regulators, and customers. 

MiFID II lays out guidance for communication surveillance to address some key points. Firms must: 

  • Keep detailed records of interactions that deal with financial transactions, including phone calls, SMS, emails, social media, and online chats 
  • Document and store content of face-to-face conversations  
  • Store data in a secure format that makes it impossible to make changes or gain unauthorized access 
  • Keep communication records in storage for 5 years, with an extended retention period in certain circumstances 
  • Monitor trade activity to find unauthorized transactions or misconduct 
  • Apply mechanisms for quick retrieval of information in full to provide the complete picture of a situation

Best Practices for Implementing MiFID II 

MiFID II is a complex framework, and complying with it is no easy task for financial institutions. But there are many best practices that can make it easier to maintain compliance with the rules. 

Capture All Communications 

One of the most important practices is to ensure all communications are captured, which is difficult to do if employees communicate on personal devices. Whether their employees are on personal or company devices, organizations are required to have surveillance technology to capture the relevant information. 

Keep Records Secure 

Secure recordkeeping is the next part to master. Create access control policies to ensure nobody with unauthorized access can access communication details—only those with the proper credentials can review data and give it to regulators for review. Store data in stable, secure environments, and have backups in place to ensure data stays available for the 5-year retention period. 

Invest in Software Solutions 

Complying with MiFID II also means being able to access and analyze large amounts of data—and with so many additional data points created due to internet activity, it can be a major challenge for many organizations to handle this process manually. 

Invest in software solutions to manage your communication activities. Compliance platforms like Shield. help financial organizations manage communication surveillance using automation and AI for surveillance to help compliance teams manage large numbers of records and efficiently identify misconduct. 

MiFID II Compliance Challenges 

MiFID II offers many advantages to investors, but it also presents challenges to institutions.  

The Sheer Number of Requirements 

Following the MiFID II directive means understanding the many requirements included, how to implement them in your organization, and ensuring you stay in compliance over time. 

Privacy Issues 

Privacy is a common challenge in every technology sector, especially financial services. MiFID II requires financial companies to collect much more information about investors, something that clashes with the EU’s new privacy rules introduced in the General Data Protection Regulation (GDPR). 

Stay Informed on MiFID II Changes and Adapt to Them 

Implementing changes to comply with MiFID II isn’t a one-time process. Regulations will change in the future as the financial industry continues to evolve. Companies must stay updated on changes and adapt to deal with new issues that come with emerging technologies like cryptocurrencies. To stay updated with the latest guidelines introduced by the MiFID II regulatory body, it pays to find trusted sources of information, such as the European Parliament and European law updates

Additionally, make sure that tech vendors you partner with are backed by financial experts in the field who have seen the rise of regulations and can keep their finger on the pulse of changes. 

Stay Compliant with MiFID II 

Financial institutions operating in the EU have many regulatory requirements to meet with MiFID II. They must collect communications about financial topics, store them for the required retention period, and maintain access to audits and regulatory bodies. 

The right communication surveillance platform can make a big difference in meeting all of the requirements of MiFID II. Explore the many features of Shield, and learn how you can use our platform to monitor communications in your institution, manage records, stay proactive in your surveillance operations, and maintain your customers’ privacy. 


Follow Us

Subscribe to Shield’s Newsletter

Capture everything. Deploy anywhere. Store in one place.