LONDON, 13 February 2018 – NEX Regulatory Reporting announces today that during the rollout of MiFID II, it successfully launched its short code identifier service the ‘Industry Standard Common Identifier’ (“ISCI”) to help market participants meet their MiFID II requirements while simultaneously protecting the data of individuals.
Under MiFID II, market participants are obligated to include the personal data of the decision maker and/or client responsible for the execution of the transaction in their reports so they can be identified by the regulator. They must also ensure the provision and storage of sensitive natural persons’ data is done in a secure and effective manner. ISCI enables firms to manage these requirements while also meeting future GDPR requirements (from 25 May 2018) which dictate that personal data should be kept in an identifiable format for no longer than necessary and be anonymised if retained.
ISCI is a venue- agnostic, highly encrypted service where personal identifier information (PII) can be uploaded either via the HTML 5 interface or over SFTP connection allowing for integration with internal HR or middle office systems. The inputted data is validated against ESMA standards as part of the upload process to ensure compliance. ISCI protects PII data (required by RTS 22) until the last point of the process before a transaction is enriched with decision maker detail. Alternatively, if firms are subject to the MiFID II obligation to maintain order records (required by RTS 24) information is held securely until order records are required to be presented to the regulator.
Personal data is stored in an encrypted ‘vault’ and data protection is guaranteed through the highest levels of security available including AWS Key Management Services for encryption and Okta-provided multifactor authentication. Access to data is granted on a ‘need to know’ and ‘least privilege’ basis, is monitored, and fully auditable.
In preparation for MiFID II, approximately 140,000 individual short codes (traders and algorithms) representing 2,140 individual LEIs (firms) were uploaded to ISCI from member firms, for the purposes of transaction reporting and order record keeping. Firms benefit both from a significant reduction of the workload required to provide and update data to multiple sources, and the need to continually reconcile against their internal systems as people join or leave their organisations.
Collin Coleman, Head of NEX Regulatory Reporting, said: “Providing a secure data repository for personal information that can be used by the entire market will reduce the data management and storage costs for all involved and ensure that the data has been validated to meet all regulatory standards. We’re also enhancing data protection by investing in highly sophisticated data security.”
Julien Lee, Head of Architecture, TP ICAP, said: “MiFID II is big enough challenge for firms without the introduction of GDPR. By connecting to ISCI, we have not only future-proofed our MiFID II solution against the upcoming regulation, but those of our member firms as well.”