MiFID II Readiness

A MiFID II readiness assessment is a structured maturity evaluation that systematically captures the current implementation status of all MiFID II requirements at your institution. The analysis covers six core areas:Investor protection and product governance: Evaluation of target market definition, suitability assessment, client categorisation and product lifecycle management under Articles

16 and

24 MiFID II.Best execution: Review of execution policies, venue selection, monitoring processes and RTS 27/28 reporting capabilities.Cost transparency: Analysis of ex-ante and ex-post cost disclosure, aggregation methodology and presentation formats under Article 24(4) MiFID II.Transaction reporting: Assessment of data quality, field population (up to

65 fields), T+

1 reporting processes and ARM connectivity.Record-keeping obligations: Review of communication recording, documentation standards and archiving systems.Governance and organisation: Assessment of compliance functions, responsibility structures and three-lines-of-defence integration.Each area is evaluated using a maturity model (Level 1–5) that maps the path from minimum compliance to best-in-class.

A MiFID gap analysis follows a three-stage process that typically spans six to eight weeks:Phase

1 – Stock-take (

2 weeks): Structured interviews with compliance, trading, IT, product management and distribution. Document analysis of existing policies, process descriptions and system documentation. Data analysis from existing reporting systems.Phase

2 – Gap identification (2–3 weeks): Systematic comparison of the current state against regulatory requirements at article level. Each identified gap is assessed by compliance risk, business impact and implementation complexity. Cross-functional analysis of interdependencies between different MiFID II areas.Phase

3 – Roadmap development (2–3 weeks): Prioritisation of measures in a multi-dimensional framework. Resource estimation and timeline planning taking regulatory deadlines into account. Development of a modular implementation architecture with quick wins and strategic initiatives.The deliverable is a management report with specific recommendations, effort estimates and a prioritised roadmap.

The MiFIR review and the changes commonly referred to as MiFID III bring significant innovations that require an update of existing compliance structures:Consolidated Tape Provider (CTP): Introduction of a central European data tape for equities and bonds, improving transparency and placing new data requirements on trading venues and investment firms.Expanded pre- and post-trade transparency: Tighter requirements for publishing trade data, narrowing of waivers and new rules for systematic internalisers.Revised transaction reporting: Adjustments to reporting obligations and data fields aimed at better data quality and harmonisation across European jurisdictions.Payment for Order Flow (PFOF): Ban or severe restriction of PFOF models in the EU, with implications for certain business models.Digitalisation of client information: Enabling digital provision of client information as the default, opening new opportunities for efficient compliance.A proactive readiness assessment already takes these upcoming changes into account today to avoid duplicate implementation efforts.

Our MiFID II maturity model distinguishes five levels that reflect the development stage of an institution's compliance capabilities:Level

1 – Reactive: Basic compliance is ensured on an ad-hoc basis. Processes are manual, undocumented and person-dependent. High risk in regulatory examinations.Level

2 – Defined: Regulatory requirements are identified and anchored in policies. Basic processes exist, but monitoring and controls remain incomplete.Level

3 – Managed: Systematic processes for all MiFID II areas are established. Regular monitoring and reporting to senior management. Initial automation in reporting.Level

4 – Optimised: Integrated, largely automated compliance processes. Proactive risk management with early warning indicators. Data-driven decision-making and continuous improvement.Level

5 – Best-in-class: Fully integrated compliance ecosystem with predictive capabilities. Compliance as a strategic competitive advantage. Innovation at the intersection of regulation and business strategy.Maturity is determined through a combination of structured assessments, process analyses, system reviews and benchmarking against industry standards.

A MiFID readiness assessment goes significantly beyond a traditional compliance audit and differs in several key dimensions:Forward-looking perspective: While an audit examines the current compliance status, a readiness assessment also evaluates preparedness for upcoming regulatory changes such as MiFID III and MiFIR II.Strategic perspective: The assessment considers not only regulatory compliance but also identifies strategic opportunities to leverage compliance investments as a catalyst for business optimisation.Holistic approach: Rather than examining individual requirements in isolation, the assessment analyses interdependencies between different MiFID II areas and their impact on the business model, IT architecture and organisational structure.Action orientation: The result is not merely a list of deficiencies but a prioritised roadmap with concrete measures, resource estimates and timelines.Maturity scoring: Through systematic evaluation on a maturity scale, you receive a measurable benchmark that makes progress trackable over time and facilitates communication with senior management.

A MiFID II readiness assessment is relevant for all institutions within the scope of MiFID II, but has particular priority for certain institution types:Universal banks with securities business: The breadth of business activities creates touchpoints with virtually all MiFID II areas. Cross-selling and product diversity require particularly robust governance structures.Asset managers and investment advisers: The tightened suitability and appropriateness requirements as well as cost transparency obligations affect the core business and require deep process adjustments.Investment firms and brokers: Best execution requirements, transaction reporting and the PFOF regulations demand a complete review of trading and reporting infrastructure.Fund management companies: Product governance requirements, distribution rules and collaboration with distribution partners require an end-to-end compliance architecture.Institutions facing regulatory examinations: A preparatory readiness analysis reduces the risk of findings and demonstrates proactive compliance management to supervisory authorities.

Based on project experience, certain compliance gaps appear particularly frequently across the industry:Transaction reporting data quality: Incomplete or inconsistent population of the

65 reporting fields, particularly for complex instruments, decision-maker identification and LEI management.Best execution evidence: Lack of systematic documentation and analysis of execution quality. Monitoring is often limited to sampling rather than continuous, automated oversight.Cost transparency aggregation: Difficulties in consistently aggregating all direct and indirect costs across different product categories and systems – particularly for ex-ante disclosure.Product governance documentation: Incomplete target market definitions, missing negative target markets and insufficient review processes in product lifecycle management.Record-keeping obligations: Not all communication channels are captured comprehensively, or archiving does not meet the regulatory retention periods of up to seven years.Governance integration: Compliance responsibilities are not consistently embedded in the three-lines-of-defence model, or there is no systematic regulatory change management process.