MiFID Gap Analysis & Roadmap

A MiFID II gap analysis is a structured assessment that compares all regulatory relevant areas of your institution against the requirements of MiFID II, MiFIR and the associated delegated acts.The analysis covers these core areas:- Investor protection and suitability: Review of client classification processes, suitability and appropriateness assessments, and cost transparency obligations- Product governance: Assessment of target market definitions, product monitoring and distribution controls per ESMA guidelines- Best execution: Analysis of execution policies, venue connectivity and quality monitoring- Transaction reporting: Review of reporting obligations under Article

26 MiFIR and associated RTS requirements- Governance and organizational structure: Assessment of the compliance function, internal controls and escalation procedures- IT systems and data quality: Review of technical infrastructure for reporting, documentation and surveillanceThe result is a detailed gap report with prioritized action recommendations that serves as the foundation for roadmap development.

Roadmap development follows a systematic process that accounts for regulatory urgency, implementation complexity and available resources.The process comprises four steps:1. Prioritization by criticality: Each identified gap is assessed by regulatory risk (fines, supervisory measures), impact on business processes and dependencies on other measures.2. Phase planning: Measures are organized into sequential implementation phases — from quick wins (immediately actionable) through medium-term adjustments to long-term system transformations.3. Resource and budget planning: Required capacities, external support and investments are calculated for each phase. Synergies with ongoing projects (such as DORA, GDPR or MiFIR II adjustments) are actively leveraged.4. Milestones and KPIs: Measurable interim targets, responsibilities and checkpoints are defined for each measure. A monitoring framework ensures progress tracking.The roadmap is aligned with the board and compliance function and regularly updated to reflect evolving regulatory requirements.

The MiFIR II regulation adopted in March

2024 introduces significant changes that must be factored into any current gap analysis.Key changes:- Consolidated Tape Provider (CTP): Introduction of a European consolidated tape for equities and bonds. Firms must assess whether their data connectivity and trade execution are prepared.- Enhanced transparency regime: Stricter pre- and post-trade transparency for bonds and derivatives. Existing waivers are being narrowed.- Reporting changes: Adjustments to transaction reports and new data quality requirements.- Payment for Order Flow (PFOF) ban: Prohibited from

2026 in most EU member states — business models with PFOF components must be adapted.- Designated Publishing Entity: New publication requirements for OTC transactions.A current gap analysis must incorporate these changes and the roadmap must prioritize accordingly, as some requirements carry tight implementation deadlines.

The scope and focus of a MiFID gap analysis varies considerably depending on the business model and license scope of the institution.Typical differences:- Universal banks with securities business: Broad analysis spectrum across all MiFID areas, with particular focus on interplay with CRR/CRD requirements and integration into existing compliance structures.- Securities trading firms: Focus on best execution, transaction reporting, algorithmic trading and market structure requirements.- Wealth management and private banking: Emphasis on suitability assessments, cost transparency, inducements regime and enhanced documentation obligations.- Fund management companies: Product governance requirements, distribution controls and target market definitions take priority.- Investment firms under specific regimes: Additional institution-specific requirements must be considered.We tailor the analysis framework to your specific business model, client structure and license scope to ensure relevance and efficiency.

Based on our project experience, certain compliance gaps occur frequently across institutions.The most common gaps:- Suitability assessment: Incomplete capture of sustainability preferences (ESG integration since August 2022), patchy documentation of advisory conversations, missing regular updates of client data.- Cost transparency: Inadequate ex-ante and ex-post cost breakdowns, missing consideration of third-party costs or implicit transaction costs.- Product governance: Unclear target market definitions, insufficient feedback loops between product manufacturers and distributors, missing regular product reviews.- Transaction reporting: Data quality issues in Article

26 MiFIR reports, missing reconciliation and correction processes.- Best execution monitoring: Lack of systematic quality analysis of execution venues, outdated execution policies.- Governance: Insufficient resources in the compliance function, missing formalized escalation paths.The gap analysis uncovers these weaknesses and quantifies the action required so that resources can be deployed effectively.

Duration depends on the scope of the business model and the complexity of the existing process landscape. Typical project timelines:- Focused gap analysis (specific topic areas):

4 to

6 weeks- Comprehensive gap analysis (all MiFID areas):

8 to

12 weeks- Gap analysis with roadmap development:

10 to

16 weeksThe process comprises five phases:1. Scoping and kick-off (weeks 1‑2): Definition of analysis scope, identification of relevant business areas and contacts, provision of the document base.2. Document analysis and interviews (weeks 3‑6): Review of internal policies, process documentation and IT landscape. Structured interviews with business units, compliance and IT.3. Gap identification and assessment (weeks 5‑8): Systematic comparison of current state against regulatory requirements. Assessment of each gap by criticality and complexity.4. Roadmap development (weeks 7‑12): Prioritization of measures, phase planning, resource calculation and milestone definition.5. Results presentation and alignment (weeks 11‑16): Presentation to board and supervisory body, roadmap alignment and agreement on next steps.

An effective MiFID compliance roadmap actively leverages overlaps with parallel regulatory requirements to avoid duplication and reduce costs.Key synergy areas:- MiFIR II and EMIR Refit: Shared requirements for transaction reporting, data quality and reporting systems. An integrated reporting infrastructure serves both frameworks.- DORA (Digital Operational Resilience Act): Overlaps in IT governance, third-party management and incident reporting. The IT system analysis from the MiFID gap analysis provides valuable inputs for DORA compliance.- GDPR and data protection: Shared requirements for data retention, deletion concepts and information rights. Client data processes can be optimized across regulations.- ESG regulation (SFDR, Taxonomy): ESG integration into suitability assessments connects MiFID requirements with sustainability regulation.- CRR/CRD: Organizational and governance requirements overlap with MiFID organizational structure requirements.Our roadmap explicitly identifies these synergies and proposes integrated implementation workstreams that address multiple regulatory requirements simultaneously.