Organisational obligations

Impact Amber traffic light

Medium impact,

systems changes

may be necessary

Other areas to consider

Compliance, risk management and internal audit

Current MiFID rules

MiFID requires a firm to implement a series of systems and controls (appropriate to the nature, scale and complexity of its business) aimed at securing a robust governance framework, with a clear organisational structure and lines of responsibility, and effective risk management and compliance processes.


These include:


  • Basic organisational controls
  • Policies and procedures to secure regulatory compliance and establish a compliance function
  • Responsibility of senior management
  • Policies and procedures to manage risk
  • Employing competent staff
  • Avoiding conflicts of interest
  • Securing appropriate business continuity
  • Outsourcing particular functions and responsibilities to others
  • Establishing an internal audit function
  • Record-keeping
  • Restricting personal account transactions

MiFID Level 1 Directive Art: 13


MiFID Level 2 Directive Arts: 5(1), 5(2), 5(3), 5(4) and 5(5)

FSA rules

SYSC 4, 11, 12, and 18

PRIN 2.1, 3.1 and 4

Proposed changes

The Commission consultation in December 2010 stated that in the Commission’s view the organisational obligations in MiFID required expanding  to provide new obligations in respect of:


  • organisational requirements for the launch of new products, operations and services, including strengthening duties of the compliance function to ensure that new products/services comply with all applicable rules and to ensure that risks of new products are adequately managed;
  • organisational requirements for the provision of portfolio management, including requiring firms providing portfolio management to formalise and retain documents concerning the definition and implementation of their investment strategies in managing clients’ portfolios;
  • underwriting and placing, requiring firms to establish specific organisational arrangements and procedures concerning all the different steps of the underwriting process and to keep relevant records.

However, these proposals are not reflected in the draft Directive or Regulation, although it is possible that they may be revisited as part of the Level 2 implementing measures stage.