MiFID II and GDPR: Did you survive the fallout?

Cast your mind back three months to the 25th May, when GDPR was introduced. Then go back to early January and the implementation of MiFID II.

What thoughts and feelings do these pieces of legislation conjure up for you? Positivity that complying was time well spent to improve your business and the service you offer to clients? A bureaucratic nightmare, which took your focus away from things which matter to clients? Or, perhaps, somewhere in between?

There’s no doubt that both represented a significant change to the status quo, with compliance eating up large chunks of time and significant resources. Now things are starting to bed in, I thought we’d revisit both to look at whether they have changed things for the better.


Despite being only eight months in to the new regime, we can already see how it is changing the way we work with clients.

Firstly, there are the financial consequences of the legislation. Compliance will push up costs, which must be borne by the advisory firm, passed on to clients, or a combination of both. I’ve seen no significant increase yet in the cost of providing ongoing advice, although I have no doubt some firms are considering increasing their charges.

However, in the wider profession I’ve certainly seen firms amending their service propositions and disengaging ‘lower value’ clients, for whom the new rules make it impossible to provide an ongoing service to at anything like a reasonable profit margin.

Necessity is the mother of invention and while disengaging previously advised clients will cause a short-term widening of the advice gap, in the longer term it may lead to new business models focused on providing an ongoing advice service at a lower cost. I’m not talking about the current incarnation of ‘robo advice’ (which in many instances amounts to nothing more than a simplified investment platform) but a more streamlined and cost-effective advice process, aimed at delivering a valuable service, when it’s needed, to those lower value clients advisers and planners can no longer service profitably.

Secondly, while welcoming the drive toward transparency, aimed at helping investors understand the fees charged, I must question the implementation. In fact, I’d go further and say that the sheer volume of paperwork a consumer now receives following a simple transaction, such as opening an ISA or topping up a pension, runs contrary to the spirit of the legislation. When will regulators learn that more information doesn’t increase transparency if no one reads it?

Finally, there’s no doubt that the legislation is confusing for all concerned and riddled with inconsistency. For example, the 10% drop rule applies differently to discretionary and advisory portfolios, and in itself, is a potential force for no good.

Like many, I question the need for the rule in the first place; we all know that it’s time in the market which is important, not timing the market. We are yet to see how this will play out, however I’m concerned that when the inevitable market fall happens, at best the new rule will lead to unnecessary and time-consuming conversations with needlessly worried clients. At worst, we’ll see knee-jerk emotional reactions, which will run contrary to the fundamental principles of investing.


If the slew of emails asking me to reconfirm permissions was anything to go by, most businesses left their GDPR planning to the last minute. While it’s emails such as this which seemed to capture most people’s attention, I believe there are more significant benefits to GDPR, which we will only see play out in the fullness of time.

We all know there’s a need to increase trust in financial services. Equally, we all know that financial scams are rife, many of which are borne out of data breaches.

GDPR gives us an opportunity to tackle both.

Compliance demonstrates to consumers that our profession takes data security seriously. Apologising after a data breach, as so many large organisations have had to do over recent years, is one thing, but surely it’s better to avoid that breach in the first place? At an individual client level, a breach could cost the individual victim, and the firm advising them if they are found to be responsible, many thousands of pounds, plus untold damage to their reputation. Only last week an article appeared in the Telegraph telling such a story.

If GDPR is the catalyst for improving data security, and consequently reducing financial scams and increasing trust, that must be welcomed.

Meeting the challenge

Would I have chosen to have either piece of legislation introduced and implemented in the way they were?

No, absolutely not.

I’m also mindful that the job of complying with the legislation isn’t over yet. All firms have an ongoing duty to remain compliant and, in many respects, we are in unchartered waters, especially with the 10% rule, which we have not seen play out yet.

Despite both being time-consuming to implement, unnecessarily complex and at times immensely frustrating, I can see the potential benefits in both MiFID II and GDPR, which we need to embrace.

Financial services is the most resilient of all professions. Over the years we have been forced to deal with constant and significant regulatory change; during the past decade we’ve dealt with RDR, MiFID I & II, and GDPR, not forgetting Auto Enrolment and Pension Freedoms, which have led to a revolution in retirement planning.

Has our profession stepped up to the plate? Damn right we have. And, I have no doubt will continue to do so. In the meantime, we need to focus on what our clients pay us for and value most; helping them overcome their financial problems and challenges, while ensuring they plan for to achieve their future goals and aspirations.

Now, let’s get back to the day job!