MiFID II: The clock is ticking for Financial Services

As the deadline for MiFID II nears, financial institutions and trading venues are ramping up their efforts to put in place the technology, processes and procedures required to be compliant on 3rd January 2018.

Many have left it very late, partly due to the lack of clarity in the regulation. As one large financial services organisation told us the other day, it’s like a moving target.

Transparency, reporting and traceability underpin many of MiFID II’s Regulatory Technical Standards (RTS). Including, requiring an accurate record trail of events for audit and compliance.

Accurate timestamping on financial transactions and messages involved in a trade life-cycle is a must, because this is essential for conducting cross-venue monitoring of orders, and detecting instances of market abuse. It also allows for a clearer comparison between the transaction and market conditions prevailing at the time of execution.

RTS 25 stipulates the following:

Operators of trading venues, and their members or participants, shall establish a system of traceability of their business clocks to UTC.

Operators of trading venues, and their members or participants, shall be able to provide evidence that their systems meet the requirements.  

The allowable tolerances of time drift of the business clocks stipulated by MiFID II is tight, and due to clocks being synced to a central time source over a network, there will always be network fluctuations causing clock drift. Depending on the transaction type, granularity of the timestamp will differ, as well as the maximum allowable divergence from UTC as follows:

  • High Frequency Trading Operations

    • 100 microsecond maximum divergence from UTC

    • 1 microsecond granularity

  • General Automated Trading Operations

    • 1 millisecond maximum divergence from UTC

    • 1 millisecond granularity


Reportable events, such as servers with clock drift beyond the tolerable thresholds and impacted trades, must be made available to regulators either continuously or on-demand with a five year history. Using established protocols such as NTP and PTP, point monitoring solutions can be leveraged to report on clock drift across the infrastructure. However, identifying trades that have potentially been impacted with inaccurate timestamps is more difficult.

A Global Swiss investment bank, aware of the challenges associated with becoming MiFID II compliant, was able to quickly prototype a solution to address the various reporting and monitoring requirements with Splunk in days instead of weeks. Ofni Thomas, in charge of Global Monitoring within the Low Latency Organization, stated that “Building a bespoke solution integrating disparate data sources to address the regulatory reporting requirements of the different MiFID II RTS’s would take months of dedicated resource time to develop, which could be easily achievable in days or weeks with Splunk”

As a platform that is able to ingest and visualise all types of machine-generated data, Splunk is well placed to report on clock drift across the trading infrastructure. Offering capabilities to correlate PTP and NTP time sources with trade messages (e.g. FIX), this gives trading venues and regulators a consolidated view of their compliance posture. Clock jitter can be visualised and alerts automatically raised in real-time when drift exceeds allowable limits.

The screenshot above shows how it’s possible to quickly isolate trades (yellow) that may have inaccurate timestamps due to excessive clock drift (blue), for further investigation and reporting to the regulators. The dashboard also highlights trades that have a different price from the Market National Best Bid and Offer (NBBO, or EBBO for the European market), due to inaccurate clocks. 

Check out a full demo which is based on a real example with a large trading firm here:

Ingesting trade messages and clock drift data into Splunk to become compliant with RTS 25 can open many other unintended areas of optimisation. Banks often struggle to troubleshoot failed trades due to complex workflows and disparate systems. Troubleshooting the why and where a trade failed can take a significant amount of manual effort and time to rectify. Splunk can reduce the time to investigate failed trades down to minutes, ensuring fewer failed transactions. Check out the ITSI workshop we ran in London late last year for providing visibility into compliance, performance and availability of an FX trading application.

If you’re interested in hearing how we can help you with MIFID II compliance (not just RTS 25 but also others), you can Ask An Expert:

To see what else you can do with FIX data and Splunk, checkout this great demo, here. Or view Duncan’s presentation on processing FIX data here.

Thanks for reading.

Haider Al-Seaidy
Posted by Haider Al-Seaidy

Born in Iraq but raised in Devon, Haider speaks English and Arabic (although the Arabic is a little rusty!). He returned from 4 years in Dubai to join Splunk in the UK and it turned out to be an inspired move. When he can, Haider tries to take his kart out to the track as much as possible.

Join the Discussion