MiFID II / MiFIR series

Corporate governance

Publication October 2014


The Markets in Financial Instruments Directive (MiFID) is one of the cornerstones of EU financial services law setting out which investment services and activities should be licensed across the EU and the organisational and conduct standards that those providing such services should comply with.

Following technical advice received from the European Securities and Markets Authority (ESMA) and a public consultation, the European Commission (the Commission) published legislative proposals in 2011 to amend MiFID by recasting it as a new Directive (MiFID II1) and a new Regulation (MiFIR2). The legislative proposals were the subject of intense political debate between the European Parliament, the Council of the EU, and the Commission. However, informal agreement between the EU institutions was finally reached in February 2014. The final MiFID II and MiFIR texts were published in the Official Journal of the EU on 12 June 2014 and entered into force 20 days later on 2 July 2014. Entry into application will follow 30 months after entry into force on 3 January 2017.

The implementing measures that will supplement MiFID II and MiFIR will take the form of delegated acts and technical standards. On 22 May 2014, ESMA released a consultation paper (the CP) setting out ESMA’s proposed advice to the Commission regarding delegated acts and a discussion paper (the DP) setting out ESMA’s proposals for technical standards. The deadline for responses to the CP and DP has now closed. ESMA is expected to provide advice on the delegated acts to the Commission by the end of 2014 and drafts of the technical standards by the middle of 2015.

Corporate governance: overview

Good corporate governance continues to be a fundamental objective of legislative action within the European supervisory institutions. Within the financial services sector MiFID II seeks to address perceived weaknesses in corporate governance within the sector. These weaknesses, it is said, ‘have been a contributory factor to the financial crisis’, a view on which ‘there is agreement among regulatory bodies at international level’.3

The recitals make plain the importance of corporate governance as an overarching link across the package of reforms introduced by MiFID II and MiFIR. In particular, corporate governance and conduct of business are seen to be two sides of the same coin, in particular ‘incorrect’ conduct of business, which may lead to investor detriment and loss of investor confidence, will demonstrate poor corporate governance.

The aim of MiFID II is therefore to strengthen the role of management bodies of investment firms, regulated markets and data reporting services providers, in ensuring sound and prudent management of the firms, the promotion of market integrity and the interest of investors.

MiFID II contains measures which require management bodies to commit sufficient time, and possess adequate collective knowledge, skills and experience to understand the firm’s activities, including the main risks. There are a number of new requirements on firms, which build upon this familiar theme. Diversity is a watchword for management bodies; so as to avoid ‘group thinking’ and to facilitate independent opinions and critical challenge and, in this regard, firms should consider employee representation in management bodies as one possible avenue to ensuring better knowledge of the internal workings of firms at management level.4

Corporate governance: current requirements

Article 9 of MiFID I Directive5 requires that management bodies of firms (other than those investment firms that are natural persons or legal persons managed by a single natural person) are ‘of sufficiently good repute and sufficiently experienced as to ensure the sound and prudent management of the investment firm’, and that the management of investment firms must be undertaken by at least two individuals who meet these criteria.

MiFID I also contained broad organisational requirements for both investment firms and regulated markets e.g. requiring both firms and markets to ensure that they were organised so as to minimise conflicts of interest, and to ensure compliance with the wider requirements of the directive. For example, investment firms were to be organised so as to ensure the continuity and regulation of their investment services, to maintain adequate transactional records and to safeguard client assets. Meanwhile, regulated markets were subject to more specific organisational requirements designed to ensure the effective functioning of the market’s systems which extended to maintenance of adequate financial resources.

In the UK, authorised firms must comply with the governance requirements found in chapter 4 of the Senior Management Arrangements, Systems and Controls sourcebook which codify the MiFID requirements and those of the MiFID Implementing Directive. These requirements include general, higher-level requirements around the organisation of the firm, as well as more specific obligations concerning internal control and reporting mechanisms to ensure compliance.

The existing UK corporate governance requirements inter-relate with the approved persons regime, as individuals who perform certain functions in an authorised firm known as ‘significant influence functions’ must have certain key skills and competencies, and be situated appropriately within the overall organisational framework of the firm.


As a starting point, MiFID II incorporates the corporate governance requirements within the Capital Requirements Directive (Directive 2013/36/EU, CRD IV), which are currently applicable to banks and certain investment firms. The result is therefore the broadening out of these requirements, across all investment firms. The FCA implemented the requirements of Article 88, CRD IV within the Senior Management Arrangements, Systems and Controls sourcebook (SYSC) as a new chapter 4.3A, with the majority of provisions in force by 1 January 2014.

One of the key corporate governance requirements in CRD IV is that members of the management body of a ‘significant’ investment firm must hold no more than one of the following combinations of directorships at the same time:

  1. one executive directorship with two non-executive directorships; and
  2. four non-executive directorships.

The FCA’s implementation of this particular provision has been staged such that from 1 July 2014, subject firms must ensure that members of the management body do not hold more directorships ‘than is appropriate, taking into account the individual circumstances and the nature, scale and complexity of the firm’s activities.’6 From 1 July 2014, members of the management body of a significant CRR firm must comply with the specific requirements set out above around the number of directorships.

In common with the CRD IV position, pursuant to MiFID II competent authorities may authorise members of the management body to hold one additional non-executive directorship to those set out within CRD IV. Competent authorities are required to inform ESMA whenever such authorisation is granted.

The rationale for limiting the number of directorships held by a member of the management body is made clear in the recitals to MiFID II: ‘combining too high a number of directorships would preclude a member of the management body from spending adequate time on the performance of that oversight role,’ therefore, ‘it is necessary to limit the number of directorships a member of the management body of an institution may hold at the same time in different entities.’

However, importantly, directorships in organisations which do not pursue predominantly commercial objectives, such as non-profit-making or charitable organisations, should not be taken into account for the purposes of applying such a limit.

Whereas MiFID I sought to ensure that a firm was managed in a sound and prudent manner, by specifying certain attributes which must be held by those who direct the affairs of the firm, MiFID II goes further and sets out the role and responsibility of the management body itself. In respect of the management body, in particular, the new language sets out requirements that the management body’s governance arrangements prevent conflicts of interest. Competent authorities must ensure that the management body:

defines, oversees and is accountable for the implementation of governance arrangements that ensure effective and prudent management of the investment firm including the segregation of duties in the investment firm and the prevention of conflicts of interest.’7

Requirements under MiFID II – Level I

Management body

The MiFID II requirements are more detailed than those in MiFID I in setting out the role and responsibility of the management body, to ensure good corporate governance.

In common with MiFID I, MiFID II requires competent authorities to ensure that firms comply with requirements around corporate governance, through assessment as part of authorisation.

Organisational requirements

An investment firm’s management body must define, approve and oversee the firm’s organisation for the provision of investment services. These obligations ensure that the management body sets out the firm’s corporate governance arrangements, and fully considers and scrutinises them at the time of implementation and on an ongoing basis. In setting out the firm’s organisation; the firm must specifically consider the following key issues:

  • the skills, knowledge and expertise required by personnel; and
  • the resources, procedures and arrangements for the provision of services and activities (taking account of the firm’s nature, scale and complexity and all the requirements the firm must comply with).

Further there are various specific requirements relating to the firm’s organisation, in the context of a firm’s activities. For example, firms providing independent advice or portfolio management should also set up a policy, as part of their organisational requirements, to ensure that third party payments received by the firm are allocated and transferred to the clients.8

MiFID I placed emphasis on the compliance function to ensure internal policies and procedures met the firm’s obligations under the Directive (and elaborated in the MiFID Implementing Directive). These provisions remain and are identical in MiFID II.

Policy of services and products offered which is stress tested

An investment firm’s management body must define, approve and oversee a policy as to services, activities, product and operations offered or provided in accordance with the risk tolerance of the firm and the characteristics and needs of the clients of the firm to whom they will be offered.

The MiFID II requirements in respect of third party payments, commissions and inducements are set out in our conduct of business briefing notes.

Importantly, MiFID II requires management bodies to ensure appropriate stress testing of services or products is conducted, to ensure that the above mentioned policy works and that such services or products accord with the characteristics and needs of the firm’s clients.

The MiFID II requirements in respect of appropriateness and suitability, are also set out in a separate conduct of business briefing note.


MiFID II introduces a new requirement that the management body define, approve and oversee a remuneration policy of persons involved in the provision of services to clients, which must have the following fundamental aims as its objective:

  1. encouraging responsible business conduct by the firm;
  2. ensuring the fair treatment of clients; and
  3. avoiding conflicts of interest in the relationship with clients.

This remuneration policy is widely drawn by the legislation, covering all persons involved in the provision of services.

Management bodies must monitor, and assess the effectiveness of the firm’s governance arrangements and the adequacy of the Policy set out above.

MiFID II makes explicit the link between remuneration of staff and conflicts of interest. Whilst firms had a duty to organise themselves so as to effectively manage conflicts under MiFID I, pursuant to the recast MiFID II firms must “take all appropriate steps to identify and to prevent or manage conflicts
of interest […] including those caused by […] the firm’s own remuneration and other incentive structures


The management body must have adequate access to information and documents which are needed to oversee and monitor management decision-making, as the management body will be held responsible for the firm having governance arrangements that ensure effective and prudent management of a firm. This requirement represents a hard-coded requirement for firms to ensure that good quality management information  (‘MI’) is delivered from the business. Proactive engagement by management will be key.

In the UK context, this represents a strengthening of the guidance which the UK regulators have issued in recent years, concerning the provision of ‘MI’.

Members of the management body

In common with MiFID I, members of the management body of the investment firm must be of ‘sufficiently good repute’. Further, such members must possess:

sufficient knowledge, skills and expertise’, and

commit sufficient time to perform their functions in the investment firm.’

In keeping with current requirements, members of the management body must not obstruct the effective, sound and prudent management of the firm, or the adequate consideration of the interests of clients and the integrity of the market. The firm must also notify the competent authority of any changes to its membership, and provide sufficient information to the competent authority for it to assess the firm’s compliance with the obligations set out above concerning governance arrangements.

Product governance

The provisions within MiFID II, level 1 build on the ‘clients best interests’ provisions which were an important feature of MiFID as first enacted.

MiFID II, level 1 sets out the higher level requirement for product manufacturers to maintain, as part of their organisational arrangements, appropriate product review processes to ensure investment products are ‘consistent with the needs’ of identified target markets. Product distributors are also required to ensure that their organisational arrangements include provision for access to key information on product which it distributes, from relevant manufacturers.

MiFID II, Level 2 measures will introduce new requirements on product governance and product approval processes to ensure that financial instruments and structured deposits will be offered or recommended only when this is in the interest of the client.

The recitals to MiFID II make clear the objective of the European Commission to prevent investment firms which manufacture and distribute financial instruments (and structured deposits), at an early stage, from failing to meet investor protection standards. Product governance policies and procedures are central to achieving good client outcomes, and represent one of the principal avenues to acting in the clients best interests.

Pursuant to the Level 1 measures, product manufacturers must ensure that products are manufactured to meet the needs of the target market of end clients, within the relevant category of clients, and that such products are distributed to the identified target market. Further, investment firms must ensure that products are reviewed to ensure that they remain consistent with the needs of the identified target market, taking into account events which might materially affect the risks posed by products to that market.

In particular product manufacturers will be under an obligation to maintain, operate and review a process for the approval of each financial instrument and significant adaptations of existing financial instrument before they are marketed or distributed to clients.

Requirements under MiFID II – Level 2

Management body

Organisational requirements

The key trend in the Level 2 measures from ESMA regarding organisational requirements, is to strengthen the compliance function.

In December 2012, ESMA published compliance guidelines, which aimed at increasing the effectiveness, authority and importance of the compliance function in authorised firms.

ESMA now recommends that the MiFID II Level 2 measures put its previous guidance on a legislative footing. For example, general guideline 1, relating to the focus of compliance in firms, on relevant and prevalent risks identified in a risk assessment, will be a key plank of the Level 2 obligations.

In some areas, such as that set out above, the MiFID II Level 2 measures will go further than the 2012 guidance, e.g. requiring that the compliance function utilise a risk-based approach when it establishes its firm monitoring programme.

Overall, the Level 2 provisions look to continue the trend of strengthening the compliance function within firms. For example, ESMA recommends that the Level 2 measure include an obligation on the compliance function that, whenever it detects a ‘significant compliance risk’, it reports directly to the management body.

This is unsurprising, since compliance teams bear significant responsibility under the new legislation for ensuring that a firm is organised effectively to meet its obligations. Overall corporate governance is not only an issue for senior management, but should be a key focus of compliance function risk assessments.


Again, from a governance perspective, ESMA’s Level 2 measures are to increase the authority of the compliance function within the firm. ESMA’s proposed Level 2 measures require the management body to seek the advice of the compliance function before approving remuneration policies.

Product governance

As part of its consultation paper on MiFID II, ESMA has recommended that the MiFID implementing directive be amended to include product governance obligations specifically for manufacturers, and product governance obligations specifically for distributors. By splitting the obligations in this way, the new requirements are coming at ‘suitability’ from two angles to help ensure that investor protection measures are as effective as possible. Some key themes from the proposed obligations include:

Requirements for manufacturers

  • put in place procedures and arrangements to adequately manage conflicts of interest during the product design process;
  • ensuring the firm’s governance arrangements cover oversight of the product design and manufacture process, essentially requiring management bodies to take greater interest and control of this aspect of the business;
  • firms must train staff on the characteristics and risks of products which they want to manufacture before they are manufactured;
  • the firm must be able to identify the potential target market (at a ‘granular’ level) for each product and be able to specify the type of client for whose needs, characteristics and objectives the product is compatible and, those for whom the product is not compatible; and
  • the firm should undertake scenario analyses of the likely outcomes caused by the product in the market.

Requirements for distributors

  • product governance at distribution firms means assessing the range of products selected for distribution against the characteristics, objectives and needs of an identified target market to ensure that they are compatible;
  • distribution firms are expected to have procedures and policies in place when deciding on the range of products to be offered to respective target markets, to ensure compliance with all applicable MiFID requirements, including appropriateness, inducements and proper management of conflicts; and
  • distributors should ensure that information on sales is passed to manufacturers to support product reviews.

Firms who both manufacture and distribute products will only be required to conduct a single assessment of the needs and characteristics of the target market for whom relevant products will be manufactured, and to whom they will be distributed.



Directive on Markets in Financial Instruments repealing Directive 2004/39/EC and amending Directive 2011/61/EU and Directive 2002/92/EC.


Regulation on Markets in Financial Instruments and amending Regulation 648/2012.


Recital 5, MiFID II.


Recital 53, MiFID II.


Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004 on markets in financial instruments amending Council Directives 85/611/EEC and 93/6/EEC and Directive 2000/12/EC of the European Parliament and of the Council and repealing Council Directive 93/22/EEC.


SYSC 4.3A.5R.


A.9(3), MiFID II.


Recital 52, MiFID II.


A.23(1), MiFiD.

Recent publications

Subscribe and stay up to date with the latest legal news, information and events...