A new European regulation coming out next year is said to make Sarbanes Oxley look tame. Although it's targeted mainly at financial services companies that do business in Europe, the Markets in Financial Instruments Directive (MiFID) poses yet another compliance risk to global companies.
Like SOX, MiFID's provisions are wide-ranging, including senior management responsibilities, internal systems and controls, and recordkeeping. It was designed to ensure that market participants can interact freely with counterparts in other EU countries on the same transaction terms and conditions.
Here are some helpful hints from document archiving firm Iron Mountain:
Make a start: MiFID arrives in November 2007, so planning should start within the next two months to better anticipate costs and resources that may be required.
Investigate: Now is the time to research the directive and implement change where needed. Make sure the board, CIO and CFO are all aware of the implications of MiFID and how functions across the workforce will be affected. Training staff now will save time and effort, particularly in terms of business continuity.
Organize: Tier your records management so information is stored according to how frequently it will be needed.
Protect: Ensure all documents that are potentially affected by the directive are protected in a safe and secure environment, whether physical or digital. Online backups, electronic vaulting and off-site storage should all be integrated.
Differentiate: Just because another directive has arrived, records managers shouldn't save everything. Records need to be managed, not hoarded; therefore, any system must be flexible and adjustable. --Penny Crosman