What's New in MiFID III?
"MiFID III" is the common name given to the amendments to MiFID II Directive (Markets in Financial Instruments Directive) and MiFIR (Markets in Financial Instruments Regulation) Regulation. In March 2024, the European Commission adopted the new regulation, which will gradually come into force in European financial markets between 2025 and 2026. The objective is to adapt the regulation of European capital markets to the digital landscape and strengthen investor protection, particularly with regard to retail investment.
Since MiFID II came into force in 2018, there have been significant changes to financial products, market structures, technologies, and trading practices. Mobile trading apps, algorithmic trading, and the growing use of AI in securities require new rules. Today's financial instrument markets are significantly more complex, and supervisory authorities, including EU member states, are demanding greater transparency and compliance with MiFID II and MIFIR to identify risks early and prevent conflicts of interest.
The focus is shifting. Under the new update, it is no longer enough to simply record communications; active monitoring, analysis, and verification of best execution are also required.
2007
MiFID I Comes into Effect (Basic Regulatory Framework)
2018
MiFID II + MiFIR: Greater Transparency, Stricter Rules for Trading & Advisory Services
2024
MiFID III + MiFIR 2 Adopted: Modernization & New Requirements
2025
September: Implementation of Key MiFID III Obligations (e.g., New Reporting Requirements)
2026
June: Full Entry into Force, Including Ban on PFOF and Consolidated Tape for Stocks, ETFs & Derivatives
Timeline
September 2025 marks the deadline for compliance with MiFIR II and MiFID III.: New reporting requirements come into force. Financial institutions must document transactions in greater detail and report them to supervisory authorities in near real time.
In June 2026, the PFOF ban (payment for order flow) will be introduced. Brokers will no longer be permitted to accept payments from trading venues in exchange for routing customer orders there.
At the same time, the Consolidated Tape for equities, ETFs, and derivatives is launched; a uniform European register for market data, enhancing data quality across the board.
MiFID II vs. MiFID III: A Direct Comparison
Many market participants in the EU have been working with MiFID II for years. With MiFID III, the EU is now setting new priorities:
| Kategorie | MiFID II (2018) | MiFID III (2025/2026) |
|---|---|---|
| Transparency and market data | Focus on post-trade transparency and best execution | Introduction of an EU-wide Consolidated Tape for real-time data and uniform standards |
| Payment for Order Flow | Permitted under certain conditions | EU-wide ban on PFOF – avoidance of conflicts of interest, strict "best execution" evidence |
| Reporting and Transactions | MiFIR requirements with fixed data fields | Extended data fields, near real-time reporting, stronger ESMA (European Securities and Markets Authority) control |
| Volume Cap | double cap: 4% per trading venue, 8% market-wide | Simple 7% cap for reference price and negotiated Trades |
| Systematic Internaliser (SI) | Self-Assessment by Firms | Clear criteria, central ESMA list |
| recording obligations | Obligation to store conversations that may be relevant to transactions | Obligation to analyze and monitor (behavioral oversight, off-channel monitoring) for compliance with MiFIR II |
| Investor Protection | Suitability an disclosure obligations | Stricter requirements, including for digital channels |
| Sanctions and enforcement | National supervisory authorities responsible | EU-wide sanctions, tougher enforcement for data and volume violations |
What are the Regulatory Changes?
Greater transparency requirements
The amendments introduce the EU-wide Consolidated Tape: a central data pool that provides real-time market data on equities, ETFs, and derivatives. The aim is to harmonize previously fragmented information and make it available in a uniform manner throughout Europe. Institutions must set up their systems in such a way that they support uniform data standards, and market data is correctly incorporated into their reporting and risk management processes.
Stricter regulation of order execution
The PFOF ban (payment for order flow) puts an end to payments for the transmission of client orders to certain trading venues.
In future, brokers will have to prove that orders are executed exclusively in the interest of the customer so that investors can be sure that they always receive the best possible conditions. Documentation requirements are increasing, particularly with regard to proving best execution.
Extended reporting requirements and more control by ESMA
Reporting requirements are becoming more extensive and faster. New data fields, optimized data flows, and the central responsibility of the European Securities and Markets Authority are increasing the pressure on financial institutions. National authorities such as BaFin will retain their role in direct market supervision but will act more in line with European requirements in the future. For banks, brokers, and asset managers, this means that they must modernize their systems so that detailed transaction reports can be transmitted in near real time to both national supervisors and ESMA.
Impact on recording requirements
The existing recording requirements remain in place: All customer conversations that could lead to a transaction must be documented and archived, regardless of whether they take place by telephone, video, chat, email, or via collaboration tools. As a rule, a minimum retention period of five years applies, and in some countries even longer.
Monitoring of off-channel communication is being intensified to prevent the exchange of sensitive customer information via unofficial channels, private devices, or messenger services such as WhatsApp.
At the same time, the volume and complexity of communications data is increasing rapidly. Traditional sampling methods are no longer sufficient to reliably detect risks. Modern analytics, especially AI-powered risk detection, have long been established as industry best practice. They help identify misconduct such as mis-selling or unauthorized product recommendations at an early stage and relieve compliance teams from routine workload.
Consequences for practice
The new requirements lead to increased documentation and recording needs. It is no longer sufficient to store customer data on a single platform. Systems must be auditable, searchable, and future-proof in order to be able to prove compliance at any time.
The Role of Technology: AI and Omnichannel Recording
The requirements of MiFID and MiFIR are so comprehensive that manual monitoring of customer communications is no longer sufficient. The sheer volume of data (from phone calls and emails to chat messages and video conferences) can only be handled efficiently with modern technologies.
A key starting point is AI-supported risk detection. The new recording requirements under MiFID III not only require customer conversations to be stored but also actively analyzed. Artificial intelligence can automatically search conversations and messages for risk patterns and thus detect mis-selling, inappropriate product recommendations, or off-channel communication at an early stage. Companies benefit from proven approaches such as AI Policy Templates for MiFID II, FCA, and Dodd-Frank, which provide predefined rules and keyword lists and can be flexibly adapted to the new directive.
An omnichannel recording strategy is equally crucial. All communication channels must be recorded. This includes traditional telephone calls, video calls, chats, emails, and collaboration platforms such as Microsoft Teams. Only complete coverage ensures that off-channel monitoring can be implemented and that business-relevant information is not lost through unofficial channels.
In addition, the technology opens up new opportunities in terms of automation and efficiency. Modern solutions not only enable tamper-proof audit trails but also automated reporting workflows and alerts that significantly reduce manual effort. A look at the experiences gained from Dodd-Frank compliance recording, where similar obligations already exist today, shows that regulatory requirements can be implemented efficiently.
How to Prepare: Your Checklist
The implementation of MiFID III requires concrete steps to ensure that financial institutions can operate in a legally compliant and efficient manner from 2025/2026 onwards. The following measures are particularly relevant:
- System audit and functional testing
- Check whether your systems comply with all current and future recording requirements. These include tamper-proof storage, automatic archiving, and deletion periods in accordance with EU regulations. It is also crucial that data is fully auditable and exportable.
- Adaptation of processes and workflows
- Adapt your technical standards, documentation and reporting processes to the new MiFID and MiFIR requirements. Automated reports and alerts that immediately highlight potential compliance violations are particularly important. Technologies such as AI policy templates help to quickly implement regulatory-compliant monitoring.
- Training on conduct and advisory requirements
- Employees must be familiar with the new requirements – from the PFOF ban and proof of best execution to rules for off-channel monitoring. Raise awareness among teams about the use of AI-supported monitoring and analysis tools. In addition, role-specific training should be provided for front office, compliance, and IT staff.
- Preparation for the PFOF ban and new reporting formats
- Analyze existing order execution processes and adapt them to the upcoming PFOF ban at an early stage. Financial institutions must also implement the new data standards for transaction reporting (RTS 22). The aim is to ensure that systems are fully MiFID III-compliant by the 2025/2026 deadlines.
Recording Insights: Added Value for MiFID III Compliance
Implementing MiFID III is complex – but with the right technology, you can not only comply with the regulations, you can also turn them into an opportunity. This is precisely the approach described by Ralf Rösel, Director of Product Management at ASC:
"With Recording Insights, you not only comply with MiFID III but also use regulatory changes as an opportunity to automate processes, proactively identify risks, and ensure verifiable compliance at all times."
Seamless integration into existing systems
The stricter requirements for reporting, recordkeeping, and omnichannel recording can hardly be met efficiently with traditional means. This is exactly where Recording Insights comes in: The solution is a certified native app for Microsoft Teams and is also approved for the Microsoft Industry Cloud for Financial Services.
All relevant communication channels - from calls and chats to meetings and video conferences – are automatically recorded, encrypted, and archived in an audit-proof manner. Integrated analysis functions such as transcription, keyword recognition, and sentiment analysis enable compliance officers to identify risks at an early stage and provide regulatory evidence at any time.
Recording Insights not only enables you to meet increasing recording obligations but also efficiently combines them with omnichannel compliance requirements.
AI Policy Templates for AI-powered compliance management
Regulatory requirements are complex and affect both reporting obligations and the monitoring of customer communications. Instead of configuring each rule individually, ASC offers preconfigured, regulatory-compliant analysis modules with its AI Policy Templates.
The advantage: Compliance teams can immediately transfer legal changes into their systems without lengthy implementation projects. This not only makes compliance with MiFID III regulatory requirements easier but also operationally plannable and scalable.
Companies that act now not only secure regulatory certainty but also gain a competitive advantage through efficiency and transparency.
Disclaimer
Please note that we do not provide legal advice and that this information cannot replace legal review or consultation.
