AuditXYZ

Compliance Framework

Markets in Financial Instruments Directive 2014/65/EU

MiFID II is the EU's comprehensive framework for investment services regulation. This guide covers transaction reporting, best execution, investor protection, and compliance requirements for financial firms.

$200,000–$5,000,0009–24 monthsAudit Required2018 (effective date, with ongoing regulatory technical standards)
Request a ConsultationSee process
Issuing BodyEuropean Parliament and Council of the European Union
First Published2014-06-12
Latest Version2018 (effective date, with ongoing regulatory technical standards)
Typical Cost$200,000–$5,000,000
Typical Timeline9–24 months
Audit RequiredYes
Audit FrequencyContinuous regulatory supervision by national competent authorities. Annual compliance reviews recommended.
Geographyeuropean-union, united-kingdom

MiFID II: EU Markets in Financial Instruments Directive Guide

The Markets in Financial Instruments Directive II (MiFID II) is the European Union's landmark regulation governing investment services and financial markets. Effective since January 2018, it replaced MiFID I with significantly expanded requirements covering investor protection, market transparency, and transaction reporting. MiFID II is complemented by the Markets in Financial Instruments Regulation (MiFIR), which contains directly applicable provisions.

What MiFID II Covers

MiFID II establishes comprehensive rules across several domains. Investor protection requirements include suitability assessments, product governance, cost transparency, and restrictions on inducements. Market structure rules address trading venues, algorithmic trading, and pre- and post-trade transparency. Transaction reporting requires firms to submit detailed trade data to regulators, covering 65 data fields per transaction.

The directive also introduced significant technology requirements, including obligations to record electronic communications, maintain audit trails of order handling, and implement systems for monitoring and detecting market abuse.

Who Needs MiFID II Compliance

MiFID II applies to investment firms, credit institutions providing investment services, trading venues, and data reporting services providers operating within the EU or EEA. Third-country firms serving EU clients may also be affected. Post-Brexit, the UK has maintained its own version through the onshored MiFID II framework with diverging amendments.

Implementation Approach

Start with a comprehensive gap analysis against MiFID II requirements relevant to your business lines. Prioritize transaction reporting infrastructure, best execution policies, and investor protection procedures. Implement communications recording systems and train front-office staff on suitability and product governance obligations.

Cost Considerations

MiFID II compliance costs are substantial. Large investment banks spent hundreds of millions on initial implementation. Mid-sized firms typically invest $200,000 to $2 million for technology systems, legal advisory, and process redesign. Ongoing annual costs include transaction reporting infrastructure, communications recording, and compliance monitoring.

Get the MiFID II starter pack

By submitting, you agree to our privacy policy.

Framework Mappings

Related frameworks

psd2gdprbasel-iiifatf

Get matched with a MiFID II auditor in 24 hours

Free, no-obligation — just tell us your email and we'll do the rest.

By submitting, you agree to our privacy policy.

Related Frameworks

Basel III
Framework
Basel III strengthens bank capital requirements and introduces liquidity standards to prevent another financial crisis. This guide covers capital ratios, liquidity requirements, and implementation timelines.
View
FATF
Framework
The FATF Recommendations are the global standard for combating money laundering and terrorist financing. This guide covers the 40 recommendations, mutual evaluations, and implementation requirements.
View
GDPR
Framework
The GDPR is the world's most influential data protection law, setting the standard for how organizations collect, process, and protect personal data of individuals in the EU and EEA. This guide covers lawful bases, data subject rights, breach notification, and practical compliance steps.
View
PSD2
Framework
PSD2 revolutionized European payments by mandating open banking and strong customer authentication. This guide covers SCA requirements, open banking APIs, licensing, and compliance for payment service providers.
View

Recommended Tools

6clicks Review 2026: Pricing, Features, and Verdict
Tool
Review of 6clicks, the AI-powered GRC platform with hub-and-spoke architecture. Covers Hailey AI, multi-entity support, pricing, and ideal use cases.
View
Akitra Review 2026: Pricing, Features, and Verdict
Tool
Review of Akitra, a compliance automation platform with broad framework coverage including FedRAMP and CMMC. Covers pricing, features, and who should use it.
View
Anecdotes Review 2026: Pricing, Features, and Verdict
Tool
Review of Anecdotes, a compliance OS that aggregates security tool data. Covers the aggregation approach, AI gap analysis, and comparison with Vanta.
View
Anecdotes Trust Center Review 2026: Pricing, Features, and Verdict
Tool
Review of Anecdotes Trust Center, the compliance-as-code trust portal. Covers live compliance sync, developer-friendly approach, pricing, and positioning.
View