Scenario: MiFIDand MiFID II are regulations for electronic trading in EMEA. Best execution is a key principle of these directives and states that "take all sufficient steps to obtain, when executing orders, the best possible result for their clients taking into account price, costs, speed, likelihood of execution and settlement, size, nature or any other consideration relevant to the execution of the order." One standard for adhering to best execution requires firms to show that servers all have time settings that vary no more than one MS from UTC. Another standard requires firms to execute trades at the best possible price among exchanges. Financial markets must adhere to the regulations set forth in these directives to protect investors. There are many searches you can run to help ensure compliance and identify any violations so they can be investigated and prevented in the future.
To succeed in implementing this use case, you need the following dependencies, resources, and information.
- People: Security analyst, threat hunter
- Technologies: Splunk Enterprise or Splunk Cloud Platform
- A CSV or KV lookup files for
- NTP data by host
- Buy or sell order transaction data
- Reference data that has the price of tradable commodities
Your lookups may not have the same fields as the ones demonstrated in the sample searches. Adjust field names as needed to match your environment.
How to use Splunk software for this use case
Depending on what information you have available, you might find it useful to identify some or all of the following:
- MiFID II time drift
- MiFID II time drift impact on buy and sell orders
- MiFID II best execution buy and sell violations
The penalties for violating best execution principles of MiFID II can be severe. Schedule these compliance searches to run and report on a regular basis, investigating as needed.
The searches in this guide are also included in the Splunk Essentials for the Financial Services Industry app, which provides more information about how to implement them successfully in your financial services maturity journey. In addition, this Splunk resource might help you understand and implement this use case: