Approved Reporting Mechanism (ARM)
Approved Reporting Mechanism (ARM) means a person authorised under the provisions established in the MiFID II Directive to provide the service of reporting details of transactions to domestic competent authorities or ESMA on behalf of investment firms (Article (4)(1)(54) MiFID II).
An ARM is defined as an entity authorised to provide services to an investment firm in order for it to meet its reporting obligations under Article 26 MiFIR.
Conditions for ARMs
Article 66 MiFID II
1. The home Member State shall require an ARM to have adequate policies and arrangements in place to report the information required under Article 26 of Regulation (EU) No 600/2014 as quickly as possible, and no later than the close of the working day following the day upon which the transaction took place. Such information shall be reported in accordance with the requirements laid down in Article 26 of Regulation (EU) No 600/2014.
2. The home Member State shall require the ARM to operate and maintain effective administrative arrangements designed to prevent conflicts of interest with its clients. In particular, an ARM that is also a market operator or investment firm shall treat all information collected in a non-discriminatory fashion and shall operate and maintain appropriate arrangements to separate different business functions.
3. The home Member State shall require the ARM to have sound security mechanisms in place designed to guarantee the security and authentication of the means of transfer of information, minimise the risk of data corruption and unauthorised access and to prevent information leakage, maintaining the confidentiality of the data at all times. The home Member State shall require the ARM to maintain adequate resources and have back-up facilities in place in order to offer and maintain its services at all times.
4. The home Member State shall require the ARM to have systems in place that can effectively check transaction reports for completeness, identify omissions and obvious errors caused by the investment firm and where such error or omission occurs, to communicate details of the error or omission to the investment firm and request re-transmission of any such erroneous reports.
The home Member State shall also require the ARM to have systems in place to enable the ARM to detect errors or omissions caused by the ARM itself and to enable the ARM to correct and transmit, or re-transmit as the case may be, correct and complete transaction reports to the competent authority.
5. ESMA shall develop draft regulatory technical standards specifying: (a) the means by which the ARM may comply with the information obligation referred to in paragraph 1; and (b) the concrete organisational requirements laid down in paragraphs 2, 3 and 4. ESMA shall submit those draft regulatory technical standards to the Commission by 3 July 2015.
Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1095/2010.
ARMs must have adequate policies and arrangements in place to report the information required under Article 26 MiFIR II as quickly as possible and no later than the close of the working day following the day upon which the transaction took place.
ESMA is mandated to develop regulatory technical standards on a number of issues regarding the obligation to report, including the data standards and formats in relation to these reports (Article 66(1) MiFID II).
Investment firms are required to make such reports and can either do so themselves or through an ARM.
MiFID II specifies a number of regulatory obligations that ARMs must comply with.
In particular, an ARM must operate and maintain effective administrative arrangements designed to prevent conflicts of interest with its clients.
An ARM that is also a market operator or investment firm must treat all information collected in a non-discriminatory fashion as well as operate and maintain appropriate arrangements to separate different business functions.
MiFID foresees that, in addition to reporting through ARMs, transaction reports can be sent by the regulated markets or multilateral trading facilities (MTFs) through whose systems the transaction was completed.
Important remarks on the confidentiality of the data held at an ARM contains Recital 13 of the Commission Delegated Regulation (EU) 2017/571 of 2 June 2016 supplementing Directive 2014/65/EU of the European Parliament and of the Council with regard to regulatory technical standards on the authorisation, organisational requirements and the publication of transactions for data reporting services providers.
The said Recital clarifies as follows:
"An investment firm which has transaction reporting obligations, known as a 'reporting firm', may choose to use a third party to submit transaction reports on its behalf to an ARM, that is a 'submitting firm'. By virtue of its role the submitting firm will have access to the confidential information that it is submitting. However, the submitting firm should not be entitled to access any other data about the reporting firm or the reporting firm's transactions which are held at the ARM. Such data may relate to transaction reports which the reporting firm has submitted itself to the ARM or which it has sent to another important remarks on the of the submitting firm to send to the ARM. This data should not be accessible to the submitting firm as it may contain confidential information such as the identity of the reporting firm's clients."
The corresponding Article 9(2) of the said Regulation stipulates that where an investment firm (‘reporting firm’) uses a third party (‘submitting firm’) to submit information to an ARM on its behalf, an ARM must have procedures and arrangements in place to ensure that the submitting firm does not have access to any other information about or submitted by the reporting firm to the ARM which may have been sent by the reporting firm directly to the ARM or via another submitting firm.
The receiving firm in the case of a transmission of an order in accordance with Article 4 of the Commission Delegated Regulation (EU) 2017/590 of 28 July 2016 supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council with regard to regulatory technical standards for the reporting of transactions to competent authorities should populate the specified information indicated in the table of fields in its own transaction report, should do this as part of its normal reporting and is not required to become an ARM (ESMA's Guidelines Transaction reporting, order record keeping and clock synchronisation under MiFID II, 10 October 2016, ESMA/2016/1452 (p. 22)).
Article 8(3) and (4) of the said Commission Delegated Regulation (EU) 2017/571 of 2 June 2016 requires an ARM to promptly notify the competent authority of its home Member State and any competent authority to whom the ARM submits transaction reports of any planned significant changes to the IT system prior to their implementation.
Among the first ARMs authorised by the UK FCA as from 3 January 2018 were London Stock Exchange plc, Bloomberg Data Reporting Services Limited, Abide Financial DRSP Limited and Xtrakter Limited (these entities have also an APA functionality).
According to Article 59(3) of MiFID II ESMA is required to publish and keep up to date a list of all ARMs in the European Union on its website (the register contains also data related to European Economic Area (EEA) / European Free Trade Association (EFTA) States).
The register, as visited on 9 January 2018, was populated with data regarding 4 ARMs:
- BME Regulatory Services,
- Deutsche Börse Aktiengesellschaft,
- Euronext Paris SA,
- Bankernes EDB Central A.M.B.A.
It is noteworthy, European Commission proposes to transfer the powers to authorise and supervise the ARMs from the national competent authorities to ESMA by introducing new Articles 27a-27h in MiFIR and deleting Articles 59-66 in MiFID II (Working document on on the proposals to amend the European System of Financial Supervisions, Committee on Economic and Monetary Affairs, 23.01.2018 (COM(2017/0536 - C8- 0319/2017 - 2017/0230(COD), COM(2017/0537 - C8-0318/2017 - 2017/0231(COD), COM(2017/0538 - C8-0317/2017 - 2017/0232(COD)).
Management of incomplete or potentially erroneous information by ARMs
An ARM is required to perform validation of the transaction reports against the requirements established under Article 26 of MiFIR for field, format and content of fields in accordance with Table 1 of Annex I to Commission Delegated Regulation (EU) 2017/590 of 28 July 2016 supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council with regard to regulatory technical standards for the reporting of transactions to competent authorities.
Commission Delegated Regulation (EU) 2017/571 of 2 June 2016 supplementing Directive 2014/65/EU of the European Parliament and of the Council with regard to regulatory technical standards on the authorisation, organisational requirements and the publication of transactions for data reporting services providers
Recitals 14 and 15
(14) A data reporting services provider should monitor that the data it is publishing or submitting is accurate and complete and should ensure that it has mechanisms for detecting errors or omissions caused by the client or itself. In the case of an ARM, this can include reconciliations of a sample population of data submitted to the ARM by an investment firm or generated by the ARM on the investment firm's behalf with the corresponding data provided by the competent authority. The frequency and extent of such reconciliations should be proportionate to the volume of data handled by the ARM and the extent to which it is generating transaction reports from clients' data or passing on transaction reports completed by clients. In order to ensure timely reporting that is free of errors and omissions an ARM should continuously monitor the performance of its systems.
(15) Where an ARM itself causes an error or omission, it should correct this information without delay as well as notify the competent authority of its home Member State and any competent authority to which it submits reports of the error or omission as those competent authorities have an interest in the quality of the data being submitted to them. The ARM should also notify its client of the error or omission and provide updated information to the client so that the client's internal records may be aligned with the information which the ARM has submitted to the competent authority on the client's behalf.
An ARM is, moreover, under the obligation to set up and maintain appropriate arrangements to identify transaction reports:
- that are incomplete or contain obvious errors caused by clients;
- which contain errors or omissions caused by that ARM itself.
Pursuant to Article 11 of the aforementioned Commission Delegated Regulation (EU) 2017/571 of 2 June 2016, there are different consequences envisioned for each of the above occurrences.