What Is MiFID II? A Compliance Guide for Fintechs
Jan 14, 2026
·
16 min read
Contents
The Markets in Financial Instruments Directive (MiFID) II is one of those regulations that shape the financial world behind the scenes. Yet, many fintech teams only encounter it when a project or product feature suddenly depends on it. At first glance, it can feel complex, but once you understand the basics, the entire framework starts to make a lot more sense.
This guide breaks MiFID II down in a clear and practical way. You’ll see who the rules apply to, what changed from the original MiFID, and which obligations matter most for fast-moving fintech companies.
We’ll also highlight common pressure points like product governance, investor protections, and communication standards, so you know what to look out for.
At InnReg, we help fintechs navigate MiFID II and other global investment regulatory frameworks. From licensing and regulatory strategy to building and managing compliance programs, our team supports firms operating across the EU and beyond. Contact us to learn more about InnReg’s compliance services.
What Is MiFID II?
MiFID II stands for “Markets in Financial Instruments Directive” and is the European Union’s main rulebook for how investment services are offered, traded, and supervised. It was created to bring more clarity, fairness, and structure to financial markets after years of rapid innovation. At its core, MiFID II sets the standards for how firms interact with clients and how products are designed, tested, and distributed.
This framework covers a wide range of activities, from investment advice and portfolio management to operating trading platforms. It also reaches deep into how firms record interactions, handle communications, and monitor conflicts of interest.
Who Does MiFID II Apply To?
MiFID II covers a wide range of firms that provide or support investment services in Europe. The scope is intended to be broad to reach both traditional institutions and modern fintech models.
Investment Firms Offering Regulated Services
MiFID II primarily applies to firms that provide investment services within the EU. This includes activities such as investment advice, portfolio management, client order execution, and one's own account management. If a company provides regulated investment services in relation to financial instruments, it usually falls under this group.
Both traditional firms and newer fintech platforms are included, from robo-advisors to trading apps. For many fintech teams, this category is where most obligations start, especially around suitability, disclosures, and product governance. Any service that directly provides regulated investment services connected to investment products typically brings MiFID II requirements into play.
Banks and Credit Institutions
Banks and credit institutions also fall under MiFID II when they offer investment services alongside their core banking activities. Many already handle payments, deposits, and lending, but once they add services like investment advice or order execution, they step fully into the MiFID II framework.
For fintech-focused banks, this often means managing two layers of oversight. They maintain banking obligations while also following MiFID II rules that cover how products are designed, marketed, and monitored.
Trading Venues and Market Operators
This group includes regulated markets, multilateral trading facilities, and organized trading facilities. If a platform brings buyers and sellers together to trade financial instruments, it fits within this category.
For both traditional exchanges and newer digital venues, MiFID II sets expectations around transparency, reporting, and how orders move through the system. The goal is to create markets that are easier to understand and simpler to supervise.
Technology and Infrastructure Providers
Technology and infrastructure providers do not fall directly under MiFID II unless they themselves provide regulated investment services or are authorised investment firms. Companies that build trading platforms, market data tools, order routing systems, or risk engines are not in scope merely because regulated firms use their tools.
If a tech provider plays a role in how investment activity takes place, MiFID II may treat it as part of the broader financial ecosystem. In these cases, MiFID II does not extend regulatory scope to the technology provider itself. Instead, it requires the regulated firm to manage, control, and oversee the technology it relies on to provide investment services.
For fintech companies, this often plays out through partnerships. A firm might not offer investment services directly, but its platform could power a broker-dealer, advisor, or trading venue. When that's the case, the technology provider can get pulled into MiFID II's orbit through contractual and outsourcing arrangements that impose standards around reliability, data quality, and operational controls.
Third-Country Firms Serving EU Clients
MiFID II can also apply to firms based outside the EU when they work with clients inside the region. This includes companies that provide investment services, distribute products, or market to EU residents.
For many fintech companies, this is where cross-border planning really comes into play. Serving users in the EU often brings new licensing needs, local rules, and higher expectations around investor protection.
Therefore, if you have customers in Europe, even while operating from somewhere else, it helps to understand how these obligations could shape the way your business works.
See also:
Exemptions and Edge Cases
MiFID II offers a few exemptions that can be helpful for businesses that provide very limited services or operate under a different specialized framework. Some firms are excluded when their activities pose a lower risk to the market or to investors, but the lines can be hard to navigate.
Examples include:
Firms that provide data or research without offering investment services
Companies dealing only in commodities where they meet specific ancillary activity or threshold conditions
Groups already supervised under another EU framework that covers their main activities
Businesses that trade exclusively on their own account without serving clients
Firms whose activities fall outside MiFID II due to narrowly defined, activity-based exemptions
These situations require careful review, since many exemptions come with conditions that can shift as a business grows or adds new features.
Need help with broker-dealer compliance?
Fill out the form below and our experts will get back to you.
MiFID I vs. MiFID II: What Changed?
MiFID II is an updated version of the original MiFID rules, and it changed the way investment services operate across Europe in a big way. It was designed to keep up with fast-growing markets, new technology, and the lessons everyone learned after the financial crisis.
This framework introduced several major shifts, and they all point in the same direction. Transparency rules now reach more asset classes and more trading venues, so markets are easier to understand. Investor protection standards also became stronger, with higher expectations for suitability checks, clear disclosures, and thoughtful product design.
Trading activity also got more attention, especially when firms use algorithmic or high-frequency strategies. Altogether, MiFID II expanded who needs to follow the rules and raised the bar for how firms document their work.
Regulatory Aspect | MiFID I | MiFID II |
|---|---|---|
Scope of Coverage | Focused mainly on traditional investment firms | Broader scope that includes more firms, services, and trading activities |
Transparency Rules | Applied mostly to equities | Expanded to cover bonds, derivatives, and other instruments |
Investor Protection | Basic suitability and disclosure rules | Stronger requirements for product governance, suitability, and client communications |
Trading Oversight | Limited rules for automated trading | New standards for algorithmic and high-frequency trading, plus tighter controls |
Recordkeeping | Lighter documentation expectations | More detailed record retention, including client communications |
Market Structure | Fewer types of trading venues | Introduction of organized trading facilities and clearer venue classifications |
For fintech teams, these updates translate into real changes in daily workflows. More detailed recordkeeping, clearer communication obligations, and stronger controls around product design all trace back to MiFID II.
Key Objectives of MiFID II in Financial Services
MiFID II was created to make financial markets safer, more transparent, and easier for clients to navigate. The goals behind the framework explain why the rules look the way they do and why they matter for both traditional firms and modern fintech products.
Its key objectives include:
Stronger investor protection: MiFID II encourages firms to truly understand their clients, explain risks in clear and relatable language, and recommend products that match each person’s financial situation and goals. The result is a more supportive experience where clients feel informed and confident.
More transparent markets: The framework expands reporting and disclosure requirements so trading activity is easier to see and understand. This added clarity helps investors, firms, and regulators get a more accurate view of what is happening across different markets.
Better product governance: MiFID II raises the bar for how financial products are designed, tested, reviewed, and monitored. Firms need to confirm that each product performs as intended and continues to be suitable for the audience it was created for throughout its life cycle.
Improved market integrity: The rules aim to cut down on risky behavior, strengthen internal controls, and promote fair competition. Together, these efforts support a healthier marketplace that participants can trust.
Closer supervision of trading technology: Algorithmic and high-frequency trading receive much more attention under MiFID II. Firms are expected to develop and operate their technology in a stable and well-controlled way, reducing the risk of disruptions and keeping markets running smoothly.
What Are the Core MiFID II Requirements for Fintechs?
MiFID II creates a structured set of rules that guide how investment services are designed, supervised, and delivered. These requirements form the foundation of compliant operations for fintechs that provide regulated investment services or activities, including those working with EU clients or regulated EU partners.
1. Licensing and Registration
Fintech firms offering investment services in the EU need proper authorization before they can operate. In practice, this means applying for an investment firm license or partnering with a regulated entity that already holds one. Regulators want to verify that firms are actually qualified to provide the services they're offering, whether that involves advising clients, executing trades, or managing portfolios.
What the licensing process looks like depends on the business model. Some firms apply directly to a national regulator. Others use a passporting route once they are authorized in one EU country. Many early-stage fintech companies start by working with a licensed partner while they build out their own compliance structure.
2. Investor Protection Rules
Investor protection sits at the center of MiFID II, and fintech firms feel it in many day-to-day decisions. The rules ask firms to understand who their clients are, what they need, and how much risk they can reasonably take on. This means gathering the appropriate information and offering products that suit each client’s situation rather than taking a one-size-fits-all approach.
For fintech companies, this often shows up in onboarding flows, disclosure content, risk profiling tools, and suitability checks. Clear communication is a major part of this requirement. Clients need enough information to make informed decisions, especially when products carry a higher risk.
3. Product Governance and Suitability
MiFID II places strong emphasis on how financial products are created and delivered. Firms must think about who a product is designed for, how it should be used, and whether it genuinely fits the needs of its target clients. This creates a structured process for testing, reviewing, and monitoring each product, rather than simply offering it to the widest possible audience.
For fintech teams, this often means building clear product approval workflows, documenting target markets, and checking that features align with client profiles. Suitability is a big part of this. Firms need to confirm that products offered to a client match that client’s knowledge, experience, and risk comfort.
See also:
4. Transparency and Disclosure Standards
MiFID II raises the bar on how clearly firms communicate with clients and the market. Fintech companies must provide information that is easy to understand, relevant, and timely. Clients should know how a product works, what it costs, and what risks come with it, without having to dig through confusing language.
These standards apply throughout the entire client relationship. Firms are expected to disclose fees, execution practices, product features, and any potential conflicts of interest in a clear and straightforward way.
For fintech teams, this often means weaving easy-to-understand disclosures into onboarding, in-app dashboards, and ongoing client updates.
5. Communication and Recordkeeping Obligations
MiFID II sets clear expectations for how firms handle client communications and maintain records. Fintech companies must keep detailed logs of interactions, decisions, and key steps in the client journey. This helps create a traceable history of how services were delivered and how advice or information was shared.
Recordkeeping covers more than just emails. It can include chat messages, phone calls, platform activity, and disclosures shown to clients. For fast-moving fintech products, this often means building automated systems that capture and store the right information without disrupting the user experience.
6. Algorithmic and High-Frequency Trading Controls
MiFID II pays close attention to firms that use algorithmic or high-speed trading strategies. These activities move fast and can introduce unique risks, so firms are expected to keep a close eye on how their systems behave.
The goal is to support trading technology that operates in a controlled and predictable manner, even during periods of rapid market activity.
Fintech companies working in this space need robust testing, monitoring, and governance processes. This can include stress tests, real-time alerts, kill switches, and clear documentation that explains how each algorithm is designed to work.
Common Compliance Challenges Under MiFID II
Fintech companies often face familiar hurdles when applying MiFID II to real products and fast-moving teams. These challenges become more noticeable as a company grows, enters new markets, or adds complex features.
Here are some of the most common issues fintech teams encounter in practice.
Detailed recordkeeping requirements: MiFID II expects firms to capture calls, chats, platform interactions, disclosures, and decision points. Without automated systems, this can quickly overwhelm operations and create gaps that are hard to fix later.
Complex product governance workflows: Defining target markets, documenting product reviews, and tracking ongoing performance takes time and coordination. It can feel heavy for teams accustomed to rapid development, especially when each change must be logged and justified.
Keeping disclosures simple and straightforward: Fintech products often combine multiple features, which makes it tricky to explain risks, costs, and mechanics in a way clients can easily understand. Striking the right balance between clarity and completeness is a recurring challenge.
Managing cross-border obligations: Serving clients across different EU countries, or both EU and non-EU markets, introduces varied rules and expectations. These differences often require extra licensing research, customized workflows, and a more flexible compliance setup.
Building controls around trading technology: Teams using algorithmic or high-speed strategies need testing routines, monitoring tools, and the ability to intervene quickly when something looks off. Most newer fintechs aren’t set up for this kind of operational lift out of the gate.
Maintaining consistent supervision as teams grow: As companies add new products and people, they need a solid structure for their oversight. Informal workflows no longer hold up, making training, escalation paths, and regular reviews essential.
These challenges are common across the industry, and many fintech teams handle them well by strengthening their internal processes, using the right tools, and partnering with consultants like InnReg who understand both regulatory expectations and the fast pace of product development.
Who Regulates MiFID II and Oversees Compliance?
MiFID II is managed through a shared regulatory structure that links EU-wide standards with local supervision. Understanding who sets the rules and who enforces them helps fintech teams navigate their responsibilities with fewer surprises.
European Securities and Markets Authority (ESMA)
ESMA is the EU body that sets the overall direction for how MiFID II should work. It writes technical standards, publishes guidance, and supports supervisory convergence as markets evolve. ESMA’s role is to keep the framework consistent across all EU countries, so firms don’t face completely different expectations from one jurisdiction to another.
For fintech teams, ESMA’s work shows up in many everyday tasks. It shapes how reporting files are structured, how product governance reviews are documented, and what clear and helpful disclosures should look like.
When national regulators take different approaches to MiFID II, ESMA often steps in with guidance that helps firms understand the purpose behind the rules and apply them consistently.
National Competent Authorities (NCAs)
National Competent Authorities are the regulators in each EU country that supervise firms directly. They handle licensing, review compliance programs, and conduct inspections. If a fintech firm is authorized in a specific country, its NCA is the primary point of contact for questions, filings, and day-to-day oversight.
NCAs also apply MiFID II to local market conditions, which means firms may see small variations from one country to another. They interpret ESMA’s guidance, set additional expectations when needed, and monitor how firms interact with clients.
For most companies, the NCA is the regulator they work with most often, especially during licensing or when launching new services.
See also:
Post-Brexit UK: The Financial Conduct Authority (FCA)
After the UK left the EU, the FCA took full responsibility for shaping and enforcing the UK’s version of MiFID II.
The rules remain closely aligned with the EU framework, but the FCA can now update or refine them to fit the UK market. Therefore, for firms operating in or serving the UK, the FCA is the leading authority that guides how these requirements apply.
Fintech companies often notice the FCA’s influence in areas like conduct standards, reporting expectations, and how firms communicate risks to clients. This regulator is known for a practical and outcomes-focused approach, which means firms must show that their processes work in real life, not just on paper.
Cross-Border Supervision and Coordination
MiFID II relies on cooperation between regulators, especially when a firm serves clients in more than one EU country.
NCAs share information, coordinate on supervisory actions, and work with ESMA to keep standards aligned. This coordination helps firms operate across borders without facing completely different rules in each market.
For fintech companies, this cooperation affects passporting, reporting expectations, and how quickly questions get resolved. When issues arise, regulators may work together to review the situation and offer guidance.
How Does MiFID II Affect Non-EU and US-Based Fintechs?
MiFID II can shape how non-EU firms operate when their products reach clients inside the EU. These effects often appear earlier than teams expect, especially for digital platforms with global reach.
Serving EU residents: Offering investment services to people in the EU can trigger local licensing rules, even if the company has no offices in Europe. Firms often need to check whether their activities qualify as regulated services under local laws.
Cross-border marketing restrictions: Promoting investment products to EU users may bring MiFID II obligations into scope. This applies to digital ads, website funnels, partnerships, and online campaigns.
Disclosure and communication standards: Firms may need to adjust how they explain risks, costs, and product features to meet EU transparency expectations. This often impacts onboarding flows, product pages, and client messaging.
Suitability and client assessment requirements: If a firm offers investment advice or similar services, it must collect enough information to understand a client’s knowledge, experience, and risk comfort.
Governance and product oversight: Products offered to EU clients must fit local expectations around target markets, ongoing monitoring, and documented reviews.
Data handling and reporting: Some firms need to update how they track activity, store communications, and report transactions when dealing with EU clients or partners.
MiFID II vs. MiFIR: What’s the Difference?
MiFID II and the Markets in Financial Instruments Regulation (MiFIR) work together, but they focus on different parts of the regulatory picture. MiFID II sets the rules for how firms interact with clients, while MiFIR focuses on market structure and reporting at a broader level.
MiFID II covers topics like licensing, product governance, suitability, and how firms communicate with clients. It shapes the daily operations of investment services and defines what firms must do to treat clients fairly.
MiFIR, on the other hand, deals with transparency and trading requirements. It sets rules for pre- and post-trade reporting, transaction reporting to regulators, and how trading venues operate. MiFIR applies directly across the EU without needing national transposition, which makes its rules more uniform.
Together, the two frameworks create a full regulatory foundation. MiFID II guides the firm to client relationships, while MiFIR strengthens market integrity and transparency across the entire trading ecosystem.
Best Practices for Fintech Compliance Teams
Strong MiFID II compliance relies on thoughtful planning, consistent routines, and collaboration across teams. When fintech companies build these habits early, they reduce friction later and keep product growth running smoothly.
Some of the best practices include:
Build workflows around real product behavior: Map compliance steps to the natural flow of your product. This makes tasks like suitability checks, disclosures, and record capture feel integrated rather than added at the last minute.
Use automation where it adds value: Automated systems can help capture client interactions, generate reports, monitor trading behavior, and store records. This reduces manual work and creates a more reliable trail for audits and reviews.
Review communications regularly: Product features change, fees shift, and risk levels evolve. Revisiting disclosures, FAQs, onboarding screens, and marketing materials helps keep messaging accurate and easy for clients to understand.
Document decisions clearly: Regulators often look for the reasoning behind decisions, not just the outcomes. Recording why a product was approved, how a target market was chosen, and what risks were evaluated makes future reviews much easier.
Train teams frequently: Regular training helps new and existing employees understand their role in compliance. It also creates consistency across operations, which is essential when teams grow or responsibilities shift.
Plan ahead for cross-border growth: Entering new EU markets often brings local interpretations, unique filing requirements, or different client expectations. Planning these factors early can prevent delays during launches or partnerships.
Involve compliance early in product design: When compliance teams join early discussions, they can identify risks, clarify requirements, and help shape features that work both for clients and regulators. The result is reduced rework and smoother rollouts.
Fintech firms sometimes boost their efforts by partnering with experienced compliance specialists like InnReg, especially when managing rapid growth or complex regulatory environments.
—
MiFID II remains one of the most influential frameworks shaping how investment services are designed and delivered across Europe. It affects everything from licensing and product governance to disclosures, recordkeeping, and trading technology.
For fintech companies, understanding these rules early creates a clearer path to launching, scaling, and serving clients responsibly. The framework can feel complex at first, but its core principles are practical once you break them down. With the right processes, thoughtful documentation, and steady oversight, fintech teams can navigate MiFID II without slowing innovation.
How Can InnReg Help?
InnReg is a global regulatory compliance and operations consulting team serving financial services companies since 2013.
We are especially effective at launching and scaling fintechs with innovative compliance strategies and delivering cost-effective managed services, assisted by proprietary regtech solutions.
If you need help with broker-dealer compliance, reach out to our regulatory experts today:
Last updated on Jan 14, 2026
Related Articles
Featured LinkedIn Posts
