MiFID II Compliance in 2026: Key Obligations Financial Firms Can't Afford to Miss

The Markets in Financial Instruments Directive II (MiFID II) remains one of the most comprehensive and demanding regulatory frameworks governing financial services in Europe. Since its implementation in January 2018, the directive has reshaped how investment firms operate, how markets function, and how investors are protected. But eight years on, compliance teams still grapple with the sheer breadth and depth of the obligations it imposes.

The challenge with MiFID II has never been awareness. Every firm knows it applies. The challenge is granularity — understanding the specific obligations nested within each requirement, the conditions that trigger them, and the evidence needed to demonstrate compliance. This is where enforcement actions concentrate, and where firms continue to accumulate regulatory risk.

Here is a practical breakdown of the key MiFID II obligation areas that demand attention in 2026.

Best execution: more than a policy document

Article 27 of MiFID II requires investment firms to take “all sufficient steps” to obtain the best possible result for clients when executing orders. This single requirement decomposes into dozens of specific obligations, each with its own conditions and evidence requirements.

Best execution is not satisfied by having a policy. Firms must demonstrate:

• Systematic evaluation of execution factors: Price, cost, speed, likelihood of execution, settlement size, nature, and any other relevant consideration must be weighed for each order type. The weighting must be documented and justifiable.
• Venue selection and monitoring: Firms must select execution venues that consistently deliver the best results. This requires ongoing monitoring and periodic review — not just an annual check. The venues chosen must be disclosed to clients, and any changes must be communicated.
• Order handling procedures: Specific rules govern how client orders are aggregated, allocated, and sequenced. The conditions under which orders can be aggregated are tightly defined, and allocation policies must be fair and documented.
• RTS 28 reporting: Firms must publish annual reports identifying the top five execution venues by trading volume for each class of financial instrument and summarizing the quality of execution obtained.

Where firms fall short: The most common gap is treating best execution as a static policy rather than a dynamic, evidence-based process. Regulators expect to see data-driven analysis of execution quality, not just a statement that the firm “considers all relevant factors.” The monitoring obligation is ongoing and must produce auditable records.

Client categorization: the foundation of suitability

MiFID II divides clients into three categories — retail, professional, and eligible counterparty — each carrying different levels of regulatory protection. Getting categorization right is foundational because it determines which obligations apply to every subsequent interaction with that client.

The obligations here are more nuanced than many firms appreciate:

• Initial categorization must follow specific criteria. Professional client status requires meeting at least two of three quantitative tests (portfolio size, transaction frequency, professional experience). These tests must be documented and verifiable.
• Opt-up and opt-down procedures have specific conditions. A retail client requesting professional treatment must be assessed against the criteria, warned of the protections they will lose, and must confirm in writing. The firm must be satisfied the client is capable of making independent investment decisions.
• Periodic review of categorization is required, particularly when a client’s circumstances change. Firms must have procedures to detect relevant changes and re-assess.
• Category-specific obligations cascade through suitability, appropriateness, disclosure, and reporting requirements. A categorization error means every downstream obligation may have been incorrectly applied.

Where firms fall short: Categorization is often treated as a one-time onboarding exercise. The obligation to monitor and re-assess is frequently under-resourced. When clients are re-categorized, the downstream impact on suitability assessments and reporting obligations is not always traced through.

Transaction reporting: precision under pressure

Article 26 of MiFIR (the companion regulation to MiFID II) requires firms to report complete and accurate details of transactions to the relevant competent authority. The reporting obligations are among the most technically demanding in all of financial regulation.

Key areas that continue to generate compliance issues:

• 65 reportable fields: Each transaction report must contain up to 65 data fields, including client identifiers, instrument identifiers, venue information, price, quantity, and timestamps. The accuracy requirements are exacting — a single incorrect field can constitute a reporting breach.
• Legal Entity Identifiers (LEIs): All entities involved in a transaction must be identified by valid, current LEIs. Expired or inactive LEIs are a common source of reporting failures.
• Short selling indicators: Firms must flag short sales in transaction reports, which requires accurate real-time knowledge of client positions — a non-trivial operational requirement.
• Transmission of orders: When a firm transmits an order to another firm for execution, both firms have reporting obligations. The conditions for “transmission agreements” that shift the reporting obligation are specific and must be documented.
• Timelines: Reports must be submitted by the close of the working day following the transaction. Late reports are a breach regardless of their accuracy.

Where firms fall short: Data quality is the persistent issue. Firms invest heavily in building reporting infrastructure but underinvest in ongoing data validation and reconciliation. Competent authorities have increasingly used automated surveillance to detect systematic reporting errors, making data quality a high-priority enforcement area.

Product governance: design and distribution obligations

MiFID II introduced a comprehensive product governance framework that imposes obligations on both manufacturers and distributors of financial products. This framework is designed to ensure products are designed and distributed in the interest of clients.

For manufacturers, obligations include:

• Target market identification: Every product must have a clearly defined target market, assessed across multiple dimensions — client type, knowledge and experience, financial situation, risk tolerance, and objectives.
• Scenario analysis: Manufacturers must assess how the product will perform under various market conditions, including adverse scenarios. This analysis must be documented and updated.
• Distribution strategy alignment: The chosen distribution channels must be appropriate for the identified target market. A product designed for sophisticated investors should not be distributed through channels that primarily serve retail clients.
• Post-sale monitoring: Manufacturers must monitor products after launch to ensure they continue to meet the needs of the target market and that the distribution strategy remains appropriate.

For distributors, obligations include understanding the products they distribute, assessing compatibility with their own client base, and reporting relevant information back to manufacturers.

Where firms fall short: The interaction between manufacturer and distributor obligations creates complexity. Information sharing between the two is often insufficient, and the feedback loop from distributors back to manufacturers is frequently weak or non-existent.

Inducements and cost transparency

MiFID II significantly restricts inducements (payments between firms related to the provision of services to clients) and imposes detailed cost disclosure requirements.

• Inducement restrictions: Any inducement must be designed to enhance the quality of the service to the client and must not impair the firm’s duty to act in the client’s best interest. Firms must be able to demonstrate the quality enhancement for each inducement they receive or pay.
• Ex-ante and ex-post cost disclosure: Clients must receive clear information about all costs and charges both before and after receiving services. This includes product costs, service costs, and the cumulative effect of costs on returns.
• Aggregated cost impact: Firms must show the cumulative effect of costs on the client’s investment returns, typically illustrated over the expected holding period. This is a calculation obligation, not just a disclosure obligation.

Managing MiFID II at obligation level

The breadth of MiFID II makes it particularly susceptible to coverage gaps. Firms may have robust policies in one area while leaving obligations in adjacent areas unaddressed. The directive contains hundreds of individual obligations, many of which are conditional — they apply only when specific circumstances arise, for certain product types, or for certain client categories.

This is where obligation-level decomposition becomes essential. Rather than treating MiFID II as a collection of high-level themes, firms benefit from mapping every individual obligation, its trigger conditions, the evidence required to demonstrate compliance, and the risk associated with non-compliance. AuditDSS covers MiFID II with this obligation-level decomposition approach, breaking the directive into its constituent requirements and mapping the dependencies between them.

The firms that manage MiFID II well are not necessarily the ones with the largest compliance teams. They are the ones that understand exactly which obligations apply to their specific activities, have evidence mapped to each one, and can identify gaps before regulators do.

MiFID II compliance in 2026 is not about broad awareness — it is about precision. The obligations are specific, the evidence requirements are exacting, and the enforcement environment is increasingly data-driven. Firms that invest in understanding their obligations at a granular level are the ones that avoid the findings that lead to enforcement action.