The 500 page Discussion Paper for Mifid II released by Esma this month is full of intrigue.

The text expands on the agreed text for Mifid II and its sidekick Mifir and sets out the key points Esma is considering in its drafting of the technical standards that will form the basis of Mifid II’s implementation.

Deep within the text on page 233, point 101 reads: “DEA clients should never be able to send an order to a trading venue without the order passing through the pre-trade risk controls of the investment firm”.

So effectively this means that direct electronic access provision must be effectively subject to two layers of pre-trade risk controls, those at the investment firm and those at the exchange.

Now for exchange members using 3rd party vendors or in-house technology, this is not a problem as risk controls are always set by the investment firm in this instance.

However, for exchange provided front ends, which are offered by a few exchanges, risk controls are set at the exchange so are not passing through the investment firms’ risk controls before being sent to the exchange.

So one reading of this clause of the DP suggests that exchange front ends as they are currently operating could be banned in Europe.

It is important to note that this is by no means the final text and these points will be clarified and amended before the technical standards are published.

One potential argument to respond to this is that users of exchange front ends are Trade Participants, which is a form of non-clearing member and so the risk controls are clearing controls of the GCM. However it is not clear in current the text whether this will be treated any differently.

From a practical standpoint it’s important to note that a Trade Participant absolves the requirements of the GCM to perform some of its surveillance and monitoring requirements but from a risk perspective it is no different to any other DEA client.

However, it is clear throughout the DP that Esma is seeking to implement two independent risk layers and exchange provided platforms in their current form only operate a single risk management layer.