Implementation of MiFID II investor protection provisions by private banks within the European Union

Purpose – With the introduction of the Markets in Financial Instruments Directive (MiFID), ﬁ nancial institutions are faced with many investor protection provisions; this has a major impact on the day-to-day operations of private banks, which provide investment services to predominately retail or non-professional investors. The purpose of this paper is to determine how MiFID provisions regarding investor protection with respect tosuitabilityarecompliedwithin practicebyprivatebanks. Design/methodology/approach – Based on interviews with 25 representatives of private banks from 10 different European Union (EU) member states, the researchers have determined how these provisions are ful ﬁ lled and associated risks mitigated. Mapping out the suitability requirements of MiFID and comparing them with how these have been operationalised, we arrive at the question of whether this leads to a level playing ﬁ eld andinvestor protection bydifferent privatebanks. Findings – Although MiFID is trying to achieve a level playing ﬁ eld between the EU member states, this study shows that this has not been achieved in all areas. Investor protection requirements from MiFID are interpreted and operationalised differently. Although these differences are sometimes small, sometimes they arelarger andaffectthe way theinvestor is served andsuitability determined. Originality/value – This research provides a unique insight into the way private banks in Europe have implemented the MiFID II requirements and gives insight into best practices. For the future, this research can serveas a preludeto in-depth follow-up researchon theimplementationof EUprovisions.


Introduction
The Markets in Financial Instruments Directive 2014/65/EU (commonly referred to as "MiFID II") undeniably plays an important role in the day-to-day business of banks servicing investors in the European Union (EU). This European directive is in service of the pursuit of a minimum standard within the EU focussing on strengthening investor protection leading to lower prices for retail services and a reduction in the traditional home bias (and poor diversification practices) shown by retail investors in selecting products and services (Heinemann and Jopp, 2002).
So, every investment firm in the EU must comply with MiFID II, although individual member states can choose to apply a stricter regime in certain areas. At the national level, individual member states have an obligation to include MiFID in their current legislation. MiFID, and especially the investor protection requirements, in this way, have a direct impact on the relationship with clients, whether professionals or retail clients. Note that "clients" here refers to investors classified under MiFID as for retail non-professional investors.
The purpose of this research is to determine how MiFID provisions regarding investor protection with respect to suitability and appropriateness are complied with in practice by private banks. A special point of attention here is how private banks in the various EU member states implement the aforementioned MiFID II provisions. Through this study, we aim to answer the following questions: are differences observable, what do they affect and what are their possible consequences? Interviews with policymakers are used to draw a clear picture that is representative of the private banking sector. This provides an inside perspective on the operations within European private banks when it comes to MiFID II consumer protection provisions.
These results contribute to a broader picture of the implementation of the MiFID directive based on empirical research. The findings will be of interest to scholars, supervisors, board members, lawyers and compliance officers as they provide a unique insight into the implementation of provisions within European banks.
Private banking within the financial sector The activity "private banking" refers to a commercial line of banking and financial services offered to clients who earn high levels of income and/or own sizable investment assets, also referred to as "high net worth individuals". Such private services are distinctive from retail banking services offered in the sense that these clients are assigned relationship managers or private bankers who specifically deal with them personally. This is, generally speaking, a value-added banking service, as against traditional banking, that offers more sophisticated products and more personalised services. Not only do large banks have separate private banking departments but also there are also smaller specialised private banks that focus exclusively on a private banking target group.
As of January 2020, a total of 5,963 banks operated in the EU, where 2.67 million persons are employed (Statista, 2021a(Statista, , 2021b. A small proportion of these banks are either private banks or large banks with a private banking department/business line. Europe is still one of the biggest profit pools for private banking, slightly behind North America and the Asian Pacific, although emerging countries such as those in the Asia-Pacific region are gaining ground over developed countries, and this trend is expected to continue in the coming years (Deloitte, 2016). Although Europe is one of the biggest profit pools, a pan-European clientele is not very common. This is because of the fragmented payment systems and tax burdens that have a substantial impact on the capital market, and therefore, on further integration (Danko and Suchý, 2021). For instance, on average, only 5% of EU citizens have bought a financial product in or from another EU member state (EU, 2005). According to the ECB (2007), the banking markets in the euro area are still fragmented.

31,1
Markets in financial instruments directive The MiFID has been applicable across the EU since November 2007. An important objective of this directive is to improve competitiveness by creating a single market for investment services and activities and ensuring a high degree of harmonised protection for investors in financial instruments.
In October 2011, the European Commission adopted a legislative proposal for the revision of MiFID I that took the form of a revised directive and a new regulation, known as MiFID II. The objective of MiFID II is to make European financial markets more transparent and to strengthen investor protection. MiFID II encompasses the revision of certain rules and regulations for investment firms and trading venues.
Investor protection under MiFID II is enhanced owing to new stricter rules of conduct. For example, investment firms must provide more information about the costs of investment services and about the independence of their investment advice. New rules of conduct are also being introduced for the provision of investment services.

Research questions
This study focuses on the extent to which private banks conform to the MiFID directive, but most of all, how compliancy is implemented. The question is not so much whether private banks follow MiFID, but how they do this in practice.
The target participants are (multi)national private banks based in Europe. The three areas of research focus seek to answer the following questions: RQ1. How are the MiFID know your customer (KYC) provisions fulfilled in practice by private banks?
RQ2. How is compliancy with the investor protection provisions of MiFID and mitigating regulatory risks secured over time by private banks in the EU?

Method for research
We used a qualitative research method to obtain a more detailed understanding of the effects of investor protection provisions as part of MiFID. The lack of data about the effects of MiFID makes quantitative research less feasible, particularly as the MiFID is a very complex framework with no historical precedent. The main aim of using an empirical and qualitative approach is to obtain insights about private bank practices, and this approach is predominantly processoriented. Using a qualitative approach involves a smaller sample size than that used in quantitative research methods, as qualitative research methods are, as against quantitively oriented methods, often concerned with garnering a more in-depth understanding of a phenomenon or are focused on meaning. This is often centred on the how and why of a particular issue, processual detail, situation, subculture, scene or set of social interactions (Dworkin, 2012). As such, the in-depth interviews aim to create an understanding of the "lived experience" of research participants. For the present study, a semi-structured questionnaire was used during the interviews. This is a technique most often used in the social sciences for qualitative research purposes. During these interviews, we used a protocol focused on a core topic to provide a general structure; the semi-structured interview also allows for participants to elaborate on specific topics. In some cases, a shared dialog evolved through questions and responses with the interviewers owing to their expertise.
The questionnaire was designed with the help of experienced MiFID specialists. Selections were made from the MiFID provisions that directly influence the relationship MiFID II investor protection provisions between a private bank and a retail investor. The questionnaire consisted of four main parts: (1) general information; (2) KYC information; (3) suitability (including financial position, financial planning, financial goals, risk attitude, risk willingness, risk awareness and ability to bear losses); and (4) monitoring and risk management.
For each part, several related questions with prescribed answers were asked. This was done to make it possible to compare the private banks to the greatest extent possible.

Participants
During the data collection phase, we invited 30 private banks based in Western and Southern Europe, and 25 of them took part in the research (Appendix). These banks were selected because they are either entirely a private bank or a separate private banking department in a larger bank.
The interviewees were of 10 different nationalities; it was, therefore, important to ensure that unambiguous definitions were used. To avoid language barriers as much as possible and to present identical questions, it was decided to conduct all interviews in English.
The participants were all managers and policymakers working for private banks or involved in the private banking activities of a large financial institution like a bank. They have worked a minimum of five years in the investment industry and have directly encountered issues related to MiFID. This number of participants is considered sufficient for publications in journals because it may allow for thorough examination of the characteristics that address the research questions and to distinguish conceptual categories of interest, maximises the possibility that enough data have been collected to clarify relationships between conceptual categories and identify variation in processes and maximises the chances that negative cases and hypothetical negative cases have been explored in the data (Charmaz, 2006;Morse, 1994;Morse, 1995).
The interviews were conducted online via Microsoft Teams, with both researchers and the respondent being present. These interviews were all conducted in the period January-July 2021 and lasted 1.5 h on average. In practice, it regularly appears that KYC, and especially relationships with supervisors, can be sensitive subjects. Therefore, the recruitment of sufficient respondents for the study was accomplished via the researchers' personal networks. Potential respondents from the networks of other participants were also approached. Unfortunately, for this reason, Eastern Europe is underexposed. It is important to note here that, although in most cases, the respondents gave permission to state the name of their employer, a direct reference to the employer in specific answers was avoided. This often turned out to be a requirement of the participating private banks.

Literature review
Investor protection provisions Investor protection is an important component of MiFID II. Specific provisions have been included that directly affect the relationship between private banks and retail investors; these provide relevant information regarding the suitability of the service, the provided advice and the final transactions. There are also provisions aimed at providing (posttransaction) information to the investor. The following subjects were further investigated. JFRC 31,1 KYC information (Article 54(2) delegated regulation (EU) 2017/565) When providing investment advice or portfolio management, the investment firm (such as a private bank) shall obtain the necessary information regarding the (potential) client's knowledge and experience in the investment field relevant to the specific type of product or service, the financial situation of the investor, including assets and liabilities and the ability to bear losses. Next to that, the investment objectives include the risk tolerance enabling the investment firm to recommend to the (potential) client the investment services and financial instruments that are suitable and, in particular, are within the risk tolerance and loss bearing ability.
Knowledge and experience (Article 55(1) delegated regulation (EU) 2017/565) Investment firms must ensure that the information regarding a (potential) client's knowledge and experience in the investment field includes the following, to the extent appropriate to the nature of the client, the nature and extent of the service to be provided and the type of product or transaction envisaged, including their complexity and the risks involved.
European securities and markets authority (ESMA) has published further guidance in 2018 regarding suitability testing, suggesting that, when it comes to client knowledge, investment firms present some practical examples of situations that may occur in practice, for example, with graphs or through positive and negative scenarios (ESMA, 2018).

Financial position and objectives (Article 54(4) delegated regulation (EU) 2017/565)
When it comes to determining the financial position, the information regarding the financial situation of the (potential) client shall include, where relevant, information on the source and extent of his regular income, his assets, including liquid assets, investments and real property and his regular financial commitments.
ESMA provided further guidance when it comes to the financial position of the clients (supporting guideline ESMA 43, p. 13): Data about a client's financial situation includes information regarding his investments. This implies that firms are expected to possess information about the client's financial investments he holds with the firm on an instrument-by-instrument basis. Depending on the scope of advice provided, firms should also encourage clients to disclose details on financial investments they hold with other firms, if possible, also on an instrument-by-instrument basis.
Regarding the investment objectives of the client, it is required to ascertain information on the length of time for which the investor wishes to hold the investment, his preferences regarding risk-taking, his risk profile and the purposes of the investment.
Gathering and updating KYC information (Article 54 (7) and 55 (3) delegated regulation (EU) 2017/565) Investment firms should take reasonable steps to ensure that the information collected about their (potential) clients is reliable.
An investment firm is here entitled to rely on the information provided by its (potential) clients unless it is aware or ought to be aware that the information is manifestly out of date, inaccurate or incomplete. The question, of course, is when information is out of date. Neither MiFID nor ESMA provides an explicit answer. Article 54(7) of the MiFID Delegated regulation states, "investment firms shall take reasonable steps to ensure that the information collected about their clients or potential clients is reliable." On page 45 of the suitability guidelines of ESMA (2018), the definition of "ongoing relationship" is further explained. The term should apply to a client relationship that is ongoing or has been so during the preceding year. The existence of an ongoing relationship MiFID II investor protection provisions (or lack thereof) with a client should be assessed on a case-by-case basis, taking into consideration the nature of the service provided. Firms should be able to explain how, why and when they assessed a particular client relationship as ongoing (or not). Both parties have concluded a contract for the provision of an investment or ancillary service that is not a one-off service would also qualify as an ongoing relationship. This would apply for as long as the parties agreed to such a contract and would include situations where there is an agreement for the firm to provide the client with a periodic assessment of suitability.
According to ESMA (2018), the frequency of updating information depends, for example, on the risk profile of the clients and the type of financial instruments that are recommended. If a wider variety of risky products are recommended within a risk profile, this may lead to a higher frequency of updating the information.
Earlier research. Limited research has been carried out to examine the implementation of MiFID and the investor protection provisions in particular. Although more studies focus on the effectiveness of MiFID, it needs more testing in practice. We start with the latter.
Research by Valiante and Assi (2011) using 43 participants in the European financial markets on implementation of MiFID I indicated that the respondents (being regulatory authorities, regulated markets, MTF's, investment firms and data vendors) were, in general, positive towards the more competitive environment, which has led to the reduction of trading fees and large investments in technologies and infrastructure. Loonen (2021) confirms this partially with his research among Dutch investment advisors on the effectiveness of MiFID. Especially, the investment advisors working for large banks as well and female advisors were observed to have more faith in the effectiveness of MiFID. Research has been conducted on the effects of MiFID in the Baltic states (Huettinger and Krašauskaite, 2020). They conclude that MiFID II and Markets in Financial Instruments Regulation regulations offer many benefits, such as higher protection and transparency for investors in the Baltics. They indicate that the obligation to profile investors to guarantee that they have sufficient knowledge, experience and information is particularly beneficial to investors with limited experience in financial markets and will contribute to increasing sustainable growth and confidence. Tountopoulos (2016) is of the opinion that investor rights cannot be enforced with the principle of uniformity without a common standard on civil remedies and procedures. These civil remedies should be determined at EU level, rather than different national rules. A lack of EU approach could undermine the uniform application and could lead to market distortion.
However, the effectiveness of MiFID is also viewed from a critical perspective. Cherednychenko (2010) raised questions regarding the effectiveness of the MiFID II requirements in improving investor rights and restoring the confidence of retail investors. Her concern is that MiFID focuses on public enforcement of the investor protection rules and their maximum harmonisation so that the needs of the individual retail investor are not sufficiently served. Moreover, Svetiev and Ottow (2014) state that: [. . .] imposing a uniform public enforcement strategy at EU level may seriously jeopardize the realization of the regulatory objectives pursued by the MiFID II, in particular ensuring a high level of investor protection.
A focus on providing choices and empowerment in the investment firm/investor relationship may undermine the position of the retail investor when designing a regulatory European framework. De Jager (2017) even questions if consumer trust is promoted because of the effectiveness of EU legislation. In other words, more and more complex EU legislation may not be the right way to restore trust among consumers. Moloney (2007) warned that an investor could fall prey to opportunistic investment advisers and inappropriate products, JFRC 31,1 even in cases with disclosure to support good decisions. In particular, this happens when the retail investor policy is not developed holistically. Cherednychenko (2015aCherednychenko ( , 2015b is of the opinion that ESMA's guidance on the MiFID I suitability requirements shows a prescriptive approach to how investment firms must assess the suitability of a particular product or service for the client. She observes that EU investor protection regulation is cannot fully capture the complexity and unpredictability of financial markets across the EU. According to Valiante and Assi (2011), MiFID has resulted in suitability and appropriateness requirements being applied uniformly within the financial sector. Nevertheless, they identified some challenges with regard to implementation. They state: Procedures seem to have been put in place with no major issues, but it does not seem to be diffused practice to keep information on clients regularly updated, even though there exists record-keeping infrastructure for client details across investment firms (Valiante and Assi, 2011).
Also, Comana et al. (2019) are also critical when it comes to the operation of certain MiFID obligations. They refer to the classification of investors under MiFID. They state: A perfect allocation within the three categories (retail, professional and eligible counterparty, RJ, TL) would probably occur only in a perfect world, whichas we have seenthe EU legislator sometimes seems to unrealistically assume. As a matter of fact, however, the elevator works frequently downwards and rarely upwards, for in troubled times every potentially experienced investore.g., high net worth individualsprefers adopting a more prudent approach, abiding by the regulatory constraints not to engage in certain operations. (Comana et al., 2019) Wallinga (2020) states that there is a lack of clarity about updating the obtained information. Thus, he states: [. . .] although the WpHG lacks an explicit provision to this effect such a duty to keep updated information about the client profile can be based on the interaction between the duty to acquire information from (potential) clients to make up their client profile and the duty to recommend only those investments that are suitable to them (Wallinga, 2020). Scholars such as Mercer et al. (2010) and Argo and Main (2004) conclude that standardised warnings seem ineffective. According to Loonen (2021) a survey among Dutch investment advisors shows that they have little faith in these warnings.

Findings
The following emerged regarding Investor Protection within MiFID as it relates to the activities of private banks. Firstly, based on the interviews, the mean by which the various private banks fulfil their legal obligations regarding KYC became apparent (RQ1).

Obtaining KYC information
When looking at the legal obligations as laid down in MiFID II, a few things stand out. Firstly, it is striking that the way in which the KYC obligations are fulfilled differs considerably between the different private banks. The number of questions in a questionnaire varies here from 15 to 49. This has a big impact on the time spend on collecting information. Simultaneously, it also raises concerns about the usage of such information.
The frequency with which this obtained information is updated differs greatly depending on the private bank (geographical differences have not been observed). Approximately 44% of the participants state that information obtained in the context of the KYC is updated on an annual basis. However, 40% of the private banks state that the MiFID II investor protection provisions information collected is only updated once every three or five years or not at all. For the remaining 16%, the frequency depends on the chosen risk profile.

Investment knowledge and experience
An important part of the KYC information is investment knowledge. It appears that approximately 50% of the private banks determine a client's investment knowledge through multiple choice questions alone. The question is whether this is effective, as there is no room to describe specific circumstances or situations that could lead to better or more complete records of investment knowledge. In contrast, 40% of the private banks state that they use a combination of multiple-choice and open-ended questions in which the advisor plays a (more) prominent role when it comes to determining the degree of investment knowledge. The remaining 10% use open questions and the judgement of the advisors.
When it comes to monitoring the development of the client's investment knowledge, two streams are visible. There are the private banks that retest investment knowledge in (periodic) conversations with clients or with the help of a questionnaire that is sent out (60% of the respondents). It is remarkable, however, which approximately 30% indicate that they do not update their investment knowledge information during the relationship, and only obtain investment knowledge during the onboarding process.
In private banks, knowledge tests are most often administered to determine whether a client has sufficient investment knowledge or experience. The number of transactions that the client has completed and the number of years of investment experience play a dominant role here. The level of education only factors in after that. Although the MiFID requires obtaining this information, 52% of the respondents think the (previous) profession of the client is not (so) relevant, and this further applies for 56% of respondents when it comes to the relevant education of the client.
Determining financial position As part of the MiFID II requirements, the financial position of the client must be determined. The results indicate that the components as named in MiFID II are, for the most part, actually requested. For example, 80% of the respondents show all financial information regarding income and assets versus debts; however, expenses are requested to a lower degree. It is less common to ask the client for documentation to substantiate his financial position, despite this being a requirement of ESMA.
Annual figures are requested in many of the cases in which investments are made for an entity. However, this is much less prevalent for natural persons. In only 30% of cases does, it appears that, for example, a copy of the tax return is requested from the client. With regard to the detail of the gathered information, the following becomes apparent (Figure 1). Although the information regarding the client's total assets is quite detailed in many cases, in 40% of cases, it is not detailed at all. Next to that, many private banks do not take the information of other banks into account to determine the risk profile. Hence, the information collected is not used for suitability purposes. In the case of taking assets of other banks into account, it would be possible to prevent idiosyncratic risks.

Investment objectives
As part of MiFID II, the private bank must determine the investment objectives of the client. Based on the interviews, more than 80% of the respondents state that a client has between two and five financial objectives. Only 20% state that the client has one objective or no objective. About 48% of private banks use a split between capital and income objectives. Incidentally, these objectives are updated annually at most (more than 60%) of the private banks in consultation with clients.
If clients have several objectives, it appears that private banks deal with this differently. For example, in 48% of the cases, it appears that multiple objectives per account are not possible. With these private banks, it is only possible to maintain one objective per account and to monitor its feasibility. It appears that several objectives per account can be maintained and monitored for approximately 20% of the respondents. With over 32% of the respondents, it is possible to maintain multiple objectives that can be linked to multiple accounts. For a majority of the respondents, it appears that it is not possible to prioritise this. Around 55% of the respondents indicate that when they ask for the financial objectives, it is to be able to properly determine the client's investment policy, whereas just as many respondents indicate that they do this to comply with legislation and regulations. The question is, what is the role of objectives is in the process of suitability? How are the investment objectives used to determine suitability? How to determine suitability in case the objectives are not concrete? Hence, it does not support a level playing field because it is unclear in MiFID II.

Risk willingness and risk attitude
There is a difference between risk willingness and the risk attituderisk willingness indicates how much risk the client is willing to take with the specific amount invested related to the goalwhereas risk attitude is independent of the specific amount invested and the objectives. This difference is also made clear under MiFID II. Remarkably, only 36% of the respondents make this distinction. Risk willingness is surveyed by the majority of respondents using a traditional risk questionnaire, whereas 44% of the respondents indicate this is done using graphical or numerical insight into risks and returns. Substantial improvements are possible in both the processes in terms of usage of the questionnaire and the insight in respect of the choice of the risk of the portfolio. Improved insights would lead to a better choice as the client will have a better understanding of the suitability of the portfolio.

Ability to bear losses
The way the ability to bear losses is determined varies greatly from bank to bank. For example, 44% of the respondents state that this is determined using a quantitative approach, in which the maximum loss of an investment portfolio (portfolio approach based on backtesting) and whether this is appropriate is determined. Of the respondents, 24% say they do this based on all the client's assets (and not just based on the investment portfolio). Most private banks do not have a system to determine loss capacity; only some private banks use an asset-liability management methodology. More clarity in respect of its implementation will improve investor protection.

MiFID II investor protection provisions
Compliancy investor protection provisions and mitigating regulatory risks To answer RQ2, the following concrete situations relate to the implementation of MiFID.
Impact of investment knowledge and/or experience What are the possible consequences in cases where the private bank finds that the client has (too) little investment knowledge to (for example) oversee the investment risks? Strikingly, in such cases, 36% of the respondents state that a client (ultimately) is not allowed to invest. In a large majority of cases, the respondents do state that restrictions are imposed in the investment universe, but above all, additional information about the transaction or product is provided or this is further explained (60% and 44% respondents, respectively).

Risk profile that fits the investment portfolio
Most of the respondents indicated that information about all products the client holds at the private bank is weighted when determining how investments are made (88% of the respondents). For example, with regard to liquid assets, for only 28% of the respondents, the risk of the individual asset classes (investments, private equity, real estate, etc.) held with third parties are also considered when determining the maximum risk that the investments should have with their private bank. This becomes a limitation when the advisors determine the ability to bear losses.
Once a risk profile has been established based on the client's KYC information, how is it then matched with an investment portfolio and what principles are applied by the private bank? The responses reveal that the determined risk profile is not binding for a majority (68%) of private banks. It is possible to deviate from the risk profile. It is also permitted to accept higher risk in terms of investments vis-à-vis the risk profile if a reason is given for this and this is checked and confirmed annually. This is not possible for 32% of the respondents, and the risk of the investment portfolio must be equal to or lower than what is possible based on the established risk profile.
Suitability tested when it comes to risk appetite As part of MiFID II, the suitability of the proposed services (investment advice or asset management) must be assessed. It is clear based on the given answers that the private banks do not only consider whether the risk appetite of the client is in line with the intended transactions. It is increasingly being examined whether the risk of the total investment portfolio matches the risk appetite of the client. It is also stated, albeit to a lesser extent (20% of the respondents), that the aggregated risk of multiple investment accounts is viewed in relation to the risk appetite of a client. The majority of respondents also see this aggregated approach as the predominant approach going forward. In the case of a transaction being recommended as part of an investment advisory, the respondents provide mixed feedback on how to test the suitability in the pre-transactional phase. Seventy-two per cent of the respondents indicate that they test the transaction against the risk willingness of the client. Meanwhile, 40% of the respondents indicate they check all KYC information to determine the suitability.
It is remarkable that the approach for the majority of retail (affluent) clients does not differ from that for private banking clients. A percentage of 70% say they use the same approach for their retail clients as they do for their private banking clients. The other respondents predominately say they use a different (lower) frequency in determining suitability for private banking clients.

JFRC 31,1
Monitoring whether risk of portfolio is still in line with risk profile The majority of the respondents (76%) check on an annual or biennial basis if the risk of the portfolio is in line with the agreed risk profile. This is done in a face-to-face meeting. Only 20% of the respondents check this continuously via digital monitoring.
Risk profile at client level or account level Risk profiles are prepared at the account level at the majority of private banks (90%). This means that a client who wants to hold multiple accounts can also hold different risk profiles (and thus different investment portfolios). Risks for different investment portfolios are often not considered at an aggregated (composite) level. A more holistic approach on the client level will improve the suitability process and support transparency.
Gathering or updating KYC information with the aid of financial planning Information from and about the client is, according to most respondents, regularly updated. In 48% of the cases, this is done annually, and in 40% of the cases, this is once every three years. Thus, while all private banks have a pre-and post-contractual collection process, the frequency of updating information varies greatly.
The gathered financial information is almost always updated in a personal consultation with the advisor. In only one case, the clients are requested to update their personal information via a portal.
Use of financial planning A considerable amount of information collected during client onboarding can be used as input for financial planning, such as information concerning the financial position. Preparing a financial plan is a way to use the collected information and improve the quality of the suitability process.
About 68% of respondents offer financial planning to a part of their clients. The fact that this is not universally done despite all the respondents being private banks is remarkable because these banks mainly pursue an in-depth relationship, and having insight and an overview of all client assets and debts is necessary to be able to provide good service. A financial plan will support the insight in the ability to bear losses.

Discussion and conclusions
The results of this study show that the implementation of the MiFID investor protection provisions has a profound impact on private banks. Based on our findings, we can conclude the following: Firstly, it is noticeable that private banks interpret the concepts (and provisions) arising from the MiFID directive differently. As MiFID is a directive and not a regulation, member states retain the freedom to shape national law with respect to certain issues.
There is a different understanding of themes such as risk appetite, risk acceptance and the ability to bear losses. Concepts are interpreted differently, and thus, implemented differently in processes. For example, some banks regard the "ability to bear losses" as the emotional risk awareness of a client, whereas other banks perceive this as a maximum drawdown of the portfolio and whether the client is (financially) able to bear this loss. Some banks determine the ability to bear losses at the portfolio level, and others take other assets into account and prefer a more holistic approach.
Secondly, specific subjects that are of importance to the ability to serve clients effectively are not clear. For example, the subject of "updating" information from the client has not been MiFID II investor protection provisions sufficiently worked out and is a point of differentiation between the private banks. For example, there are banks that perform an update of information on an annual basis, but other banks request an update once every three or five years. Specific topics such as "ability to bear losses" are periodically tested at many banks, but 16% of the respondents only do this prior to contractual commencement.
As a result of this pluralism, various information is requested from the client in multiple manners. This can lead to different conclusions being drawn by private banks about the same client. This is an undesirable situation that can have negative financial consequences. For example, the questionnaires that are used by the private banks differ significantly. The number of questions varies between 15 and 49, and therefore, the effort and quality to determine suitability can also differ substantially depending on how this information is used.
Most private banks (96%) make predominately use of the advisor in updating the information, for example, knowledge and experience, of the client. They should consider taking steps with regard to the digitalisation of processes, a conclusion that McKinsey and Company (2020) also draws as she states that: [t]he pandemic has further exposed the limitations of private banks' omnichannel capabilities. As client demand for digitally enabled remote interactions from their banks grows, banks must urgently rethink their client service model and proposition.
Pre-transactional suitability is tested by many private banks only against the risk appetite of the clients, whereas a minority do this against all KYC information available (e.g. including financial position, investment horizon, investment knowledge and experience). Even though the MiFID obligations have resulted in more consistency within the EU, we provide empirical evidence that strong heterogeneity still exists in important areas when it comes to meeting the MiFID obligations.
Various private banks in the EU indicate that they do exactly what is in accordance with the MiFID directive. For instance, insight into investments with third parties does not form part of this, although they indicate that they consider this in the customer's interest but simply cannot (technically) incorporate this information into their processes and/or systems.
It is also striking that the subjects to which the private banks pay special attention show strong geographical differences. For example, Italian banks seem to focus on good product governance, whereby a more product-oriented approach seems to prevail. Suitability of a financial product is (historically) an important topic, where Italian retail investors are relatively less equipped than others to protect themselves from potential abuses (Del Giudice, 2016).
Meanwhile, countries such as The Netherlands and Germany seem to focus more on a holistic customer view in which the deep(er) acquisition of KYC information is more important. Although many of the private bank's state that they offer financial planning as a service, it is not clear whether the information obtained from this plan is also used for KYC and suitability purposes. Doing so would constitute a quick and easy win for both clients and private banks. Next to that, only a small percentage of the clients receive a plan in practice.
Additionally, some concerns are noted regarding contact with national regulators. In some cases, the national regulator does not approve questionnaires in one country, where the same questionnaire is approved in another country. The sector is burdened by enormous regulatory pressure. In addition, overemphasis on compliance with all information and administrative obligations could result in the risk of actual client interests (do the investments really suit the customer and his situation?) being overlooked.
We conclude that the legal obligations (arising from MiFID) still regularly lead to compliance with the letter of the law. Thus, private banks focus primarily on the investment portfolio, but this focus does not always lead to a broader inventory of services for holistic advice to private banking clients, which would contribute to putting customer interests first.
Although there is a single MiFID investment guideline that applies to all EU member states, in practice, considerable variations exist in the implementation of these obligations. As a result, the operation of these measures also differs, and the facto full effective harmonisation does not yet exist. Cherednychenko (2015aCherednychenko ( , 2015b states that imposing a uniform public enforcement strategy at the EU level could prevent national supervisory authorities from experimenting with differentboth formal and informalsupervisory practices in each specific legal and market context. This could subsequently lead to the nonfulfilment of the ultimate goal of a high level of investor protection. More importantly, we argue that in specific cases, this could have a (negative) impact on Investor Protection and should further and more strictly be harmonised to meet the initial purpose of the requirement(s). We believe that the empirical evidence documented in this paper could inform regulatory authorities and bank managers in their choice of actions moving forward to improve the suitability process.
However, additional research in this field is needed, as our study focused only on private banks in Western and Southern European countries, with other EU member states not included in this study. For a holistic understanding, these regions should be included in a follow-up study for a more in-depth-analyses of different subjects.
MiFID II investor protection provisions