Preparing for MiFID III: A Compliance Guide for Financial Businesses 

By September 2025, the amendments made to the European Union’s Markets in Financial Instruments Directive (MiFID) framework must be implemented, continuing the regulatory evolution that began with MiFID II. While the third iteration of the MiFID does not represent a complete overhaul, it signals a clear shift in regulatory focus—especially for compliance teams tasked with recording and monitoring regulated communications.

Financial services entities must prepare to meet heightened expectations around surveillance, off-channel communications, inducements, and recordkeeping across a growing range of platforms.

The following article breaks down what impact the third iteration of the MiFID (henceforth named MiFID III) has on communications compliance, lists key changes from MiFID II, and offers actionable steps to take to support compliance with the new regulation—including a free checklist.

What is MiFID?

The MiFID is a cornerstone regulation established by the EU’s financial markets regulator and supervisor (ESMA) to enhance transparency, protect investors, and promote fair, secure, and integrated financial markets.  

Originally introduced in 2007 and revised as MiFID II in 2018, it sets comprehensive rules for how market operators and investment firms and providers operate, including how they execute trades, disclose information, and manage conflicts of interest.  

MiFID applies to a broad range of financial instruments and services, making it a critical framework for firms involved in the EU’s financial markets. 

How MiFID III and MiFIR align on market transparency

MiFID III is part of a broader regulatory package that also includes the review of the Markets in Financial Instruments Regulation (MiFIR). While MiFID is a directive that member states must transpose into national law, MiFIR is a regulation directly applicable to EU member states, standardizing rules across all member states.

As the two frameworks are tightly interlinked and changes in one area often impact requirements in the other, compliance must be approached holistically.

MiFID III timeline at a glance

MiFID III follows a structured implementation path, with a transposition deadline set in late September 2025. Firms should act now to align their compliance strategies with these milestones. 

How MiFID III builds on MiFID II, and what’s changing

MiFID II introduced strict rules around the capture and retention of communications that may lead to financial transactions. MiFID III does not roll these back, but builds on them, reinforcing the obligation to maintain transparent and auditable communications across all channels.

Where MiFID II focused on broad investor protection, MiFID III widens the scope to behavioral risks, such as conflicts of interest, inducements, and pricing opacity. The implications for financial services entities are significant, especially when it comes to how communications are recorded, analyzed, and retrieved. Let’s have a look at these in more detail.

1. Same recording mandates, higher scrutiny

The foundational requirement to record voice calls, chats, and messages related to transactions remains unchanged under MiFID III—but regulators will expect more:

• Communications monitoring must actively detect misconduct, not just passively store data.
• Systems should identify patterns indicative of mis-selling, fee misrepresentation, or market manipulation.
• Compliance officers will be asked not “Did you record it?” but “Did you act on what you saw?” 
  
  

This represents a subtle but important shift from compliance as documentation to compliance as behavioral oversight.

2. Stricter inducements and monitoring requirements

MiFID III tightens rules around inducements, including stricter bans on payment for order flow (PFOF) and tougher scrutiny of commission-based advice. These changes elevate the importance of how sales and advisory conversations are conducted—and how well they are monitored.

Organizations must be able to prove that client interactions reflect:

• Transparent, upfront pricing
• No hidden commissions or kickbacks
• Clear separation between research and execution
  
  

Consequently, monitoring tools must go beyond keyword detection to identify sentiment, tone, and behavioral markers that may suggest a conflict of interest, especially in voice and chat channels.

3. Off-channel messaging is a growing risk vector

Off-channel communication is under sharper scrutiny than ever, especially following recent global enforcement actions and fines. As employees increasingly use mobile messaging apps like WhatsApp and collaboration platforms like Microsoft Teams and Cisco Webex, regulators are tightening expectations around omnichannel capture.

Firms must:

• Capture voice, chat, video, and messaging from mobile and desktop environments.
• Prevent the use of unauthorized platforms through policy enforcement and user education.
• Maintain detailed audit trails across all environments, including metadata, to prove that compliance controls are functioning. 
  
  

4. An AI monitoring tool is a must

MiFID III raises the bar on monitoring expectations. Regulators will no longer accept basic archiving as sufficient, but are now asking for evidence of intelligent surveillance. This includes AI-driven pattern detection, voice-to-text transcription, and real-time red flag identification.

Advanced systems should be able to:

• Compare conversations across channels (e.g., does a chat message match a voice call?).
• Detect when a representative consistently recommends higher-fee products.
• Highlight anomalies in tone or timing that suggest misconduct or client pressure. 
  
  

Cross-channel monitoring will be especially important for hybrid and remote teams, where interactions span multiple tools and time zones.

5. Record retention and retrieval still critical

The standard five-year retention period (extendable to seven upon request) remains in force under MiFID III. But regulators are placing greater emphasis on:

• Speed and ease of retrieval during audits or investigations.
• The ability to map communications to transactions and client files.
• Secure, compliant storage that prevents tampering or loss.
  
  

With the introduction of a consolidated tape (real-time trading data aggregation), communications will increasingly be linked to trade data, requiring systems that can connect the dots between conversations and execution records.

6. Reduced reporting ≠ reduced oversight

While MiFID III simplifies or removes some reporting obligations such as RTS 27/28, firms must not mistake this for a regulatory downgrade. If anything, the burden shifts from standardized reports to firm-led demonstrations of client-first execution.

Monitoring data, especially communication records, will become critical evidence of:

• Compliance with best execution
• Fair, conflict-free client interactions
• Honest, transparent advisory practices
  
  

What should financial services entities do now?

With the September 2025 enforcement deadline fast approaching, firms should take steps to assess their current communications compliance posture. From conducting a thorough gap analysis to preparing for stricter rules around inducements and communication channels, there’s a lot to consider, and little time to waste.

Future-proof compliance, made simple

As regulations like MiFID III raise the bar, Luware Recording gives compliance leaders the tools to help meet—and exceed—expectations. Designed for modern financial environments, Luware’s cloud-native platform supports:

• Full capture across multiple channels like Microsoft Teams, Zoom, Webex, SIP-based systems, mobile messaging, and more.
• AI-powered features including transcription, keyword scanning, sentiment analysis, and risk detection.
• Fast retrieval with robust audit trails, secure long-term storage, and granular access controls.
  
  

Our solution is designed to adapt. Book a free demo  now to see it in action and have all your questions answered.

Conclusion: MiFID III is about culture, not just rules

MiFID III isn’t a radical rewrite of the rules, but rather a refinement of where regulators believe financial services entities still fall short. For compliance leaders, this is a chance to go beyond baseline obligations toward proactive monitoring, smarter data use, and a culture of transparency.