TL;DR
- ▸Maximum System Synchronisation Accuracy (MSSA) is the worst-case time error between any timestamp the firm produces and UTC. MiFID II caps this at 100 µs for HFT and 1 ms for other algorithmic trading.
- ▸Traceability means the firm can document the synchronisation chain from local clock back to a national metrology institute. NTP from a public pool doesn't qualify; PTP from a hardware grandmaster does.
- ▸Most compliance issues we see come down to one of these two questions not having a confident answer.
MSSA in plain English
Maximum System Synchronisation Accuracy is the worst-case time error between any timestamp the firm produces and UTC. MiFID II RTS 25 caps this at 100 microseconds for high-frequency trading and 1 millisecond for other algorithmic trading. The cap applies to the worst case, not the average — a system that's correctly synchronised 99.9% of the time but drifts to 500 microseconds during the other 0.1% is not compliant under any reading of the regulation.
This is the part that most firms underestimate. Achieving the precision under nominal conditions is straightforward; demonstrating that the precision is held under credible disruption (GNSS denial, hardware failure, network reconfiguration, oscillator ageing) is harder. The firm has to be able to show that the worst case across the reporting period stayed within the cap, not just that the typical case did.
Traceability in plain English
Traceability means the firm can document the chain of synchronisation from its local clock back to a national metrology institute (BIPM, NIST, NPL, PTB or equivalent), with no unverifiable links. Public NTP doesn't qualify because the public pool servers are run by anonymous volunteers and the firm can't document what the upstream clocks are doing. Corporate NTP servers pulled from public pools have the same problem one layer down.
PTP from a hardware grandmaster locked to a GNSS reference does qualify, because the chain is concrete: GNSS satellites (operated by national bodies and traceable through international agreements), GNSS-disciplined grandmaster (locally operated, configuration-documented), PTP distribution chain (every device PTP-aware and documented), local slave (hardware-timestamped). Each link is verifiable by the firm and demonstrable to a regulator.
The two-question test
Ask your timing operations team two questions. First: "What's the worst-case time error our timestamps have shown across the past quarter?" Second: "Show me the documented synchronisation chain from a trading server back to BIPM." If either question produces hesitation, the firm has a compliance gap to close.
Where firms get caught out
Three patterns recur. First, the firm achieves typical-case precision but doesn't measure worst-case. When the regulator asks about a specific historical period, the firm produces average metrics rather than worst-case metrics, and the conversation gets uncomfortable when the regulator notices.
Second, the firm uses NTP because "the precision is fine" without confirming traceability. The precision genuinely is fine for the relevant budget, but the synchronisation chain isn't documented and can't be verified by a regulator. This is a documentation gap, not a precision gap, and it's harder to fix retroactively than to prevent.
Third, the firm depends on a single grandmaster with no documented failover testing. The next failover surfaces a configuration drift nobody caught, and the firm spends hours or days outside the precision cap before anyone notices. The regulator views this as a worst-case violation regardless of how brief the excursion was.
How to close the gaps
Three actions. Capture worst-case metrics continuously, not just averages. Phase offset to UTC measured at every PTP slave, retained for the regulatory retention period in queryable form. Document the synchronisation chain explicitly: a single document that shows the chain from each reportable system back to the primary reference time clock and from the PRTC back to UTC, updated whenever the architecture changes. Test grandmaster failover quarterly in production and capture the results in the audit trail.
None of these are technically difficult. The challenge is doing them consistently across a deployment that's already running, where the original team has moved on, and where the timing fabric was specified once and never re-evaluated. The TimeBeat Sync Insight platform exists specifically to make this operational discipline easier to maintain over time.
Frequently asked questions
What is MSSA?+
Why doesn't NTP qualify for MiFID II traceability?+
Do I need a hardware grandmaster for MiFID II compliance?+
How do I prove worst-case MSSA?+
Related reading
Blog · Compliance
MiFID II Article 50 and FINRA Rule 613: What Clock Synchronisation Actually Demands
MiFID II RTS 25, FINRA's Consolidated Audit Trail and SEC Rule 613 all demand traceable, microsecond-grade clock synchronisation from regulated trading venues. What the rules actually say, what they don't, and what a compliant timing fabric looks like in practice.
Blog · Compliance
Navigating the New MiFID II and MiFIR Clock Synchronisation Requirements
MiFID II and MiFIR clock synchronisation requirements have been refined and extended since the original 2018 framework. What changed, what's coming, and what extended scope means for entities that weren't previously in scope.
Blog · Compliance
How to Automate Time Compliance Audits in Regulated Environments
Time-related compliance audits — MiFID II, FINRA CAT, DORA — are repetitive, evidence-heavy and expensive when done manually. How to automate the audit-defence layer so the compliance team isn't rebuilding it every quarter.

