BY: ComplyLog|May 20, 2021|Insider list management
The Market Abuse Regulation (MAR) came into effect on 3rd July 2016 through the European Parliament, aimed at creating transparency in the financial markets, tackling market abuse and protecting investors in the European Union. The regulation employs a number of instruments for the prevention of market manipulation and the prohibition of insider dealing, including rules to manage the unlawful disclosure of inside information, closed periods for managers’ transactions and a process for market soundings. This article focuses on the subject of Article 18 of MAR — insider lists. We answer the most pressing questions raised by organisations wanting to understand their obligations and how to comply with the legislation.
Table of Contents
3 FAQ: Drawing Up And Managing Insider Lists
3.7 Can the confirmation that the persons on the insider list have been informed of their duties and been made aware of the sanctions be submitted using an electronic format?
3.10 When must employees of parent companies or subsidiaries of the issuer be included in the insider list?
3.11 Is it possible to substitute the information that must be included in the insider list with reference to another database such as the HR management system?
3.12 Do IT employees have to be included in the insider list simply because their administrator rights give them access to internal e-mail traffic or to the databases of the party obliged to keep the insider list?
4 FAQ: Submission Of The Insider List
5 FAQ: Permanent Insiders
Understanding the term ‘inside information’ is a prerequisite to understanding the contents of the article itself. So, this is where we start.
The definition of inside information, according to MAR is information that meets the following conditions:
Possession of inside information of a precise nature that could have a significant effect on the value of a financial instrument can create an unequal market, affecting financial stability. MAR seeks to stop individuals with access to inside information from profiting or advising others to profit from certain knowledge that hasn’t entered the public domain yet. For example, inside information can be used to make an investment decision such as the buying and disposal of shares right before a major company event is announced.
By controlled disclosure of inside information, MAR aims to create a regulated market that gives confidence to “reasonable investors” who, the regulation says, “base their investment decisions on information already available to them”.
The information might relate to an acquisition, a year-end report, an announcement of an interim financial report or anything else that proves advantageous to know in advance for an investor.
In the event of a delay of disclosure of inside information in the legitimate interests of the issuer, a written explanation must be recorded, detailing the exceptional circumstances. It must be stored in electronic format and provided to the authorities if requested.
Article 18 then requires financial institutions and bodies with financial instruments traded on regulated markets, or those acting for the issuers, to “draw up a list of all persons who have access to inside information and who are working for them under a contract of employment, or otherwise performing tasks through which they have access to inside information, such as advisers, accountants or credit rating agencies.”
This is called an insider list and it is the issuer’s or agent’s own responsibility to maintain.
Compliance with this requirement to maintain an insider list applies to issuers on regulated markets, whether they are Multilateral Trading Facilities (MTF) or Organised Trading Facilities (OTF), as well as those that have applied for admission of their financial instruments on the market.
The insider list helps organisations to formalise the practice of compiling the names of those with access to inside information of a precise nature, aids market integrity, investor protection and the economic interests of the issuer by ensuring that trading of financial instruments is carried out in a legitimate manner.
A comprehensive and up-to-date insider list, adjusted any time someone new accesses the information or when an employee ceases to have access, means that a national competent authority (NCA) can narrow down the search for unlawful transactions. It gives the issuer the chance to take reasonable steps to inform all parties with inside information of their duties and responsibilities in relation to the confidentiality of the information, as well as the sanctions for breaching the Market Abuse Regulation. The insider needs to acknowledge their responsibilities.
The European Securities and Markets Authority (ESMA) lays down a set of draft guidelines and regulatory duties in its technical standards for creating insider lists in accordance with Article 18. They apply for current issuers as well as those whose instruments are awaiting admission to the market.
Commission Implementing Regulation (EU) 2016/347 requires that you draw up an insider list in digital format when you delay public disclosure of inside information that could affect the prices of the financial instruments offered by your organisation. You should include the following information: basic information on the project, event or deal to which the information is related, including the name, date and time the information became identified as inside information. You must also note the particular circumstances that occurred that prevented you from making an immediate disclosure, as well as the names of the people with knowledge of the inside information relating to such instruments.
|By the way…
You can enter this information into a spreadsheet using an insider list template, but this requires a lot of administration to keep up to date. An online solution like InsiderLog automates this process to ease the workload and to keep the audit trail up to date and simple to share with an NCA if they request access.
Article 18 of MAR states,
“Issuers or any person acting on their behalf or on their account shall update the insider list promptly, including the date of the update.”
If you use a spreadsheet, you should add or take away members of the list as required and note down the reason for the change and the date and time it happened. Then save it as a new file in order to maintain the audit trail.
With a dedicated insider list management system like InsiderLog, you make the changes and the software timestamps the details and stores the changes to allow you to show which adjustments were made, when they were made and by whom.
A third party can act on your organisation’s behalf to update your insider list, but the issuer should maintain right of access to the list at all times.
There are three main reasons why you might need to update your insider list:
In each of these cases, you should make the updates promptly, as per the wording in Article 18.
With a spreadsheet-based insider list, you must keep multiple saved copies of the various incarnations of the insider list. Every time you make changes, for example when you add a new person, you need to keep the old copy and update the new sheet with the reasons for the changes and when they happened. In a fast-moving system, you could end up doing this many times a day. This easily becomes time-consuming and creates room for critical errors.
An online insider list portal will show you a complete list of your adjustments, as well as the details of the notes you add that detail the times, dates and reasons behind the changes.
MAR’s Article 18 requires issuers or those acting on their behalf or on account of the issuer to hold details of the insider list for a period of at least five years after the most recent update to the list. It should be available in case the NCA wishes to investigate the deal, event or project to which the list relates.
It is for the party who draws up the insider list, either the issuer or the body acting on their behalf or on their account, to inform employees that they are included on the list. They are also responsible for ensuring the list member acknowledges their inclusion and the responsibilities their inclusion brings with it. The member should be informed about the criminal sanctions that can be brought if someone is found to have unlawfully shared inside information or if they are found to have partaken in insider dealing.
If the employee does not respond, the issuer must send reminders until they receive confirmation of the above. For breaches of Article 18, an individual can face a fine of up to EUR 500,000, whereas an organisation may receive a penalty of up to EUR 1 million.
Yes, it is possible to submit this confirmation electronically, which is why an online portal can be a time-saving option. Rather than someone having to manually send out reminders and update company records to show compliance from the employee, the online option continues to send automated notifications until the employee inputs all the relevant information. Once they do so, the portal records the details and stores that within its database.
Insider lists are on an event or deal-specific basis, so you must inform employees every time they appear on one of these different lists. The company may run a permanent list, but this should be used with caution, if at all, and feature only a very few individuals who truly have access to all inside information, as strictly defined by MAR. Others, even those with access to a large amount of inside information must feature on separate event lists for each piece of information. The event-driven list for each project should feature only those who have access to the information currently, rather than those who potentially could access it.
You can only create an insider list once the information is categorised as inside information. However, you could create a Confidential List if you believe that a piece of information could become inside information in the future. This is not a legal requirement but can help in compiling the insider list promptly when the classification changes.
When employees of parent companies or subsidiaries perform duties on behalf of the issuer, under contract, that see them gain knowledge of the inside information through their profession, they must be featured on the insider list. You should make relevant provisions to inform them that they must keep the information confidential and must not use it to inform investment recommendations or decisions.
Article 18 does not specifically allow for this, but as long as the list contains all the relevant information required by law, it doesn’t matter where you sourced it. You should make sure that the insider list is always up to date and contains everything it needs to in order to be compliant with MAR. Do note however that the insider list should reflect the correct personal information at the time it’s drawn up. It should not be updated over time as the individuals’ details change.
If an IT employee gains knowledge of inside information “in the normal exercise of an employment, a profession or duties they are working on”, according to MAR, they should be included on the insider list. However, just because they could potentially access the information does not automatically mean they should be on the list. They only need to be added to the list when they become aware of it.
It is recommended that you take steps to control access to inside information within the organisation. This could include using internal controls like encrypting digital media or restricting access to electronic files and folders. You should consider a classification system to limit access to sensitive documentation and to require special handling.
The templates detailed in Annex I of Commission Implementing Regulation (EU) 2016/347 feature the information that you must collect as part of your record-keeping requirements to be compliant with MAR. If you do not collect all the necessary data, you could face sanctions from the NCA.
You must submit your insider list to the competent authority in your territory if they request access to it. Other than that, you should keep it for at least five years in case the NCA requests it at any time during that period.
You must submit the insider list to the national competent authority that requests the details of your insider list.
The permanent list, if used at all, should only feature individuals with access to absolutely all inside information. If you consider it, this is usually very few people indeed. The permanent list provides a way of avoiding having to duplicate these details on every single event-based list. However, you should be extremely cautious when compiling a permanent list.
ESMA fears that placing more than just a very few individuals on the permanent list “inflates” the list and makes it more likely to include people on an insider list for a particular event for which they should not appear. In terms of tracking down leaks of inside knowledge, this would slow down any investigation.
Just because all insiders have knowledge of one piece of inside information doesn’t mean that they all have access to all pieces of inside information. Only those who have access to all inside information by virtue of their role in the organisation can be featured on the permanent list. The others appear on the event lists dedicated to the different pieces of inside knowledge they have access to.
Article 18 of MAR is one of the key passages when it comes to compliance with the regulation. Creating and maintaining your insider lists correctly saves you from potential penalties further down the line and helps to prevent insider trading and market abuse. Because this can be a complex administrative task, using a digital platform like InsiderLog automates the workflow and simplifies your processes. It can also help you track persons discharging managerial responsibilities (PDMRs), manage and convert confidential lists, manage delayed disclosure and many other tasks.
Request a demo today to see how InsiderLog can help your organisation.