BY: ComplyLog|July 9, 2020|Insider list management
In July 2016, the EU Market Abuse Regulation (MAR) came into force, detailing specific requirements to eliminate unlawful disclosure of inside information, enhance market integrity and investor protection, and limit market manipulation.
One of the key provisions under MAR concerns the drawing up and updating of insider lists—dynamic lists of persons who have access to inside information. Insider lists must be maintained by all issuers or persons acting on their behalf within the EU. In this article, we’ll take a close look at insider lists and answer the most common questions related to them.
According to Article 18 of MAR, an insider list is:
“[a] list of all persons who have access to inside information and who are working for them under a contract of employment, or otherwise performing tasks through which they have access to inside information, such as advisers, accountants or credit rating agencies.”
The most common misconceptions about insider lists stem from the fact that there can be a permanent section and an event-driven section. The latter must be used for persons who have only temporary access to inside information. The former is optional and can be used to avoid duplicate entries by capturing details about persons who, due to the nature of their function, have access to inside information at all times. The Consultation Paper by ESMA clarifies who can be included in a permanent insider list:
“In ESMA’s view, only an extremely limited group of individuals should meet that definition, including the Chief Executive Officer, in certain specific cases, the Chief Finance Officer, Executive Assistant, Chairman of the Board, Head of Legal Department/Compliance Officer and Chief Technical Officers.”
This means that the permanent insider list if used at all, should be used with caution. Any individual that does not meet ESMA’s definition of a permanent insider will have to be included in an event-based insider list, which must be drawn up by the issuer for each piece of inside information (regardless of the use of the permanent section).
Side note: Misusing a permanent insider list, i.e. including individuals who do not have continuous access to inside information or keeping a disproportionately large permanent insider list could be a costly mistake.
Download our e-book “4 Years of MAR: Sanctions, Pitfalls & The Future” to see how one Swedish company was fined €198,981 for listing too many permanent insiders.
The goal of any company should always be to publish all price sensitive information as soon as possible (MAR Article 17). This enables investors to make fully informed decisions and reduces the risk of insider trading.
Inside information should always be disclosed as soon as possible. Delayed disclosure is allowed only if all three of the following conditions are fulfilled:
This assessment must be formalised, documented and saved in case the supervisory authority requests it later. It must record when the decision was made, the person responsible for the decision and evidence proving that all three conditions were met.
In the case of a delayed disclosure the issuer must draw up an event-based insider list, to document the existence of this specific information and who knows about it, until it is released to the public (or the inside information ceases to exist due to, e.g. failed M&A transaction). An insider list may also be needed to be drawn up, even when there is no formal delay of disclosure. In the case that the information is disclosed “as soon as possible”, there may be a delay of a few hours where it’s relevant to capture that this information exists within the issuer and who, during this short time span, has access.
The full ESMA MAR delayed disclosure guidelines are available here along with a non-exhaustive list of legitimate interests that can warrant delays.
Issuers whose financial instruments are traded on a regulated market, a multilateral trading facility (MTF) or – with effect from 3 January 2018 – on an organised trading facility (OTF), are required to prepare an insider list.
Maintaining an insider list is an obligation not just to the issuer, but also to all those who are employed by the issuer or are otherwise performing tasks which require access to inside information. This type of companies, often referred to as advisors and consultants, are personally responsible for the obligation to draw up, update and provide their insider list to the National Competent Authority (NCA) upon request.
It’s important to note that the issuer takes full responsibility for complying with all provisions specified by MAR. This responsibility cannot be transferred to a third-party even when it is tasked with drawing up and updating the insider list.
The insider list must precisely identify the specific persons with access to inside information, as well as the precise piece(s) of information they are able to access. When multiple pieces of inside information exist within the organisation, there must be a separate event-based insider list for each piece of information — so that it is possible to identify which individuals have access to what information.
The insider list must be drawn up and stored in a specific digital format predefined by ESMA. If the NCA requests this list and it does not comply with all requirements, sanctions may be imposed. You can find more details about the format as well as insider list templates in the next section of this article.
That being said, here’s how to draw up and maintain an insider list.
All persons included in an insider list are asked to confirm that they are familiarised with their rights and obligations as members of the list. Article 18 states it clearly: “Issuers or any person acting on their behalf or on their account, shall take all reasonable steps to ensure that any person on the insider list acknowledges in writing the legal and regulatory duties entailed and is aware of the sanctions applicable to insider dealing and unlawful disclosure of inside information.”
According to the Swedish national regulator, FI, the notification process makes the person aware that the information they have access to is considered inside information by the issuer. This may, in turn, reduce the risk of insider trading. However, it’s important to note that the obligations that stem from having access to inside information do not start when the person receives the notification, they start the moment the person gains access to this information.
In theory, notification of insiders may sound like a simple process but, in reality, it’s often anything but straightforward. Many times, individuals will not provide a full list of their details or will simply ignore the insider notification. As an issuer, you are obliged to do everything in your power to ensure that insiders understand and accept their obligations. This means that you must send reminders continually, for as long as it is necessary. Another case where subsequent notifications may be required is when the person is added to a different insider list pertaining to a separate piece of inside information.
The issuer always takes full responsibility for notifying all insiders of their legal obligations in due time and as soon as possible.
The Commission Implementing Regulation (EU) 2016/347 of 10 March 2016 specifies the exact technical standard that must be followed to meet all requirements for an insider list. When submitting the insider list to the competent authority, issuers, EAMPs and auction entities are required to follow this format.
The information must be stored on a digital medium. The exact electronic means to be used are detailed on the websites of the National Competent Authorities.
The regulation details three distinct templates. You can download all of them as Excel files below.
Download insider list templates – Excel
|Alternative To Spreadsheets
While the above templates may be somewhat helpful, they may also create a number of compliance risks:
To solve these and many other issues, we created InsiderLog. With InsiderLog you create and maintain an updated digital insider list online, saving considerable time and ensuring compliance.
The date must be indicated in accordance with ISO 8601. The date format to be used is YYYY-MM-DD and the time format is hh:mm.
Example: 8 July 2020 at 2:20 p.m. shall be formatted as 2020-07-08 14:20
You can use any piece of software that is able to draw up the list in the required format and make regular updates to it. There is also the option to use dedicated insider list management software such as InsiderLog.
Failure to maintain and provide an insider list upon request can result in fines of up to €1 million.
The main objective of the Market Abuse Regulation (MAR) is to enhance market integrity. One of the ways to achieve this is to enable better tracking of access to inside information, hence the requirement to maintain an insider list. In addition to new obligations, sanctions and penalties have also increased under MAR.
Failing to draw up an insider list as soon as possible, failing to update it in due time, keeping a disproportionately large permanent insider list—these are just a few of the offences that could result in financial, administrative and, in some cases, criminal sanctions. We hope this article has provided a clear overview of insider lists and is helpful on your way to staying compliant with MAR.