In July 2016, the EU Market Abuse Regulation (MAR) came into force, detailing specific requirements to eliminate unlawful disclosure of inside information, enhance market integrity and investor protection, and limit market manipulation.
One of the key provisions under MAR concerns the drawing up and updating of insider lists—dynamic lists of persons who have access to inside information. Insider lists must be maintained by all issuers or persons acting on their behalf within the EU. In this article, we’ll take a close look at insider lists and answer the most common questions related to them.
1. What is an insider list?
According to Article 18 of MAR, an insider list is:
“[a] list of all persons who have access to inside information and who are working for them under a contract of employment, or otherwise performing tasks through which they have access to inside information, such as advisers, accountants or credit rating agencies.”
The most common misconceptions about insider lists stem from the fact that there can be a permanent section and an event-driven section. The latter must be used for persons who have only temporary access to inside information. The former is optional and can be used to avoid duplicate entries by capturing details about persons who, due to the nature of their function, have access to inside information at all times. The Consultation Paper by ESMA clarifies who can be included in a permanent insider list:
“In ESMA’s view, only an extremely limited group of individuals should meet that definition, including the Chief Executive Officer, in certain specific cases, the Chief Finance Officer, Executive Assistant, Chairman of the Board, Head of Legal Department/Compliance Officer and Chief Technical Officers.”
This means that the permanent insider list if used at all, should be used with caution. Any individual that does not meet ESMA’s definition of a permanent insider will have to be included in an event-based insider list, which must be drawn up by the issuer for each piece of inside information (regardless of the use of the permanent section).
Side note: Misusing a permanent insider list, i.e. including individuals who do not have continuous access to inside information or keeping a disproportionately large permanent insider list could be a costly mistake.
1.1 When should the insider list be drawn up?
The goal of any company should always be to publish all price sensitive information as soon as possible (MAR Article 17). This enables investors to make fully informed decisions and reduces the risk of insider trading.
Inside information should always be disclosed as soon as possible. Delayed disclosure is allowed only if all three of the following conditions are fulfilled:
1. Immediate disclosure is likely to prejudice the legitimate interests of the issuer. For example, the issuer is in the middle of negotiations that may be jeopardised if the information is made public, e.g. mergers, acquisitions, splits and spin-offs, purchases or disposals of major assets or branches of corporate activity, restructurings and reorganisations, and filing a patent application for a new invention.2. Delayed disclosure is not likely to mislead the public. Generally speaking, inside information cannot be withheld if it contradicts market expectations created by interviews, previous announcements and other types of public communication.
3. You are able to ensure the confidentiality of the information. Delayed disclosure is possible when the information is kept within a small group of people who are all subject to confidentiality obligations. If the inside information is available to a large group of people by default, e.g. a significant lay-off, this condition is especially difficult to ensure.
This assessment must be formalised, documented and saved in case the supervisory authority requests it later. It must record when the decision was made, the person responsible for the decision and evidence proving that all three conditions were met.
In the case of a delayed disclosure the issuer must draw up an event-based insider list, to document the existence of this specific information and who knows about it, until it is released to the public (or the inside information ceases to exist due to, e.g. failed M&A transaction). An insider list may also be needed to be drawn up, even when there is no formal delay of disclosure. In the case that the information is disclosed “as soon as possible”, there may be a delay of a few hours where it’s relevant to capture that this information exists within the issuer and who, during this short time span, has access.
The full ESMA MAR delayed disclosure guidelines are available along with a non-exhaustive list of legitimate interests that can warrant delays.
1.2 Who is obliged to draw up an insider list?
Issuers whose financial instruments are traded on a regulated market, a multilateral trading facility (MTF) or – with effect from 3 January 2018 – on an organised trading facility (OTF), are required to prepare an insider list.
Maintaining an insider list is an obligation not just to the issuer, but also to all those who are employed by the issuer or are otherwise performing tasks which require access to inside information. This type of companies, often referred to as advisors and consultants, are personally responsible for the obligation to draw up, update and provide their insider list to the National Competent Authority (NCA) upon request.
It’s important to note that the issuer takes full responsibility for complying with all provisions specified by the Market Abuse Regulaiton. This responsibility cannot be transferred to a third-party even when it is tasked with drawing up and updating the insider list.
1.3 Who and what should be included on an insider list?
The insider list must precisely identify the specific persons with access to inside information, as well as the precise piece(s) of information they are able to access. When multiple pieces of inside information exist within the organisation, there must be a separate event-based insider list for each piece of information — so that it is possible to identify which individuals have access to what information.
1.4 How to draw up and update an insider list?
The insider list must be drawn up and stored in a specific digital format predefined by European Securities and Markets Authority. If the NCA requests this list and it does not comply with all requirements, sanctions may be imposed. You can find more details about the format as well as insider list templates in the next section of this article.
That being said, here’s how to draw up and maintain an insider list.
1. Basic information. Specify the name of the deal or event related to the inside information. Document the time and date when this information was identified as inside information (i.e. the time when this insider list is created).2. Decision to delay disclosure. If you are creating this insider list to document a delay in disclosure, be sure to note this by specifying how you comply with the three criteria specified above, who is formally responsible for this decision and what is your expected date and time of disclosure to the public.
3. List all persons with access to inside information. Once you have set up the necessary documentation relating to the insider list, it’s time to include all insiders associated with that specific project. This is usually an ongoing process. If you have a permanent insider list, persons included in it should not be added to the event-based list as they are, by definition, considered to have access to this information (formally from the date and time documented under a)).
4. Notify insiders. All persons who have been included in an insider list must be notified in due time and confirm that they understand and accept the related obligations.
5. Maintain the insider list by updating it regularly. Prompt updating of the list is of utmost importance in order to document who has (had) access to inside information and when. For example, an update is required when the reason for including the person on the list is changed, a new individual has to be added due to gaining access to inside information, or an individual ceases to have access to inside information.
6. Document update triggers. Modifying the insider list means that there was a change or an event which triggered it. State the date and time of this trigger when updating the insider list. For example, a trigger could be giving a person access to a specific type of information due to starting a new project.
7. Provide the insider list upon request. Issuers are required to provide their insider list(s) to the NCA upon request, as soon as possible.
8. Closing the insider list. When the information is disclosed to the public or if it ceases to exist (e.g. due to a cancelled project), it’s time to “close” the insider list. If you are closing the list because of a public announcement, you have to compile an email per Article 17 and send it directly to the NCA.
9. Store the insider list. MAR obliges organisations to keep insider lists for at least five years after they were drawn up or updated in case there is a need for an investigation.
2. Notification of insiders
All persons included in an insider list are asked to confirm that they are familiarised with their rights and obligations as members of the list. Article 18 states it clearly: “Issuers or any person acting on their behalf or on their account, shall take all reasonable steps to ensure that any person on the insider list acknowledges in writing the legal and regulatory duties entailed and is aware of the sanctions applicable to insider dealing and unlawful disclosure of inside information.”
According to the Swedish national regulator, Finaninspektionen, the notification process makes the person aware that the information they have access to is considered inside information by the issuer. This may, in turn, reduce the risk of insider trading. However, it’s important to note that the obligations that stem from having access to inside information do not start when the person receives the notification, they start the moment the person gains access to this information.
In theory, notification of insiders may sound like a simple process but, in reality, it’s often anything but straightforward. Many times, individuals will not provide a full list of their details or will simply ignore the insider notification. As an issuer, you are obliged to do everything in your power to ensure that insiders understand and accept their obligations. This means that you must send reminders continually, for as long as it is necessary. Another case where subsequent notifications may be required is when the person is added to a different insider list pertaining to a separate piece of inside information.
The issuer always takes full responsibility for notifying all insiders of their legal obligations in due time and as soon as possible.
3. Insider list template
The Commission Implementing Regulation (EU) 2016/347 of 10 March 2016 specifies the exact technical standard that must be followed to meet all requirements for an insider list. When submitting the insider list to the competent authority, issuers, EAMPs and auction entities are required to follow this format.
The information must be stored on a digital medium. The exact electronic means to be used are detailed on the websites of the National Competent Authorities.
The regulation details three distinct templates. You can download all of them as Excel files below.
Download insider list templates – Excel
3.1 Alternative to spreadsheets
While the above templates may be somewhat helpful, they may also create a number of compliance risks:
- High chance of human error due to manual data entry
- Multiple versions of the spreadsheet need to be kept as an audit trail
- Timestamps must be added manually in the format specified by ESMA
- Insiders must be notified manually — initially and whenever a follow-up is required
To solve these and many other issues, we created InsiderLog. With InsiderLog you create and maintain an updated digital insider list online, saving considerable time and ensuring compliance.
4.FAQs
4.1 How must the date and time be formatted in an insider list?
The date must be indicated in accordance with ISO 8601. The date format to be used is YYYY-MM-DD and the time format is hh:mm.
Example: 8 July 2020 at 2:20 p.m. shall be formatted as 2020-07-08 14:20
4.2 How shall an issuer manage an insider list?
You can use any piece of software that is able to draw up the list in the required format and make regular updates to it. There is also the option to use dedicated insider list management software such as InsiderLog.
4.3 What if you can’t provide an insider list to financial authorities?
Failure to maintain and provide an insider list upon request can result in fines of up to €1 million.
5. Conclusion
The main objective of the Market Abuse Regulation (MAR) is to enhance market integrity. One of the ways to achieve this is to enable better tracking of access to inside information, hence the requirement to maintain an insider list. In addition to new obligations, sanctions and penalties have also increased under MAR.
Failing to draw up an insider list as soon as possible, failing to update it in due time, keeping a disproportionately large permanent insider list—these are just a few of the offences that could result in financial, administrative and, in some cases, criminal sanctions. We hope this article has provided a clear overview of insider lists and is helpful on your way to staying compliant with the Market Abuse Regulation.
6. References & Further Reading
Share this post
Article Summary
- 1. What is an insider list?
- 1.1 When should the insider list be drawn up?
- 1.2 Who is obliged to draw up an insider list?
- 1.3 Who and what should be included on an insider list?
- 1.4 How to draw up and update an insider list?
- 2. Notification of insiders
- 3. Insider list template
- 3.1 Alternative to spreadsheets
- 4. FAQs
- 5. Conclusion
- 6. References & Further Reading