On July 3rd 2016 the new EU Market Abuse Regulation (MAR) came into force, effectively replacing the former EU Market Abuse Directive to provide more clarity and guidance around many of the procedural requirements of the regulation.
The new regulation aims to boost market integrity and investor protection by prohibiting the disclosure of inside information that would likely have an effect on financial instruments. One of the important procedural changes outlined in MAR is for organizations to identify, record and retain insider lists, that they need to produce upon request. For more informations about this read our article about corporate record retention.
Here we will take a closer look at what the MAR insider lists provision entails and what it means for General Counsel.
MAR and insider lists
While the act of keeping track of people who have access to a company’s inside information before it is published is well established, MAR requires companies or any person acting on their behalf or account to:
- Prepare a list of all those with access to inside information, including both employees and anyone performing tasks that may have access to inside information, like advisers, accountants, legal advisers, etc…
- Keep the insider list updated (for example, when an additional person accesses the inside information, or a person ceases to have such access), stating the date and time when the change triggering the update occurred
- Provide the insider list to the competent authority on request as soon as possible.
In addition, companies must take all reasonable steps to ensure that people with access to inside information (‘insiders’) acknowledge their duties in this regard in writing and are aware of the sanctions applicable to insider dealing and unlawful disclosure of inside information.
It’s also important to not that the company remains fully responsible for complying with the regulation and must always retain access to the insider list, even if a person acting on behalf of the company, like an advisor, assumes the task of maintaining the insider list.
What must my insider list contain?
According to MAR, the minimum content requirements for your insider list are:
- the identity of any person with access to inside information;
- the reason why the person is on the insider list;
- the date and time that person gained access to inside information; and
- the date the list was drawn up.
Furthermore, insider lists must be prepared on a deal-specific/event-specific basis. Lists can be divided into sections that outline the individuals who have access to each specific piece of inside information. Companies can also maintain a supplemental list of “permanent insiders” who, due to their role, always have access to all inside information.
Finally, all lists must be maintained in electronic format (in accordance with templates in Annex 1 found here) to ensure:
- the confidentiality of the information;
- its accuracy; and
- access to, and retrieval of, previous versions of the insider list.
When do I need to update my insider lists?
Insider lists always need to be up-to-date. According to MAR, companies need to promptly update information in the following circumstances:
- where there is a change in the reason for including a person already on the insider list;
- where there is a new person who has access to inside information and needs, therefore, to be added to the insider list; and
- where a person ceases to have access to inside information.
Each update must state the date and time when the change occurred. A great way to keep on top of all of these changes is to use legal software that tracks insiders on each deal or activity, and records when they become insiders.
Also, all insider lists must be kept for at least five years from when it was drawn up or last updated.
How do I get started?
In order to comply with MAR, companies need to develop a system for identifying, recording and retaining electronic insider lists. However, it can be difficult and time-consuming for General Counsel to get the job done if information is scattered across various documents, emails and software.
Legisway provides comprehensive solutions to ensure your compliance with the new regulation across your case, contract and entity management activities. With Legisway, legal teams can:
- record the date, time and reason insiders obtain access to information
- compile insider lists and permanent insiders, including the required personal information such as date of birth, national identification number, and contact information
- identify project-specific insiders who possess knowledge due to their involvement in a specific project
Start working the right way today so don't get left behind in your compliance journey!