Newsletter on changes in advisory firms’ insider lists.
December 2022
About this edition
In this edition we share our observations about changes in advisory firms’ insider lists since the publication of Market Watch 60[1]. We also remind firms of the requirement within UK Market Abuse Regulation (MAR)[2] to include personal information in insider lists, and reiterate the importance of firms maintaining accurate insider lists and strictly limiting access to inside information to employees who require access to perform their role in order to prevent market abuse. Smaller permanent insider lists are desirable for firms and help ensure the security and integrity of firms’ approach to managing their market abuse risk.
Steps taken by firms to reduce the number of permanent insiders
Since Market Watch 60[1] we have seen considerable reductions in the numbers of permanent insiders at several advisory firms, as well as enhanced monitoring of access to inside information.
Whilst there can be no single ‘correct’ number of permanent insiders, we have observed that, even at the largest advisory firms, the typical number has reduced to between 250 and 450. Some firms have limited access to even fewer staff, and we continue to observe a downward trend. Firms must continue to use insider lists to record when they have granted access to relevant inside information to staff who require that access, but they must also ensure that persons without a specific business need to access the inside information are prevented from doing so.
Methods by which firms have reduced access include:
- Introducing registers of events and/or product specific ‘permanent insiders’. We note that if persons only need access to specific inside information, they should be on the specific lists for that inside information rather than permanent insider lists.
- Top to bottom, periodic reviews of the roles of all permanent insiders, to ensure that each one requires access to systems containing inside information in order to perform their role.
- Comparing records of electronic access to files containing inside information with insider lists, and using these comparisons to determine whether those who did not access the information can have access withdrawn without detriment to the firm.
- Reviews of access to pipeline data, and whether those accessing data require access only to anonymised high-level information (like forecasting), rather than details of transactions which may include names of issuers and descriptions of transactions.
- Consideration of the necessity of non-deal team employees in particular functions, as well as multiple jurisdictions, having access to inside information. We recognise the need of functions such as the Control Room to have 24-hour global access, but firms’ reviews have led to sizeable reductions in numbers of insiders in other functions. Examples are presentation staff, or Debt Issuance staff where an equity M&A transaction does not require them to have access.
We consider that the ongoing reduction in the numbers of people able to access inside information reduces the opportunities for unlawful disclosure of that information, and therefore enhances the integrity of UK markets. We have also received comments that by reducing their number of insiders firms have found the burden of maintaining insider lists is reduced.
Article 18 of UK MAR and personal information
Insider lists are used by us when investigating possible market abuse, as well by firms to maintain records of who has access to inside information.
Recently we have received insider lists in response to regulatory requests which do not contain personal information, other than names. We have noticed the absence of telephone numbers, dates of birth, and national identification numbers. We need this information to eliminate people from our enquiries by cross referencing the information with MiFIR transaction reports, MAR suspicious transaction and order reports and other information sources. Firms not providing all of the information specified in the relevant articles and standards may hinder our reviews of potentially suspicious trading. Principle 11 requires firms to deal with the regulator in an open and cooperative way.
We remind firms that insider lists must be in the format and include the information set out in the UK version of Implementing Regulation (EU) 2016/347 (i.e. as incorporated into UK law under the European Union (Withdrawal) Act 2018 and amended under that Act- ’the Technical Standards[3]‘)These Technical Standards are legally binding.
Template 1 of Annex 1 to the Technical Standards
Market Watch 71: Template 1 of Annex 1 to the Technical Standards
Template 2 of Annex 1 to the Technical Standards
Market Watch 71: Template 2 of Annex 1 of the Technical Standards
Firms should note that we have not made the changes which the EU has made to its Technical Standards for insider lists for SME Growth Market issuers. Firms should provide insider lists to us as required by the UK Technical Standard above.
We have received questions in particular about:
- the inclusion of national identifiers, for UK nationals
- personal telephone numbers
- contractors
- local data protection laws
- the burden of work
National identifiers
For natural persons on insider lists, the national identification number column, to ensure consistency with the national identifiers used in MiFIR transaction reports and STORs to support our market abuse enquiries, should contain the relevant national identifier for that individual, defined and designated in accordance with the requirements in Article 6 of RTS 22[4].
Firms are reminded that the first priority national identifier for UK nationals is the national insurance number. The full suite of national identifiers can be found in Annex II to RTS 22.
Personal telephone numbers
Firms are remined that, in accordance with the template in the Annex to the Technical Standards, personal telephone numbers must be included in insider lists.
Contractors
We have also seen insider lists which contained no personal details for contractors. Article 18(1) of UK MAR sets the requirement to maintain insider lists for 'Issuers and any person acting on their behalf or on their account'.
We expect issuers to have arrangements in place to ensure that firms contracting to them provide personal data in response to regulatory requests. We also expect advisory firms to have in place similar arrangements with external parties with which they contract and to which they provide access to inside information. If a person does not agree to provide personal details, firms should consider whether that person should be given access to files containing inside information.
Data protection
UK MAR does not provide an exemption for the provision of personal data in relation to the location of people identified on insider lists and data protection laws in those locations. Firms must consider what arrangements they can put in place to meet their obligations under UK MAR, as well as the appropriateness of providing access to inside information to persons who cannot provide the personal data required to enable the firm to meet UK MAR obligations.
We have been informed by a small number of firms that where a person overseas has refused to provide the personal data required by UK MAR, those firms have withdrawn access to inside information.
Burden of work
In order to reduce the burden of work and to mitigate possible risks to data protection, firms should note that they may store insider lists and personal data separately, and add the personal data to the template when insider lists are requested by the FCA. However, we expect issuers and persons acting on their behalf or account to respond to our requests for insider lists promptly. For example, within two days.