Insider lists: Q&A for Company Secretaries | EQS Group

Insider lists: Q&A for Company Secretaries | EQS Group News Banner for product updates, new resources & more goes here. Link Compliance & Ethics Data Privacy Sustainability Management Investor Relations Company Support Login EN Book a Demo Support Login EN Book a Demo Please choose your language: English

Visit us in:
Barcelona, Copenhagen, Hamburg, Hong Kong, Kochi, London, Madrid, Milan, Munich, New York, Paris, Vienna, Zurich

Show locations EQS Cockpit Whistleblowing Insider Management Policy manager Investor Targeting Disclosure Webcast Career  Request a demo Ready to find out how EQS can make your regulatory workflows 10x more efficient? Schedule a zero-pressure demo to see how we can support your organization operationalize compliance, data privacy, sustainability management and investor relations. Meet with an expert who will listen to your specific business needs See our solutions in action, customized for you  We are here for you Want to know more about our suite of solutions? Wondering if they are right for your specific business needs? Have feedback? Our global sales team is ready to answer all your questions and clear away those niggling doubts.

Looking for your next career opportunity?

Join us and make a difference   We are here for you Want to know more about our suite of solutions? Wondering if they are right for your specific business needs? Have feedback? Our global sales team is ready to answer all your questions and clear away those niggling doubts.

Looking for your next career opportunity?

Join us and make a difference   Request a demo Ready to find out how EQS can make your workflows 10x more efficient? Schedule a zero-pressure demo to see how we can support your organization operationalize sustainability management. Meet with an expert who will listen to your specific business needs See our solutions in action, customized for you Compliance & Ethics Solutions by objective Policy & Procedure ManagementDisclosure managementThird-party risk managementAnti-bribery & anti-corruption complianceWhistleblowing & case managementCompliance awareness Convercent by onetrust Support Platform All your compliance needs. One platformWhistleblowing Secure channels. Complete protection Policies Smart governance. Zero confusion Approvals Quick decisions. Total clarity Insights Advanced analytics. Complete visibility Third Parties Due diligence. Safer partnerships AI at EQS  White Paper Case Study Webinar Event Article Why Whistleblowing Matters FREE White Paper: Building Systems that Actually Work Resources by type Case Studies Webinars White Papers Articles Events Updates  Service Data Privacy Solutions by objective Privacy automation Platform Protect data. Build trust.GDPR Compliance Seamless protection. Peace of mind. AI Compliance Ethical innovation. Future-ready.Privacy Risk Management One risk view. Zero blind spots. E-learning Knowledge that sticks. Teams that deliver. AI at EQS  White Paper Case Study Webinar Event Article EU AI Act: Your free mini guide + checklist Download our free EU AI Act mini guide with a 15-step checklist for AI compliance. Essential for DPOs, compliance, legal, and IT teams. Resources by type Case Studies Webinars White Papers Articles Events P Sustainability Management Solutions by objective Sustainability reporting Platform All use cases on one platform. The sustainability cockpit.CSRD Collect data across your organization. Compliant reporting.CO2 Footprint Calculate your CO2 footprint. Reduce emissions. Double Materiality Understand relevant sustainability topics. Take action. VSME Report and share essential ESG data. Taxonomy Measure taxonomy-alignment. Become more sustainable. CO₂ Targets Set science-based climate targets. Plan and achieve reductions. Product Carbon Footprint Analyze emissions per product. Optimize your portfolio sustainably. AI at EQS  White Paper Case Study Webinar Event Article Navigating sustainability reporting after the EU Omnibus Proposal The rules are evolving – this guide helps you stay on track. Resources by type Case Studies Webinars White Papers Articles Events Investor Relations Solutions by objective Webcasts / AGM / IR Websites & Tools ESEF / XML filing & LEI Platform Smarter IR. Stronger engagement.Insider Management Secure control. Total compliance. Disclosure Global filing. Zero stress. Newswire Maximum reach. Instant impact. CRM / Mailing Smart targeting. Deeper connections. Investor Targeting Right investors. Real results.  White Paper Case Study Webinar Event Article Best Practices for IR Websites Best Practices and Leveraging Digital Tools Resources by type Case Studies Webinars White Papers Articles Events About us About our company Who we are and why you should trust us About EQS Why EQSCareers Back to overview Insider lists: Q&A for Company Secretaries

We answer frequently asked questions around dealing with insider lists and MAR-requirements.

by Adam Kulesza  | Updated: 16.03.2022 |  5 min As a provider of MAR-compliance services, we are in constant conversations with company secretaries and compliance professionals and, as such, many questions come up. Some, I’m sure you’ll be more familiar with and others perhaps not.

At a glance During this period where most people are working from home and it’s perhaps not a simple as just turning to a colleague if you’re not sure about something, we thought it would be useful to compile them all in one place.

Permanent insiders  Why can’t all my insiders be permanent insiders? They can, but as article 19 of the Market Abuse Regulation states, only if they have access to ALL inside information, ALL of the time. Have a think about whether this is true for everyone on your permanent list. While some issuers have decided to have no permanent insiders based on this definition, others have gone for perhaps a more pragmatic approach whereby they designate a few core individuals to be permanent insiders. You may find my blog on the subject helpful: What are permanent insiders and do they really exist?

The FCA also published some updated guidance last year in their Market Watch newsletter 58 (bottom of page 5).

 All insiders have daily access to daily trading/sales information, should they all be permanent insiders? This situation has been raised a couple of times and the confusion is around the fact that ALL insiders have permanent access to ONE piece of inside information, not ALL inside information. Therefore, a ‘permanent’ project is most likely the best solution, where project insiders can be added/removed as and when required but they are not classed as permanent insiders as they do not have access to all inside information at all times. You may find my blog on the subject helpful: What are permanent insiders and do they really exist? 

Insider lists versus confidential lists  What are confidential lists and how are they used? A confidential list is effectively a ‘holding pen’. Their primary use is for projects that would not be deemed to impact on the share price if the information was made public, but where this could become the case if the situation changed. Members of the list are made aware that the information is confidential and that they should consider who they discuss the project with. Should the information become inside information, the idea is that the list if already set up for you to go through the relevant MAR process with each individual, such as making them aware that they are an insider and receiving their date and time stamped confirmation. You may find my blog on the same subject helpful: All you need to know about confidential lists

 Can you use confidential lists instead of insider lists? No, confidential lists are not part of MAR and do not constitute an insider list in any way.

 Is it possible to never have insider lists, only confidential? This depends on the company. If you are not an acquisitive company whose results are consistently in line with expectations then it’s possible, however, some issuers treat any information around results as inside information. There is also the question of disclosure. If the issuer is able to disclose all information immediately then they won’t have any inside information. In practice for situations such as M&A transactions, this is unlikely to be possible due to ongoing negotiations

Manual insider list management  What’s wrong with managing my lists in Excel? In theory nothing, but if you want peace of mind that you are always MAR compliant, you may want to invest in software to help you manage your lists. If you have minimal activity and a small number of insiders, then, logistically, it’s probably feasible to manage your lists manually. However, if you have a larger number of insiders and more than a couple of projects a year – managing project lists, seeking confirmations from insiders and following up with those who have not – it becomes cumbersome and you risk becoming non-compliant with MAR. Some administrators have become increasingly reliant on capturing larger numbers of insiders on the permanent list to reduce the number of projects to manage – this is not appropriate use of permanent lists (see the FCA’s Market Watch newsletter 58 (bottom of page 5)).

MAR also states that you must create a new version of your list after every change – version control can become tricky when using Excel. Ask yourself if you’ve ever clicked ‘save’ instead of ‘save as’. If you have then you’re currently non-compliant. You may find our blog helpful: Why insider lists in Excel put your company at risk

 Can I save every new entry in the same spreadsheet with its own time and date stamp? In theory yes, this could work, but ask yourself if it’s really a robust way to ensure compliance and what would you do if you had a request from the regulator for a list as of a certain date? MAR states that insider lists should at all times ensure, “the access to and the retrieval of previous versions of the insider list”. Is this possible when saving new entries in the same version? Before sending the list to the regulator you’d have to re-format it, creating extra work.

External insiders  Do I need to manage my advisors’ insider lists? Article 18, paragraph 1 (a) of MAR states that,
“1. Issuers or any person acting on their behalf or on their account, shall:
(a) draw up a list of all persons who have access to inside information and who are working for them under a contract of employment, or otherwise performing tasks through which they have access to inside information, such as advisers, accountants or credit rating agencies (insider list);”

The responsibility of maintaining an insider list lies with, “the issuer or any person acting on their behalf or on their account”. It is generally recognised that best practice is to record one individual from a 3rd party on your own list and the 3rd party should be keeping their own list for projects they’re involved in. It is advisable that you ask for periodic confirmation that the 3rd party is keeping an up-to-date insider list in relation to your projects.

 What information do I need to include on our insider list for external insiders (e.g. advisors)? And what can I do if they refuse to provide the information? This is a question I get asked quite a lot, and different organisations approach it in different ways. In the case of external advisers who understand the requirements of MAR, it is generally considered best/good/acceptable practice to only include a key contact person from that firm on the company’s own insider list and delegate responsibility to the firm to maintain its own insider list in compliance with MAR and agree to provide it to the company or directly to the regulator upon request. You should periodically get confirmation that they are keeping their own lists.

In terms of how much personal information is collected, I think it comes down to a judgement call between MAR and GDPR. The key question is why you’re including that person on the insider list. If that person is only included as the key contact person for an adviser which is maintaining its own separate list of insiders, I think you could argue that the only personal data you need to hold is data that helps identify them at their place of work – name, company name, work address, work email and work telephone number. Their company’s insider list will include their full personal details.
If an external insider refuses to provide the MAR-required information, then they will need to respond to the regulator directly for any requests for insider lists.

You can see ESMA’s guidance on this point in their Consultation paper published in October 2019, paragraphs 187-189.

GDPR  Article 28 of MAR states that, “Issuers…shall retain the insider list for a period of at least five years after it is drawn up or updated. “However, it also states, “Personal data shall be retained for a maximum period of five years.” What should I to do? Article 28 is intended to deal only with ESMA and competent authorities, rather than issuers. This is reinforced in ESMA’s Final Report of Feb 2015 around protection of personal data – para 160 (page 106) states:

“Furthermore, with respect to the data retention period, it should be noted that the Article 28 of MAR on data protection states that “personal data shall be retained for a maximum period of five years”. This 5-year period is also in line with the duration of the other record keeping requirements established under the MAR: in Articles 11(8) on market soundings and 18(5) on insider lists. Therefore ESMA considers that personal data relating to a report made under Article 32 should be kept by the competent authority in accordance with Article 28 of MAR and for the period necessary for the performance of its tasks.”

MAR-required data  What should insiders enter for National Identification Number in the UK? There are differing views on this. MAR states that all personal information should be recorded, “if applicable”. Some issuers argue that national identification number is not applicable as we don’t have one in the UK. Others use their NI number and some use a passport number. There is also the view that it should be left blank as using any other information would be providing false information.

 What if insiders don’t have all the MAR-required data – i.e. National Identification Number, professional mobile number, birth surname – can they leave it blank? This is another topic for debate. As mentioned above, MAR states that personal information should be recorded, “if applicable”. This appears to leave the door open for some information to be left out as it is deemed not applicable. For example, in the UK, most men won’t have a different birth surname and some people won’t have both a personal and professional mobile number. Whether you leave these fields blank or duplicate the information from your surname and personal mobile fields respectively, is a decision for the issuer.

Closed periods  Does the announcement of the interim or year-end financial results determine the timing of the closed period referred to in Article 19(11) of Regulation (EU) No 596/2014 (MAR)? Yes, the close period is typically regarded as the one-month period preceding the release of a company’s quarterly results, and the two-month period before the release of its annual results. Refer to your company’s terms on this matter as some companies voluntarily extend the closed period.

 At what point does financial information relating to results become inside information or not? I.e. is it from the start of the accounting process or not until the end, when they know the whole picture? As the FCA states there is not always a right or wrong answer here. It is a ‘state of mind’ and issuers need to be able to demonstrate their decision-making processes. As you’ll be aware, the definition of inside information is:

information of a precise nature, that:

has not been made public; relates, directly or indirectly, to one or more issuers or to one or more financial instruments; and if it were made public, would be likely to have a significant effect on the prices of those financial instruments or on the price of related derivative financial instruments (that is, it is information that a reasonable investor would be likely to use as part of the basis of their investment decisions).  

Therefore, the point at which the information becomes inside is the moment it meets the above criteria. In the case of full year results, for example, as soon as it becomes clear that they are not in line with expectations, it would become inside information. It’s therefore important that companies have governance structures in place to be able manage this decision-making process. For example, some companies have a disclosure committee.

General MAR questions  If I request confirmation from insiders and they don’t provide it, who is responsible? MAR states that, “Issuers or any person acting on their behalf or on their account, shall take all reasonable steps to ensure that any person on the insider list acknowledges in writing the legal and regulatory duties entailed”. If, therefore, you have a strong audit trial that shows your communication with insiders and you can show that you’ve requested the information on a number of occasions, then the regulator would most likely take it up with the insider, assuming they are satisfied that the issuer has taken all reasonable steps.

 What if the information goes public and I forgot to create a project? This would put you in breach of MAR and at risk of sanctions by the regulator. If you find yourself in this situation, it would be advisable to create a project straight away, informing all insiders as you normally would. It would also be prudent to inform the regulator of the situation so they are aware and you can both act accordingly.

 Do investment firms need to keep insider lists? If they are invested in listed entities then yes. A primary example would be in a market sounding (article 11 of the Market Abuse Regulation) where someone has crossed the wall and now has access to inside information relating to an investee company.

I hope you found this useful. If you have any other questions that have not been answered here, please send them to me at adam.kulesza@eqs.com and we’ll add them to the blog.

The complete guide to policy management How to effectively create, implement and communicate compliance policies and measure the success of your policy program – for everyone who is responsible for Compliance policies in their organization

Download now Adam Kulesza Business Development Manager – EQS Group | Adam is working as Business Development Manager in our London office.

Contact ESG, Legislation 3 min Sustainability reporting for companies with more than 1,000 employees – strategies for preparing for the potential CSRD delay  Legislation 3 min Understanding the Foreign Corrupt Practices Act (FCPA) Legislation The Sarbanes-Oxley Act (SOX) in Ireland: Ensuring Compliance and Enhancing Corporate Governance This article explores the implications of SOX in Ireland, highlighting its importance in ensuring compliance and enhancing corporate governance. l X f I y PlatformCompliance & Ethics Integrity Line Policies Approvals Sustainability IR COCKPIT Insider Manager EQS Privacy COCKPIT EQS Support Center ServicesESEF / XML filing & LEI Investor Relations Services Blog, White Papers & EventsResource Center Investor Relations Knowledge Newsletter EQS GroupAbout EQS Group Careers at EQS Group Information Security Report a vulnerability Sustainability Locations Corporate Governance Investors Press News Contacts Contact Support © EQS Group GmbH Legal Notice Data Protection Trust Center Cookie Policy Terms and Conditions Ethics Line Manage cookie preferences COCKPIT Login