The FCA has published Market Watch 71, which provides some detailed advice on the regulator’s expectations for advisory firms’ insider lists in the UK.

The Market Abuse Regulation (MAR) is in place to thwart market manipulation in all its forms, including insider dealing and the improper disclosure of inside information. An insider list is intended to gather all individuals who have access to information that is not public, but that would likely affect the price of the financial instrument in question if it was made public. An insider list covers employees as well as parties privy to this information because they are acting in an advisory capacity (MAR specifically lists advisers, accountants or credit rating agencies).

Over the last three years the FCA has seen “considerable reductions” of permanent insiders at advisory firms and is observing a continuing downward trend in their number. The FCA acknowledges that there “can be no single ‘correct’ number of permanent insiders”, but points out that even at the largest advisory firms the “typical number has reduced to between 250  and 450.”

Scrutinise lists

The FCA’s expectation here is that firms will closely scrutinise their insider lists and attempt to minimise the number of such permanent insiders wherever possible to further help reduce the investigative burden and the chances of market abuse occurring.

Ensuring that those without a specific business need are prevented from accessing inside information is just as important as effectively maintaining insider lists. The newsletter suggests a number of “methods” by which access to inside information could be reduced:

• Introducing specific insider lists connected to particular events / products.
• Regular top to bottom reviews of permanent insider lists.
• Removing access to inside information from those who do not make use of it.
• Reviewing pipeline data access and creating discrete anonymised information data pipelines.
• Reducing access to inside information by non-deal team employees.

The FCA reports having recently received insider lists that do not contain the personal information required by the technical standards applying to MAR. It is reminding firms that these technical standards have been incorporated into UK law after Brexit and are still legally binding.

What seems to be happening here is a clash of regulatory obligations. Firms are taking their GDPR compliance seriously and so are attempting to reduce the amount of personal information being sent to the FCA, but they are thus falling foul of the MAR technical requirements. In the FCA’s view any firms that do not comply with these requirements will be deemed as hindering its investigations and potentially breaching Principle 11, which requires firms to be open and cooperative when dealing with the regulator.

Inside information

As set out above, MAR requires insider lists to include any third parties with access to inside information. The FCA emphasizes that both issuers and advisory firms who have contracts with external parties with access to inside information have an obligation to produce insider lists with the personal details of these third parties. If those third parties do not agree to provide their personal details their suitability for a role involving inside information should be questioned.

Finally, firms are permitted to store insider lists and personal data separately and only marry these two data sets when an insider list is requested by the FCA. A response to the request for an insider list will still be considered “prompt” when such a list is produced within two days of being requested by the regulator.