Issuers on a regulated market or a multilateral trading facility (MTF) shall continually maintain a list of persons who have access to inside information. This list is called an “insider list”.
The provisions concerning drawing up and updating insider lists are found in Article 18 of the EU Market Abuse Regulation (MAR) and in Commission Implementing Regulation (EU) 2016/347, which has been adopted pursuant to MAR.
The list shall be saved in a durable medium for at least five years after it was drawn up or after the date when it was last updated.
The purpose of the provisions is, on the one hand, to facilitate investigations into prohibited insider trading and, on the other hand, to prevent persons with access to inside information from using it for their own gain or that of another.
The insider list is also a way for the issuer to gain control over which persons hold a specific piece of inside information. The issuer is also obliged to inform those concerned that they are included on an insider list. This makes a person aware that they have information the issuer believes constitutes inside information, which may reduce the risk of insider trading.
The obligation to draw up an insider list arises as soon as inside information arises within the issuer. According to MAR, inside information is information of a precise nature, which has not been made public, relating, directly or indirectly, to one or more issuers or to one or more financial instruments, and which, if it were made public, would be likely to have a significant effect on the prices of those financial instruments – in other words, information that a reasonable investor would be likely to use as part of the basis of their investment decisions.
Examples of information that may constitute inside information are information about acquisitions or sales, research findings, profit warnings or other financial information that indicates the issuer is in financial difficulty etc. However, what constitutes inside information must always be determined on a case-by-case basis.
More about this can be found on the page Insider information.
The insider list shall contain the persons who have access to inside information. The list shall be updated promptly. Since multiple pieces of inside information can exist within a company at the same time, the insider list shall be divided into separate sections for each type of inside information there is within the issuer. More information about the content and format can be found below, under the heading Content and format of the insider list – templates for insider lists.
Article 18 of MAR applies to all issuers on a stock exchange or an MTF. In addition to the obligation for an issuer to keep an insider list of all persons who have access to insider information, the obligation to keep an insider list also applies to all those who are working for the issuer under a contract of employment, or otherwise performing tasks through which they have access to inside information. This can be, for example, advisers, accountants, credit rating agencies or other contractors. Those concerned shall draw up, update and, upon request, provide FI with an insider list.
Please note that the person who is obliged to keep an insider list is always fully responsible for ensuring that the applicable provisions are complied with, even when they task a third party with drawing up and updating the insider list. An issuer is therefore unable to avoid these obligations by subcontracting the work to a third party.
Those who are included on an insider list shall be informed of what this entails. This is set out in Article 18(2) of MAR. The issuer shall also take all reasonable steps to ensure that all those who are included on the list confirm in writing that they are aware of the legal obligations this entail. They shall, in the same manner, also be informed of the sanctions that are applicable for market abuse. More about this can be found on the page Market abuse (in Swedish).
Generally speaking it is sufficient for an insider to accept these obligations once. Subsequently, a reference to obligations and sanctions can be sufficient. When necessary, for example if it has been a long time since the initial acceptance, the issuer may need separate acceptances for each new event that occasions the drawing up of an insider list. It is always the responsibility of the issuer to ensure that the person in question is aware of the legal obligations that accompany being included on an insider list.
The list of persons with inside information shall be drawn up in an electronic format and this format shall ensure the confidentiality of the content of the list by restricting access to the insider list to clearly identified persons. Article 18(3) of MAR and Commission Implementing Regulation (EU) 2016/347 on technical standards for the format of insider lists set out what information has to be included in an insider list.
The insider list is event-driven
There may be multiple pieces of inside information within a company at the same time. For this reason, the insider list shall be divided into sections with a separate section for each type of inside information there is within the issuer. Some examples of inside information are information about acquisitions or sales, research findings, profit warnings or other financial information that indicates the issuer is in financial difficulty etc. However, what constitutes inside information must always be determined on a case-by-case basis. Further information can be found above, under the heading When does the obligation to draw up an insider list arise?, or read more about inside information on the page Insider information.
To avoid multiple entries in respect of the same individuals in different sections of the insider lists, the issuer may, under Article 2(2) of Commission Implementing Regulation (EU) 2016/347, decide to draw up and keep up to date a supplementary section of the insider list, referred to as the permanent insiders section. This is voluntary and is not a requirement pursuant to MAR. If this section is drawn up, it shall contain the details of individuals who have access at all times to all inside information. This section is of a different nature to the rest of the sections of the insider list as it is not created because of a specific piece of inside information. A permanent insiders section should only include those persons who, due to the nature of their function or position, have access at all times to all inside information within the issuer.
Insider lists shall be updated when there is a change in the reason for including a person already on the insider list, when there is a new person who has access to inside information and therefore needs to be added to the insider list or when a person included in the list ceases to have access to inside information. Updates to the list shall take place promptly.
The date and time at which the change triggering the update occurred shall be specified for every update. The list shall be saved for at least five years after it was drawn up or after the date when it was last updated.
Insider list are not to be sent to FI. However, FI is permitted to request a list should the need arise. In such cases, the list shall be submitted as soon as possible and in a manner that does not endanger an investigation into suspected insider crime. For example, it is not acceptable to need to ask for information from individuals on the insider list in the event of a request; this information shall instead be available to the issuer. The insider list shall be submitted to the administrator at FI who has requested the list and in accordance with the instructions in the request. If the administrator has specified a reference number in the request for the list, this reference number shall always be stated.
Please note that even if an issuer tasks a third party with drawing up and updating their insider lists, it is always the issuer who is fully responsible for compliance with the applicable provisions concerning insider lists.
Pursuant to Chapter 5, Section 2 of the EU Market Abuse Regulation (Supplemental Provisions) Act (2016:1306), FI shall decide that an administrative fine be imposed on those who fail to draw up, update or preserve an insider list or otherwise fail to comply with the requirements stated in Article 18(1)–18(6) of MAR.
The fine shall be a maximum of EUR 1m for a legal person or a maximum of two per cent of the legal person's turnover in the previous financial year or three times the profit/loss the person, or a third party, obtained/avoided as a consequence of the regulatory infringement. For a natural person, the fine shall be a maximum of EUR 500 000 or three times the profit/loss that person, or a third party, obtained/avoided as a consequence of the regulatory infringement. The maximum possible fine depends on a range of circumstances.
Further details concerning what is taken into account when setting this maximum amount can be found in Chapter 5, Sections 15–18 of the EU Market Abuse Regulation (Supplemental Provisions) Act. FI may refrain from intervening if the infringement is minor or excusable, the person in question rectifies the matter, if there are other special grounds or if some other body has taken action against the person and this action is deemed sufficient.
Please note that the obligation to draw up insider lists is that of the issuer and that it must therefore be well aware of its obligations. If the issuer tasks a third party with drawing up and updating the list, the issuer remains fully responsible for compliance with the provisions.
We have compiled the most frequently asked questions and their answers in the document below.
FI is able to answer question, provide information about applicable provisions and give guidance. As a supervisory authority, however, FI is unable to provide advance decisions in individual cases. Consequently, if representatives of the issuer are uncertain about how information is to be handled within the issuer, they are recommended to contact a legal adviser who is able to help them make an assessment on the basis of the circumstances that are specific to the issuer in question.
ESMA's questions and answers (Q&A) on the Market Abuse Regulation
Rules concerning the handling of inside information can be found in the EU Market Abuse Regulation, which entered into force on 3 July 2016. In addition to this, the European Commission has adopted an implementing regulation that specifies technical standards to which issuers must adhere with respect to the format of and updates to insider lists.
The European Securities and Markets Authority (ESMA) has also adopted guidelines that issuers should adhere to. ESMA also continually publishes questions and answers that provide guidance on the implementation of MAR.
The Swedish provisions in the EU Market Abuse Regulation (Supplemental Provisions) Act specify, for example, the way in which FI is able to intervene in response to infringements of the provisions concerning insider lists and what is to be included in the assessment in the event of an administrative fine.
Market Abuse Regulation (EU) 596/2014
Commission Implementing Regulation (EU) 347/2016
EU Market Abuse Regulation (Supplemental Provisions) Act (2016:1306) (in Swedish)