FAQs on article 18 of the Market Abuse Regulation

In summary, article 18 of MAR requires:

• Issuers and anyone acting on their behalf (for example, an advisor) to keep a list of people with access to inside information.
• Those insiders included on the list must provide their personal details along with written confirmation acknowledging that they are on the list.
• This list must be in a specific format, updated and maintained, and readily available to a regulator upon request.
• The list must be retained for a period of 5 (five) years.

Issuers of securities and people acting on their behalf, like advisors, accountants, or lawyers with access to inside information, must keep an insider list.

An insider list must include personal details like full name, date of birth, ID number (if applicable), address, phone number, the reason for their inclusion, and the dates they gained and were added to the list. You can read more about what must be in the list here.

Insider lists should be updated promptly when there's a change in the reason for inclusion, when adding a new person, or when personal details change.

Insider lists must be maintained for at least five years. Access is restricted to those who need it for compliance and monitoring, and regulatory authorities can request access.

Non-compliance can result in fines, criminal sanctions, and reputational damage.

Companies should have strong internal policies, conduct regular training on MAR compliance, and use technology to keep insider lists accurate and updated.

Yes, advisors and consultants with access to inside information must keep their own insider lists and provide them to regulatory authorities upon request. To read more on this, have a read of this article here.

The Commission Implementing Regulation (EU) 2016/347 also governs insider lists, providing a standardized template as an annexure.

Insider lists must be maintained and updated until there is no more relevant inside information. i.e. there has been a disclosure made to the market. The list of those individuals must be retained for a period of 5 (five) years.

The date and time when the person ceased to have access to the inside information should be recorded, and the insider list should be updated accordingly.

Yes, insider lists must be available for external auditors or regulators upon request to verify compliance with MAR.

Insider lists should be stored securely with restricted access, using encryption and access controls to prevent unauthorised access.

Yes, regulators often provide standardized templates or formats for insider lists. For example, the Commission Implementing Regulation (EU) 2016/347 includes a template in its annex.

Permanent insiders are individuals who reasonably have access to all inside information due to their role within the company, as opposed to those who might have access only occasionally or for specific projects.