| UK & Europe | Articles
The FCA’s most recent edition of MarketWatch highlights that when it comes to insider lists, there’s a tricky balance between failing to disclose names, and including ones which are superfluous.
Marketwatch 60 opens with a pretty damning conclusion from the recent UBS insider dealing case, that ‘while Ms Abdel-Malek was named on the relevant insider lists, she had no business need to access the information concerned.’ Perhaps more shockingly, later in the article the FCA highlights an example from their work with another firm where over 600 support team members were included as insiders on one particular deal.
From these examples and others, it seems that firms are struggling to get insider lists right. Furthermore, a number of other examples cited by the FCA suggest that firms have not yet implemented proper controls around information flow, which had been flagged as a concern by the FCA in a thematic review in 2015.
Understanding the insider list and information flow challenge
The update to the insider list process resulting from MAR has resulted in a cottage industry of list production and maintenance for capital markets firms. In compiling insider list, firms are caught between two competing priorities arising from the rules and the FCA’s own guidance:
- Failing to disclose the name of an individual privy to inside information could hinder the FCA’s investigation of potential market abuse, and in certain cases could attract regulatory censure; however
- Casting insider lists too widely and including staff with no good reason to have access to the data, does not conform with the guidance around controls on information flow.
So it is a delicate balance that firms must strike.
The challenge on information flow is perhaps more daunting – capital markets activity brings extremely sensitive information into the work environment, which must be strictly controlled. Firms must consider both logical restrictions (folder trees, system access, etc.) and the physical environment, in the context of an activity where the level of involvement of key individuals can be quite fluid and dynamic. Ensuring that only the right individuals have access to the right information at any given time can quickly become a full time job for one or more people.
In the face of these challenges, the FCA’s work suggests that some firms may have taken a shortcut – simply granting blanket access to senior management, deal teams or support functions, and disclosing as many names on the insider list as possible. The UBS case is a clear illustration of the risks inherent in such an approach.
What should firms do next
The ongoing presence of highly sensitive information in the work environment requires a nuanced approach. To ensure that appropriate controls are implemented, firms should consider:
- The nature of the information which is being handled by individuals;
- The constraints of the physical environment (physical separation, Chinese walls, etc.)
- How best to implement appropriate logical controls (password protection, restricted access, etc.)
- The role to be played by support staff – i.e. assigning named individuals to clients and/or deals, rather than granting blanket access
- Ensuring insider lists closely reflect the reality of the situation.
Clear guidelines on how insiders should be identified, how insider lists are constructed and how information flow is restricted, will all be necessary parts of the compliance framework, if not in place already.
How Bovill can help
Good market abuse controls begin with a robust risk assessment – Bovill has helped a wide range of firms to properly characterise and document their market abuse risk. In addition, Bovill regularly assists firms in designing appropriate controls for handling inside information and constraining information flow.
Get in touch
