Following the entry into force of Regulation 596/2014/EU (“Regulation” or “MAR“) and the related Commission Implementing Regulation 347/2016/EU (“Implementing Regulation” or “IR“) on market abuse, the intention of this briefing is to provide an overview of the applicable provisions regarding the drawing up, organization and update obligations connected to the list of insiders and its precise format (“Insider List” or “List”).

MAR requires issuers of financial instruments traded on regulated markets and multilateral trading facilities to adopt specific corporate procedures regarding the protection of the confidentiality of inside information and the maintenance of a List, in order to minimize insider trading and to support supervision and inspection by the competent authorities. In particular, this procedure is intended to regulate the entire inside information recording and monitoring process and require the prompt insertion of details of individuals having access to inside information, even on an occasional basis.

An important change introduced by MAR concerns who has the duty to keep the Insider List. Such requirement lies normally with the issuer. The issuer may itself decide, however, to delegate to a third party, acting on its behalf or on its account, the drawing up and management of the Insider List. It is, nevertheless, important to note that, in these situations, the obligation to manage the Insider List shall necessarily regard all the List and cannot cover only a part of it (Article 18, par. 2, MAR). In any case, the issuer remains fully responsible for the Insider List.

Thus, third parties working on behalf of the issuer (i.e. legal or tax advisers, auditors, consulting firms, financial advisor, banks, etc.) are no longer required to maintain their own internal Insider List as the issuer (or the third person delegated) is solely responsible for the maintenance of the single List, which shall include details of all individuals, internal and external to the company, having access to the protected information. This implies that such third parties shall be required to communicate the details of all persons who will have to be included into the single Insider List.

As to the content and structure of the List, every issuer is required to draw up the Insider List and to promptly update it according to a precise format, laid down in the Implementing Regulation.

In particular, the data which enables the identification of persons having access to inside information shall be entered, including: (i) their identity (date of birth, personal address and, where applicable, the national identification number); (ii) the reason for including them in the List; (Iii) the date and time at which they obtained access to the information; and (iv) the date on which the List was drawn up.

In addition, it is necessary to identify precisely the specific pieces of inside information to which those included in the List have had access, since multiple pieces of inside information can exist within an entity at the same time. Thus, the insider list must be divided into sections, with a separate section for each piece of inside information, specifying its specific nature (i.e. contract, project, corporate or financial event, profit warning). Thus, upon the identification of each new inside information, a new section must be added to the Insider List and must only include the data of those having access to the specific inside information referred to in the given section.

To avoid multiple entries within different sections but in respect of the same individuals, issuers may decide to draw up a supplementary section, containing the data of the insiders who, due to the nature of their function or position, have access at all times to all inside information concerning the company. This section, therefore, shall not be created upon the existence of a specific piece of inside information and data referred to the insiders inserted there shall not have to be repeated in other sections of the List. It should be noted that the number of persons whose details are included there should be particularly limited.

The new rules require, moreover, that the Insider List to be drawn up in electronic format, so as to ensure (i) the confidentiality of the information included therein; (Ii) the information to be complete and accurate; and (iii) the access to and the retrieval of previous versions of what has been entered in the List. Each update, must be carried out by the same electronic means, in order to ensure information is only added and that the existing information is neither deleted nor modified. The Insider List must be submitted to the competent Authority by electronic means.

In any event, issuers or those acting on their behalf or account shall take all reasonable steps to ensure that any person on the List acknowledges, in writing, the legal and regulatory duties entailed and is aware of the applicable sanctions.

Finally, the Regulation allows for exemption with regard to the requirement to keep the List, enabling cost savings to issuers which securities are traded on SME growth markets. However, it should be noted the provisions concerning such growth markets shall only be applicable as from January 3rd, 2018, the date set for the entry into force of MiFID II.