The Malta Financial Services Authority (MFSA) has issued a circular in relation to the Market Abuse Regulation (MAR) and the List of Insiders Rules. All issuers of financial instruments admitted to trading on a trading venue, or for which a request to trade has been made, as well as any persons acting on their behalf or account are required to have a List of Insiders and to keep this regularly updated. The MFSA’s circular is intended to remind such Issuers of their ongoing obligations under the MAR and the relevant rules.

The MAR obliges such persons to draw up, and promptly update, a list of all persons who have access to inside information directly or indirectly related to a publicly listed entity, a publicly listed financial instrument, or an entity seeking to be listed or seeking to list a financial instrument. Such people are also required to disclose any persons working for them under a contract of employment, or otherwise performing tasks through which access to inside information can be acquired.

The MFSA holds the List of Insiders (‘LOI’) in high regard. The LOI aids the Authority in monitoring insider trading activities and assists issuers in controlling the flow of inside information.

The Issuers’ Obligations

The obligation to draw up a LOI arises as soon as there is inside information. According to the MAR, “inside information” refers to any ‘information of a precise nature, which has not been made public’ and relates ‘directly or indirectly, to one or more issuers or to one or more financial instruments, and which if it were made public, would be likely to have a significant effect on the prices of those financial instruments’.

The European Securities and Markets Authority (‘ESMA’) has stated that the legislative aim of the insider list regime under the Regulation is to ‘cover any person that, by virtue or action on behalf or account of the issuer, has access to inside information’. Therefore, not only the issuer, but also all the persons on behalf or on account of the issuer that have access to inside information, are subject to the obligation to draw up, update and provide a LOI.

A LOI is to be promptly updated in the following circumstances:

  1. where there is a change in role of the person listed on the insider list;
  2. where there is a new person who has access to inside information and needs, therefore, to be added to the insider list; and
  3. where a person ceases to have access to inside information.

Each update, in turn, must specify the date and time the change triggering the update occurred. All versions of the insider list, at different points in time, must be kept for auditing purposes.

The person obliged to keep the insider list is always fully responsible for ensuring that the applicable provisions of the Regulation are complied with, even if the task of drawing up and updating the LOI is delegated to a third party. In such cases, the issuer remains fully responsible for maintaining the list. If the third party entrusted with such task is also a person acting on behalf or on account of the issuer, such person would also be under the obligation to provide a LOI to the relevant national competition authority.

However, the issuer would not be responsible for the fulfilment of the persons acting on its behalf or account for the drawing up of their own LOI. The obligations of the issuer and of persons authorised to carry out business on the former’s behalf are separate from each other.

An insider list must be kept in an electronic format, in accordance with Annex I of the Implementing Regulation. Every LOI is to be kept for a minimum period of 5 years from the date of when it was drawn up and if updated, from the date of the last update. The electronic format of the LOI ensures:

  1. The confidentiality of the information included by limiting access to the insider list strictly to clearly identified persons from within the issuer or any person acting on their behalf, or on their account, that need access due to the nature of their function or position;
  2. The accuracy of the information;
  3. The access and the retrieval of previous versions of the list.

The List of Insiders

The LOI should include all company employees or otherwise, that have access to inside information. The LOI may include, but is not limited to:

  1. Team members or employees who are in possession of inside information
  2. Administrative staff with access to emails or other records containing inside information
  3. Compliance staff with access to inside information
  4. IT employees who obtain access to inside information due to a specific project; and
  5. Senior management with access to inside information.

The list should include, at least:

  1. the identity of any person having access to inside information
  2. the reason for including that person in the insider list
  3. the date and time at which that person obtained access to inside information; and
  4. the date on which the insider list was drawn up.

The MFSA also requires that all the information prescribed by Annex I of the Commission Implementing Regulation (EU) 2016/347 is also provided in the list of insiders.

Where a service provider is not a natural person, the details for a contact person for that service provider must as a minimum be provided. The service provide is in turn obliged to draw up and keep an updated LOI delineating which of his employees are privy to inside information.

Temporary and Permanent Lists of Insiders

As per the Implementing Regulation, the list of insiders should identify the particular elements of inside information to which persons working for issuers have or have had access to. LOIs should be drawn up by issuers on a deal, event and project-specific basis. Each section is to list all the persons with access to the same specific piece of inside information. This type of list can be considered to be a ‘Temporary LOI’.

Moreover, a company may have individuals who may always have access to inside information due to their role and function. The issuer may then decide to draw up a supplementary LOI to avoid multiple entries of the same individuals in different sections of the insider lists. This supplementary list is referred to as the ‘Permanent LOI’.

Exemptions for SME Growth Market Issuers

The Regulation allows a flexible regime for SME growth markets. Issuers whose financial instruments are admitted to trading on an SME growth market are exempt from drawing up an LOI, given that:

  1. The issuer takes all reasonable steps to ensure that any person with access to inside information acknowledges the legal and regulatory duties entailed, and is aware of the sanctions applicable to insider dealing and unlawful disclosure of inside information;
  2. The issuer is able to provide an insider list to the MFSA, upon request.

Obligations to Employees Listed in the LOI

Each person listed in the LOI is to acknowledge, in writing, the legal and regulatory details entailed in having access to inside information, as well as any penalties applicable to insider dealing and unlawful disclosure of inside information. This obligation is to be prompted by the issuer or by the third party authorised to act on behalf of the issuer.

Such an acknowledgement is only required the first time an employee is added to the list.

The MFSA recommends that appropriate communication and training programmes are implemented by companies, in order for existing and future employees to fully understand their obligations as insiders.

Moreover, the MFSA clarifies that the MAR does not explicitly prohibit company employees from entering into transactions which relate to the financial instruments of the company. The Regulation prohibits dealing on the basis of inside information. Employees who are privy to inside information cannot trade where a person possesses inside information, and goes on to use that information by acquiring or disposing of, for its own account or for the account of a third party, directly or indirectly, financial instruments to which that information relates. Additionally, issuers or any persons acting on their behalf or their account, should ensure that there are effective internal arrangements and procedures to regulate and monitor employee dealing and share schemes in place.

Finally, the company needs to ensure that the access to the insider list is restricted, that is, only a selected number of individuals can access it. IT systems are, in turn, vital in order to control access to inside information. The company may also consider password protection, as well as secure access databases and encryption software.

Persons that are deemed not to comply with their obligations as set out above may be liable to an administrative penalty.