The Market Abuse Regulation (MAR) came into force in July 2016. It is the UK’s civil market abuse regime, sitting alongside the criminal regime. This best practice note covers the civil regime under MAR. It is for government departments, industry regulators and public bodies to help them in complying with the relevant obligations under MAR.
Because of the work you do, your organisation may hold information that is confidential, non-public and valuable. If it was disclosed to the public, it could affect the market prices of shares and other financial instruments. If handled incorrectly, it could lead to disorderly markets. This would damage the integrity of the UK market, as well as creating the potential for market abuse, such as insider dealing. So, it is important that your organisation satisfies itself that it complies with the relevant provisions of MAR and takes steps to identify, secure and govern how it handles and discloses inside information.
This note is to help you by providing suggestions on how you can manage the risk of handling inside information incorrectly. It is not a substitute for getting your own independent legal advice, but will help you by setting out suggested approaches to systems and controls for handling inside information. It should be read together with MAR, the supporting legislation and relevant ESMA and FCA guidance. You should make yourself aware of those legal requirements alongside this note.
Market Abuse Regulation – what it means for you
Your organisation and its employees, like any other body or person, are subject to the prohibitions on insider dealing, market manipulation and the unlawful disclosure of inside information under MAR. But some of MAR’s provisions are only legally binding on issuers of financial instruments, market participants and trading venues, not on organisations like yours. The area of MAR which is most relevant to you is Article 10, which sets out what amounts to unlawful disclosure of inside information. Article 14 of MAR prohibits the unlawful disclosure of inside information and makes it illegal.
Reviewing your operating policies
We recommend that you review your operating policies and procedures to ensure they enable your organisation to manage the operational, reputational and legal risks from handling inside information.
You may not be able to follow all our suggested approaches to systems and controls in this note. For example, if doing so would mean you breach a legal obligation, or specific circumstances may require a different approach.
1. Identifying inside information
Inside information is not always easy to identify. But it is important that you consider whether information your organisation or department has, creates or may want to disclose, could be inside information, even if this analysis causes some delay.
Broadly, MAR defines inside information as information of a precise nature which:
- has not been made public
- directly or indirectly relates to one or more issuers, or to one or more financial instruments and
- if it were made public, would be likely to have a significant effect on the prices of those financial instruments, or on the price of related derivative financial instruments
MAR also sets out specific definitions for inside information for commodity derivatives and emission allowances. (See MAR, Article 7 (Inside Information), Article 7(1)(b) for commodity derivatives and Article 7(1)(c) for emission allowances).
You need to assess information in each case, but asking these questions could help.
You will need to assess whether some or all of the information in each case is inside information or not, but these questions could help you in making that decision.
Has the information been made public?
Information can only be inside information if it has not already been made public. There are a variety of ways in which information can be made public including:
- to the market, using a regulatory information service (this is a service which provides regulated information to the market)
- being generally available, for example in the press or on the internet, including if people have to pay for the content
- the information can be put together from information which is generally available
- members of the public can get the information by observation without infringing rights or obligations of privacy, property or confidentiality
Please see MAR 1.2 of the FCA Handbook for more detail on this.
Is this information ‘precise’?
Deciding whether something is precise is not as easy as it sounds. ‘Precise’ does not mean ‘exact’ and making this assessment requires you to exercise your judgement. Under MAR, information is ‘precise’ if it indicates a set of circumstances which exist or which may reasonably be expected to come into existence. This means that there must be a realistic prospect of the event happening. It is also important to emphasise that the information does not have to be specific enough to indicate whether the price of a share or other financial instrument will go up or down, for it to be ‘precise’.
Is this inside information when combined with other information?
On its own, a piece of information may not be inside information. But when taken with other information, it could be. So, information you get from external parties when combined with information you already hold and decisions you have taken, or are about to take could, collectively, be inside information.
If this was released, would a reasonable investor be likely to use it as part of the basis of their investment decision?
The definition of inside information refers to information which, if it were made public, would be likely to have a ‘significant effect’ on price. This means information a reasonable investor would be likely to use as part of the basis of their investment decisions. Typically, if public knowledge of a piece of information would capture an investor’s attention and affect the price of financial instruments as a result, you should view it as potentially being inside information.
Is this information about a financial instrument which is covered by MAR?
Information can be inside information if it relates to financial instruments that are covered by MAR. MAR applies to financial instruments such as shares or bonds, as well as a range of other instruments which are admitted to trading or traded on a relevant trading venue. Trading venues include regulated markets such as the main market of the London Stock Exchange (LSE), multi-lateral trading facilities such as the LSE’s AIM market and other organised trading facilities (OTFs). In fact, a company is covered by MAR as soon as it has requested admission to trading on a regulated market or an MTF, which means information about the company could be inside information. The scope of MAR also covers derivative financial products which are not on a trading venue, such as contracts for difference (CFDs), whose price or value depends on or affects the price or value of a financial instrument that is on a trading venue.
Some examples of what could be inside information
Examples of inside information could include:
- proposals to amend the terms of an industry agreement, contract, license or exemption
- policy changes and consultations or conclusions of any sectoral reviews which could affect one or more companies or a sector
- information received as part of your organisation’s regulatory functions
But you would need to assess these case by case. If you are unclear whether information is inside information, your organisation should take legal advice.
If information ceases to be inside information, the restrictions will no longer apply, so you may wish to keep the status of information which you have classified as inside information under review.
2. Controlling and handling inside information
The market abuse regime prohibits the disclosure of inside information except where the disclosure is necessary in the normal exercise of an employment, a profession or duties. (See MAR, Article 10 (Unlawful disclosure of inside information), Article 14 and case law - Grøngaard and Bang (Case C-384/02)  ECR I-9939) Once you’ve identified inside information, your organisation should handle it carefully. We recommend that you consider the following suggestions for internal protocols to classify and handle information:
- Classify information: If you don’t have internal information classification procedures, consider introducing them. For example, where there is information which is potentially inside information, it may be appropriate to give it a stronger internal information security classification which has a requirement for specific handling.
- Internal controls: Set up and maintain appropriate internal controls, both electronic and physical. Controls should be appropriate to your organisation’s size and complexity and the information it holds, and ensure that only the people who need to, have access to inside information. Controls include: restricting access to electronic folders, encrypting USBs and removable media devices, restricting the use of personal email and/or IT equipment, using locked cabinets for paper storage and monitoring for leaks.
- Minimise the number of ‘insiders’: Apply a ‘need-to-know’ approach to inside information, keeping the number of those who are aware of it before formal release as small as possible. It is important that everyone is aware of when they have been given or hold inside information.
- Educate insiders: Tell people who are about to receive for example, a ‘market sensitive’ report containing potential inside information, or who will be informed of its content, when it is sent to them, that it is inside information and that it is prohibited to trade on such information or to disclose that information unlawfully. Consider educating your organisation’s staff so that they know what could constitute inside information and how to handle it.
- Identify individuals who can access the information: Be able to identify everyone who can access the inside information. One way of doing this is to set up an insider list.
3. Disclosing inside information
Your organisation may be asked or want to disclose inside information in certain circumstances. However, you can only disclose inside information where it is necessary to do so in the normal exercise of employment, a profession or duties (See MAR, Article 10 (Unlawful disclosure of inside information), MAR Article 14 and case law - Grøngaard and Bang (Case C-384/02)  ECR I-9939). Disclosing it in any other circumstances is an offence under MAR.
So, before disclosing inside information, either selectively to a few people or publicly, you should assess whether the disclosure is necessary. And we recommend that you keep records of your decision. Your organisation should also think about getting legal advice if you are unsure whether you can lawfully disclose that information.
This also applies where you receive a request (for example under the Freedom of Information Act 2000 (FOIA)) for inside information. Disclosing this information following a request under FOIA does not in itself make the disclosure lawful under MAR. If you want to disclose the inside information you will need to be satisfied that this is also lawful under the test set out above. FOIA has provisions that mean information is exempt from disclosure in various circumstances, for example, where it is prohibited by, or incompatible with, specific legislation. Your organisation should consider getting legal advice if you are in any doubt.
Systems and controls when disclosing inside information
These recommendations for systems and controls will help you disclose inside information correctly – whether disclosing to selected parties or publicly.
Selective disclosure - sharing inside information externally in a controlled way
In certain circumstances, you may need to share inside information with selected parties, whether or not you or a third party intends to release it publicly later. When doing this you should consider:
- Whether the inside information needs to be disclosed: First, consider whether you can discuss aspects of that information externally without disclosing the inside information. But note that it is possible to inadvertently disclose inside information without referring to the specific facts, as discussed in section 4 below – ‘Dealing with leaks’.
- Whether the decision to disclose is made at the correct level: If you need to disclose inside information, make sure the decision is made at the correct level in your organisation, so that risks are adequately managed.
- Predetermine which external disclosures are acceptable: When considering disclosing inside information to one person or a small group, you should assess, along with relevant advisers, whether disclosure is necessary. Also check if the disclosure would fall within the safe harbour in Article 10 of MAR of ‘disclosure in the normal course of an employment, a profession or duties’. Each instance should be considered separately and requires judgements to be made.
- Appropriate safeguards are in place before disclosure: We recommend that you consider telling the recipient that: they are about to receive inside information and asking them to confirm they are comfortable receiving it. They should keep the information confidential and be aware of their own obligations under MAR.
- Safeguards for disclosing the information: This could include encrypting external emails which contain inside information, using a secure courier for all hard copies or materials, encrypting USBs and removable media devices.
- Minimise the timing: Where possible, we would recommend that you keep the time between sharing the inside information with selected other parties and its formal release to the public as short as possible.
Publishing inside information
You should only publish inside information where it is necessary in the normal exercise of an employment, a profession or duties (See MAR, Article 10 (Unlawful disclosure of inside information)). Disclosing it in any other circumstances is an offence under MAR. When publishing inside information you should consider the following:
Suitable approval: Approval from an appropriately senior person before releasing information is important. This should include considering the appropriate timing of the disclosure. You should have contingency plans in place if key people aren’t available.
Disclosing promptly and appropriately: Make the inside information public as quickly as possible, and in a way that ensures the market as a whole gets access at the same time. Although there is no prescriptive requirement in MAR for your organisation to do so, one way of releasing inside information to ensure the whole market receives it, is through a regulatory information service. Our website gives a list of Primary Information Providers.
You can then make it available on any other media announcement service such as press releases, website updates, Twitter etc.
If possible, you should consider making planned announcements containing inside information outside market hours. This helps to reduce market volatility and prevent disorderly markets. Some issuer’s financial instruments are traded on other markets outside the UK or in more than one jurisdiction involving different time zones. It may be appropriate to take this into account when planning the timing of your announcements to minimise their impact.
However, you may need to release information during market hours. For example, you may need to clarify a position where your organisation has been questioned by market participants, or where there has been unusual market activity. In these circumstances, you may need to make the announcement as soon as possible, regardless of whether the market is open.
Your organisation should only pre-brief external parties before a public disclosure of information if there is a genuine need to tell them in advance and where it is necessary to do so in the normal course of an employment, profession or duties (See MAR, Article 10 (Unlawful disclosure of inside information)).
4. Dealing with leaks
The procedures in this note should minimise the risk of leaks of inside information, but deliberate or accidental leaks can still happen. For example, you could inadvertently disclose inside information without expressly mentioning the facts, but by communicating something which allows the recipient to guess it. So, advising a journalist that a forthcoming announcement is ‘market sensitive’ before giving further information - even if not mentioning the factual detail - is likely to lead to speculation.
We recommend having contingency plans for handling cases where inside information leaks before the planned announcement date. If there is a leak, the inside information should be released to the market as soon as possible using an appropriate method, even if this requires an announcement during market hours.
5. Contacting us
It is ultimately your responsibility to decide whether a piece of information is inside information. However, you may want to consult us. If so, please contact us as soon as possible at: [email protected]