Inside information: how to identify, control and disclose

A best practice note for government departments, industry regulators and public bodies. Find out how to manage the risks of handling inside information.

Introduction

Because of the work you do, your organisation may hold or create information that is:

Confidential
Non-public
Valuable

If such information was disclosed to the public, it could affect the market prices of shares and other financial instruments.

Incorrect handling could lead to disorderly markets. This would damage the integrity of the UK market, as well as creating the potential for market abuse, such as insider dealing.

Incorrect handling of inside information could amount to a breach of the UK Market Abuse Regulation and damage your organisation’s reputation. Your employees could also be committing a criminal offence under the Criminal Justice Act which could result in a potential penalty of up to 10 years imprisonment and/or an unlimited fine.

Our role

One of our operational objectives is to protect the integrity of UK financial markets.

As part of this, we’re responsible for monitoring compliance with the market abuse regime, which includes prohibitions on the unlawful disclosure of inside information and insider dealing.

We have statutory powers under the Financial Services and Markets Act 2000, allowing us to investigate suspected breaches of the market abuse regime and to impose sanctions, including fines, where we conclude that a breach has taken place. The FCA is also responsible for investigating suspected criminal market abuse and, where appropriate, bringing criminal proceedings, as well as deciding whether conduct is more appropriately addressed through civil enforcement action under the UK Market Abuse Regulation.

How to use this best practice note

This best practice note covers the civil regime under the Market Abuse Regulation (MAR) and is designed to help government departments, industry regulators and public bodies comply with the relevant obligations under the UK’s market abuse regime and, more broadly, protect market integrity.

Specifically, we suggest how you can manage the risks of handling inside information.

This note is not a substitute for getting your own independent legal advice.

Below, we set out suggested approaches to systems and controls for handling inside information.

Read it together with the Market Abuse Regulation (MAR), supporting legislation and relevant European Securities and Markets Authority (ESMA) and FCA guidance.

You should make yourself aware of those legal requirements alongside this note.

Market Abuse Regulation – what it means for your organisation

MAR is the UK’s civil market abuse regime, sitting alongside the criminal regime.

The core purpose of MAR is to create a level playing field so that all market participants can have access to the same information at the same time and be confident in the integrity of the market.

Your organisation and its employees, like any other body or person, are subject to the prohibitions on insider dealing, market manipulation and the unlawful disclosure of inside information under MAR. But some of MAR’s provisions are only legally binding on issuers of financial instruments, market participants and trading venues, not on organisations like yours.

The area of MAR which is most relevant to you is Article 10, which sets out what amounts to unlawful disclosure of inside information.

Article 14 of MAR prohibits insider dealing and the unlawful disclosure of inside information and makes them illegal.

Background to MAR

The EU Market Abuse Regulation came into force in July 2016 and was onshored into UK law on 31 December 2020 by the European Union (Withdrawal) Act 2018 (EU MAR).

Changes to EU MAR were made by the Market Abuse Exit Regulations 2019, to make sure that the onshored legislation operates effectively in the UK.

Reviewing your operating policies and procedures

We recommend all organisations that handle inside information have written operating policies and procedures to make sure they can effectively manage the operational, reputational and legal risks from handling inside information.

We also recommend you:

Review these policies and procedures to make sure they remain effective.
Train all staff that may handle inside information on your policies and procedures.
Keep your training up to date.

You may not be able to follow all our suggested approaches to systems and controls in this note. For example, if doing so would mean you breach a legal obligation, or your specific circumstances need a different approach.

1. Identifying inside information

Inside information is not always easy to identify. But it’s important to consider whether information your organisation or department has, creates or may want to disclose, could be inside information, even if this analysis causes some delay.

Broadly, MAR defines inside information as information of a precise nature that:

Has not been made public.
Directly or indirectly relates to 1 or more issuers, or to 1 or more financial instruments.
If it were made public, would be likely to have a significant effect on the prices of those financial instruments, or on the price of related derivative financial instruments.

MAR also sets out specific definitions for inside information for commodity derivatives and emission allowances. (See MAR, Article 7 (Inside Information), Article 7(1)(b) for commodity derivatives and Article 7(1)(c) for emission allowances).

What to consider

In each case, you need to assess whether some or all the information is inside information, but asking these questions could help.

Has the information been made public?
Is this information 'precise'?
Is this information inside information when combined with other information?
If this information was released, would a reasonable investor be likely to use it as part of the basis of their investment decision?
Is this information about a financial instrument which is covered by MAR?

The sections below give more information on what to consider.

Public information

Information can only be 'inside information' if it has not already been made public.

Information can be made public in various ways, including:

To the market, using a regulatory information service. (This is a service that provides regulated information to the market in a manner that ensures fast and non-discriminatory access for all market participants and the wider public).
Being generally available, for example in the press or on a website, either your own website or a third-party website, including if people must pay for the content, such as information on a financial data provider’s website.
Put together from information which is generally available, such as records open to the public.
Members of the public can get the information by observation without infringing rights or obligations of privacy, property or confidentiality, for example, from observing a public event.

For more detail, see MAR 1.2.12 to 1.2.14 in the FCA Handbook.

Precise information

Deciding whether something is precise is not as easy as it sounds.

'Precise' does not mean 'exact'. You need to use your judgement to assess this.

Information is ‘precise’ if it indicates a set of circumstances which exist or which may reasonably be expected to come into existence. This means there must be a realistic prospect of the event happening.

Note, to be 'precise' the information does not have to be specific enough to indicate whether the price of a share or other financial instrument will go up or down.

Combines to become inside information

On its own, a piece of information may not be inside information. But when taken with other information, it could be. So, information you get from external parties when combined with information you already hold and decisions you have taken, or are about to take, could be inside information collectively.

Use by a reasonable investor

The definition of inside information refers to information which, if it were made public, would be likely to have a ‘significant effect’ on price.

This means information that a reasonable investor would be likely to use as part of the basis of their investment decisions.

Typically, if public knowledge of a piece of information would capture an investor’s attention and affect the price of financial instruments as a result, you should view it as potentially being inside information.

Financial instruments covered by MAR

Information can be inside information if it relates to financial instruments that are covered by MAR.

MAR applies to financial instruments such as shares, bonds (including gilts) as well as a range of other instruments, such as futures which are admitted to trading or traded on a relevant trading venue.

Trading venues include:

Regulated markets such as the main market of the London Stock Exchange (LSE).
Multilateral trading facilities (MTFs) such as the LSE’s AIM market.
Other organised trading facilities (OTFs).

In fact, a company is covered by MAR as soon as it has requested admission to trading on a regulated market or an MTF, which means information about the company could be inside information.

The scope of MAR also covers derivative financial products which are not on a trading venue, such as contracts for difference (CFDs), whose price or value depends on or affects the price or value of a financial instrument that is on a trading venue.

Examples of inside information

Examples of inside information could include:

Proposals to amend the terms of an industry agreement, contract, license or exemption.
Policy changes and consultations, or conclusions of any sectoral reviews that could affect 1 or more companies or a sector.
Information received or produced as part of your organisation’s regulatory functions.
An investigation that could result in a significant fine.
Proposed changes in fiscal or taxation policy that could affect companies or the cost of government borrowing. For example, proposals for a levy on a particular sector or changes in employment tax which could affect the costs of companies in that sector or those with large workforces.
Strategic reviews that outline further spending or cuts for certain sectors.
Certain regular announcements and publications by government and public sector bodies. For example, Monetary Policy Committee decisions on interest rates, the Office of Budget Responsibility’s Economic and Fiscal Outlook and budget announcements on taxation and spending.

But you would need to assess these case by case.

If you are unclear whether information is inside information, your organisation should take legal advice.

If information stops being inside information, the restrictions will no longer apply. So you may wish to keep the status of information that you have classified as inside information under review. It is also important to consider whether a decision to cancel a proposal, policy or course of action could also be inside information.

2. Controlling and handling inside information

Once you’ve identified inside information, your organisation should handle it carefully.

Consider the following suggestions for internal protocols to classify and handle information.

Classify information Internal controls Minimise the number of 'insiders' Educate insiders Identify individuals who can access the information

Classify information

If you don’t have internal information classification procedures, you should introduce them.

For example, where there is information that is potentially inside information, we recommend giving it a stronger internal information security classification, with a requirement for specific handling.

Internal controls

Set up and maintain appropriate internal controls, both electronic and physical.

Controls should be appropriate to your organisation’s size and complexity and the information it holds.

They should make sure that only people who need to can access inside information.

Controls could include:

Restrict access to electronic folders.
Encrypt USBs and removable media devices.
Restrict the use of personal email and IT equipment.
Restrict the use of instant messaging applications.
Use locked cabinets for paper storage.
Monitoring for leaks.

Minimise the number of 'insiders'

Apply a 'need-to-know' approach to inside information. Keep the number of people who are aware of it before formal release as small as possible.

You should consider assessing staff for suitability before access is granted. One way of doing this could be through a security clearance process. You may also wish to check if individuals have conflicts of interest.

It’s important that everyone is aware when they have been given or hold inside information.

Educate insiders

Tell people who are about to receive, for example, a 'market sensitive' report containing potential inside information (or who will be informed of its content) when it is sent to them, that:

It is inside information.
It is prohibited to trade on such information or to disclose that information unlawfully.

We recommend formally educating your organisation’s staff so they know what could constitute inside information and how to handle it. We also recommend that the training is repeated periodically, and run again in the event of a leak.

Identify individuals who can access the information

Your organisation should be able to identify everyone who can access the inside information.

One way of doing this is to set up an insider list.

Where you hold or create large amounts of inside information, you should consider a specialised compliance function such as a Control Room. This provides central oversight of the identification, handling and safeguarding of inside information, including the creation and maintenance of insider lists.

3. Disclosing inside information

Your organisation may be asked, or want, to disclose inside information in certain circumstances. For example, you may need to disclose information as part of a regular (or one-off) publication, or you may need to selectively disclose inside information to a few people.

However, you can only disclose inside information where it is necessary to do so in the normal exercise of employment, a profession or duties. (See MAR Article 10 (Unlawful disclosure of inside information), MAR Article 14, and case law: Grøngaard and Bang (Case C-384/02) [2005] ECR I-9939.) Disclosing it in any other circumstances is an offence under MAR.

So, before disclosing inside information – either publicly or to a few people selectively – make sure the circumstances are in line with the MAR requirement.

We also recommend you keep records of your decision.

Freedom of information requests

This also applies where you receive a request (for example under the Freedom of Information Act 2000 (FOIA)) for inside information.

Disclosing information following a request under FOIA does not in itself make the disclosure lawful under MAR.

If you want to disclose the inside information you will need to be satisfied that this is also lawful under the test set out above. FOIA has provisions that mean information is exempt from disclosure in various circumstances, for example, where it is prohibited by, or incompatible with, specific legislation.

If you’re not sure, consider getting legal advice.

Systems and controls when disclosing inside information

These recommendations for systems and controls will help you disclose inside information correctly – whether disclosing to selected parties or publicly.

Decision-making

In both cases of selective disclosure or publication of inside information, we recommend that you make sure the decision to disclose is made at the correct level of seniority in your organisation, so that risks are adequately managed.

We recommend that you keep records of your decision.

If you are not sure whether you can lawfully disclose that information, think about getting legal advice.

You should have contingency plans in place in case key people aren’t available.

Selective disclosure: sharing inside information externally in a controlled way

In certain circumstances, you may need to share inside information with selected parties, whether or not you or a third party intends to release it publicly later.

Consider:

Whether the inside information needs to be disclosed Predetermine which external disclosures are acceptable Appropriate safeguards are in place before disclosure Safeguards for disclosing the information Minimise the timing

Whether the inside information needs to be disclosed

First, consider whether you can discuss aspects of that information externally without disclosing the inside information.

Note, it’s possible to inadvertently disclose inside information without referring to the specific facts, as discussed in section 4 below – 'What to do when things go wrong'.

Predetermine which external disclosures are acceptable

When considering disclosing inside information to 1 person or a small group, you should assess, along with relevant advisers, whether disclosure is necessary.

Also, check if the disclosure would fall within the safe harbour in Article 10 of MAR of 'disclosure in the normal course of an employment, a profession or duties'.

You need to consider each instance separately and make a judgement.

Appropriate safeguards are in place before disclosure

We recommend that you consider telling the recipient:

They are about to receive inside information.
They should keep the information confidential and be aware of their own obligations under MAR.

Ask them to confirm they are comfortable receiving the information.

Safeguards for disclosing the information

Safeguards could include:

Encrypt external emails that contain inside information.
Use a secure courier for all hard copies or materials.
Encrypt USBs and removable media devices.

Minimise the timing

Where possible, we would recommend that you keep the time between sharing the inside information with selected other parties and its formal release to the public as short as possible.

An example of where it may be acceptable to share inside information could be where a policy decision will have an impact on the activities of another public body or regulator. For example, the FCA and the PRA may need to share information in respect of a proposed policy that would impact dual-regulated firms.

An example of where selective disclosure would not be acceptable under Article 10 of MAR could be where inside information is shared before publication with a small number of interested companies who will be affected by the proposals.

Publishing inside information

When publishing inside information, as well as the process around decision-making above, you should consider the following which ensure the inside information is made public as quickly as possible, and in a way that ensures the whole market gets access at the same time:

Route for disclosure Timing of disclosure and whether it is appropriate

Route for disclosure

Although there is no prescriptive requirement in MAR for your organisation to do so, one way of releasing inside information to ensure the whole market receives it, is through a regulatory information service.

Find a list of Primary Information Providers.

Website publication can also be an appropriate route for inside information to be made public provided that it is published in an accessible way. Some government policies that may include inside information are announced orally, through official statements to Parliament.

You can then make the information available on any other media announcement service such as press releases, social media platforms etc.

Timing of disclosure and whether it is appropriate

If possible, consider making planned announcements containing inside information outside market hours. This helps to reduce market volatility and prevent disorderly markets.

Some issuers’ financial instruments are traded on other markets outside the UK or in more than one jurisdiction involving different time zones. It may be appropriate to take this into account when planning the timing of your announcements to minimise their impact.

However, you may need to release information during market hours. For example, you may need to clarify a position where your organisation has been questioned by market participants, or where there has been unusual market activity. In these circumstances, you may need to make the announcement as soon as possible, regardless of whether the market is open.

Also, there may be circumstances where the publication of inside information during market hours is expected by market participants.

You should ensure that the mechanism for storage of the inside information before publication and release, is secure to avoid a leak or early release, including where the method of publication is via your organisation’s website.

You should only pre-brief external parties before a public disclosure of information if there is a genuine need to tell them in advance and where it is necessary to do so in the normal course of an employment, profession or duties (See MAR, Article 10 (Unlawful disclosure of inside information)).

An example of good practice would be to use a regulatory information service to publish the inside information outside market opening hours.

An example of poor practice would be to release inside information during market hours to 1 media outlet.

4. What to do when things go wrong

The procedures in this note should minimise the risk of leaks of inside information, but deliberate or accidental leaks can still happen.

For example, you could inadvertently disclose inside information without expressly mentioning the facts, but by communicating something which allows the recipient to guess the information.

So, telling a journalist an upcoming announcement is 'market sensitive' before you give more information – even if you do not mention the factual detail – is likely to lead to speculation.

We recommend having contingency plans for handling cases where inside information leaks before the planned announcement date or time.

Leaks Inadvertent publishing Unexpected route

Leaks

If there is a leak, the inside information should be released to the market as soon as possible using an appropriate method (see 'Publishing inside information' above), even if this means you need to make an announcement during market hours.

We recommend that it is published without delay, for example by using a primary information provider or on your organisation’s website.

Inadvertent publishing

If inside information is published inadvertently, we recommend you keep it published to avoid a disorderly market.

Unexpected route

Where information has been made public or leaked but not through the expected route, consider publishing the inside information via the expected route without delay.

Follow-up actions

Where a leak has taken place, we recommend that an investigation is undertaken quickly by independent experts.

The independent investigation should:

Share recommendations for improvements.
Publish findings where appropriate.

You should keep any investigatory working papers and make these available to us if we ask for them.

Given our remit under MAR, we expect your organisation to be open and cooperative with us.

5. Contact us

Ultimately, it is your responsibility to decide whether a piece of information is inside information. However, you may want to consult us. If so, please contact us as soon as possible.

Email: [email protected].

22/05/2026 : Information changed Update of page content

09/01/2023 : Editorial amendment page update as part of the website refresh

Contact us

What we do

How we regulate

How we operate

Who we are

Join us

Firms overview

Regulated firms

Primary markets

Markets policy

Regulated markets

Market abuse

Short selling

Transaction reporting

Our Consumer section

Your rights

Complaints

Scams

Report a firm

Sign up to receive daily alerts on the warnings we issue

Media centre