Introduction
Under Article 18 of the Market Abuse Regulation (MAR), issuers and anyone acting on their behalf must keep insider lists and take all reasonable steps to ensure every person on those lists acknowledges in writing their legal/regulatory duties and the applicable sanctions. The UK on-shored version of MAR retains this obligation verbatim.
ESMA’s Q&A confirms how insider list responsibilities apply (including for advisers/consultants and delegated list management), while the FCA’s Market Watch guidance shows the regulator’s expectations around list quality, contractor data, and prompt responses. Together, these sources help define what “reasonable” looks like in practice.
Legal and Regulatory Context
Article 18 of MAR requires issuers and persons acting on their behalf to maintain insider lists and take reasonable steps to obtain written acknowledgements from insiders. Although MAR does not prescribe a format for collecting acknowledgements, firms must be able to show evidence that each insider received and confirmed understanding of their duties.
In the UK, the FCA expects firms to maintain systems and controls that identify, restrict, and monitor access to inside information. The “Best Practice Note: Identifying, controlling and disclosing inside information” stresses timely acknowledgement and record-keeping. Firms must be able to demonstrate that they took reasonable steps to inform insiders and limit access until acknowledgements were obtained.
There is limited case law on insider list acknowledgements specifically. However, enforcement trends show that the FCA treats poor record-keeping or weak controls as a systems and controls failure. The regulator focuses on whether firms can prove insiders were informed and aware of their obligations.
This record is crucial for demonstrating compliance if investigated or if a breach occurs.
Reasonable Steps in Practice
Think proportionate, documented, repeatable.
1) Friction-free, trackable acknowledgements
Use a simple written process such as email, form or secure portal to issue deal-specific notices. Capture time-stamped acknowledgements through e-signature, reply email or tick-box. Keep evidence of delivery and receipt to meet the written requirement.
2) Chasing and escalation
Record all delivery attempts and responses. Escalate persistent non-responders to the deal lead with authority to restrict access until acknowledgement is received.
3) Access-control proportionality
Where possible, gate access to inside-information areas until acknowledgement is complete. If not feasible, allow a short grace period of 24 to 48 hours and escalate if overdue. For third parties, include contractual undertakings that acknowledgements and personal data must be provided before access.
4) Clear content
Keep notices brief and easy to understand. Include insider status, duties not to deal or disclose, potential sanctions, and a clear action such as sign or click. Provide translations where needed to ensure understanding.
5) Audit trail
Keep a log of who was notified, when, how, and their response. Record reminders, escalations, and any access restrictions. Align insider list fields with your regulator's templates to allow quick responses to information requests.
6) Third-party governance
If a service provider or adviser maintains its own insider list, obtain evidence that their insiders acknowledged MAR duties. Document any delegation and monitor performance since responsibility remains with your firm.
7) Training and testing
Link short refresher modules to notices and require repeat acknowledgements on long-running deals. Conduct quarterly spot checks to verify acknowledgements and reconcile them with system access records
Summary
To meet the “reasonable steps” standard, ensure that:
- The acknowledgement process is documented and repeatable.
- Each insider receives a clear written notice and provides confirmation.
- Access is controlled until acknowledgement is received or documented exceptions are applied.
- A full audit trail is maintained.
- Testing and periodic reviews confirm the system works in practice.
These measures show proportionate and defensible compliance with Article 18 MAR and FCA expectations.
Sources & further reading
- MAR Article 18 (UK on-shored) — obligation to take all reasonable steps to obtain written acknowledgements from persons on insider lists. Legislation.gov.uk
- ESMA Q&A (Insider lists 10.1 & 10.2) — who must keep lists; issuer responsibility where tasks are delegated; advisers’ own obligations. esma.europa.eu
- FCA Market Watch 71 (Dec 2022) — expectations on list completeness, contractors, data, and prompt provision to FCA; reconsider access where requirements are refused. FCA
- UK Technical Standards (Implementing Reg. 2016/347 template, as retained in the UK) — required list format and data fields. FCA Handbook
- SME Growth Market variation — exemption from preparing lists only if you still take all reasonable steps for acknowledgements and can produce a list on request. Legislation.gov.uk
