Skip to content

The Bank That Failed to Create and Populate Insider Lists

The Bank That Failed to Create and Populate Insider Lists

In the late 2010s, a large European bank released two public statements regarding high-profile departures from its senior management team. Both announcements contained what the bank itself identified as insider information. However, not only did the bank fail to provide the information on the insider list required by the Market Abuse Regulation (MAR) in one case, but it also failed to produce an insider list at all in the other.   

The regulator in the country in which the bank was based found that the bank had breached its obligations under the regulation and set out the mistakes it had made in the process. This article serves as a reminder to companies that they must be aware of the requirements of EU legislation based on MAR 

The challenge with inside information

MAR describes inside information as “information of a precise nature, which has not been made public, relating, directly or indirectly, to one or more issuers or to one or more financial instruments, and which, if it were made public, would be likely to have a significant effect on the prices of those financial instruments or on the price of related derivative financial instruments,” in addition to being “information a reasonable investor would be likely to use as part of the basis of his or her investment decisions.” 

Where inside information is identified, MAR states that issuers should draw up an event-based insider list for each separate piece of inside information featuring all individuals with access to that information. 

The organisation must remind insiders of their responsibilities not to use the information for insider dealing and have them confirm their full details as entered into the list. It should also include a reason for them being on the list. The issuer must keep the list up-to-date in accordance with MAR’s standards, noting when changes occur and the reasons for those changes. This means including the time and date when people gained access to the information.  


The bank issued an announcement in the spring of a particular year, announcing the resignation of a member of its executive board. In the autumn, it released another announcement regarding the resignation of its CEO. In both cases, the bank registered the information with the national authority as having been inside information.  

However, when the authority requested a report on the events surrounding both announcements, including the insider lists, there were some issues.  

  • For the information regarding the resignation of the board member, there was no insider list. The bank informed the national authority that all employees other than the person charged with writing the company announcement had been included in a previous insider list for separate inside information.  
  • For the release about the resignation of the CEO, there was an insider list, but important personal information was missing for some of the insiders and there was no record of when the company created the list or updated it. The bank failed to give reasons for the inclusion of insiders and noted only the date on which they became insiders and not the time.  


What happened?

The national authority agreed with the bank’s classification of the information as inside information. As such, it found that the bank had violated MAR in both cases.  

In the case of the resignation of the board member, it had failed in its duty under Article 18(1)(a) to create an event-based insider list for that information. Regarding the resignation of the CEO, it had contravened Article 18(3) by providing insufficient information on an insider list.  

As such, the national authority issued a reprimand to the bank on two counts. Although the outcome of the case remains private, the maximum fine for a breach of Article 18 of MAR is €1 million for legal entities.  

How to avoid sanctions?

Automating the insider list process makes it more manageable and less likely to lead to non-compliance. InsiderLog reminds insiders to acknowledge their presence on the list and to fill in the relevant information. It maintains records of when you updated the list and why in the required format. This way, the process does not seem so daunting and you have a digital audit trail to prove you complied with the local legislation.   

You can request a demo of InsiderLog for your business today.  

References and further reading



Subscribe to our newsletter

Stay up to date with the latest news and products


Sign up for our newsletter

Stay up to date with the latest news and products

You have successfully subscribed!

This is your official confirmation. Thank you for joining ComplyLog Newsletter. While you wait for the next issue of ComplyLog, check out the latest articles and references.

Related articles

Post Picture

The Investigation into a Bank’s Corporate Trip

Corporate trips away are a common occurrence in companies. With multinationals bringing together employees from across the globe, there is the...
Read More
Post Picture

The Bank Fined for Forgetting to Report on PDMR Trades

A European bank (Company A) was fined by its country’s regulator following a share issue in which management figures were offered the chance to...
Read More
Post Picture

When Suspicious Trading Leads to a Conviction for Insider Trading

A man admitted in court that he made trades in the shares of a pharmaceutical company (Company A) based on protected information, becoming the first...
Read More
Post Picture

The Investment Bank That Failed to Stop Insider Dealing

An EU-based office of a global investment bank was fined nearly €200,000 for failing to prevent an employee from conspiring in multiple acts of...
Read More
All articles