WHITE PAPER
Structuring Insider Lists Pre-IPO
Market Abuse Regulation Compliance Guide
Managing inside information is not just a regulatory requirement for listed companies — it begins well before the IPO stage. Far too often, businesses underestimate the importance of establishing robust insider list processes early on. In reality, 67% of IPO delays caused by due diligence setbacks are directly linked to incomplete or poorly maintained insider access records.
This white paper provides a practical, actionable framework for building and managing insider lists in full alignment with the Market Abuse Regulation (MAR), specifically tailored to the needs and constraints of pre-IPO companies. It outlines key compliance expectations, common pitfalls, and steps to future-proof your organisation against regulatory scrutiny.
It also sheds light on why manual tracking methods — still used by 80% of pre-IPO firms — pose significant risks, from legal liability to reputational damage. You’ll discover how purpose-built insider list software can not only help you meet regulatory obligations with confidence but also streamline internal processes and support a smoother IPO journey.
Download your ebook
Get your free copy of the white paper.
DOWNLOAD NOW
Frequently Asked Questions
What is an insider list, and why is it important before an IPO?
An insider list is a document required under the EU Market Abuse Regulation (MAR) that records the identities of individuals who have access to inside information. Inside information refers to non-public, price-sensitive information relating to a company or its financial instruments. Prior to an Initial Public Offering (IPO), companies often handle large volumes of confidential information across internal teams and external advisers, making the creation and maintenance of an insider list essential. This list plays a crucial role in helping competent authorities, such as national financial regulators, investigate potential market abuse, including insider dealing. Managing insider lists properly demonstrates a company's commitment to regulatory compliance and good governance, fostering investor trust and helping to mitigate the risk of reputational or financial damage.
Who should be included on a pre-IPO insider list?
Anyone with access to inside information must be included on the insider list, whether they are internal staff or external advisers. This typically includes senior management, members of the legal, finance, and strategy departments, as well as investment bankers, lawyers, auditors, consultants, and communication advisers involved in the IPO. Under MAR, the list must clearly identify the person, include their contact details, the date and time they were given access to the information, and the reason they are on the list. It is not sufficient to include someone based on their job title alone; inclusion should be based on their actual access to inside information. Accurate identification and timely updates are essential to meet regulatory requirements and mitigate risk.
How frequently should insider lists be updated during the IPO process?
Insider lists must be kept accurate and up to date at all times. The Market Abuse Regulation requires updates to be made "promptly" whenever there is a change in the list - such as when someone gains or loses access to inside information. During the IPO process, the flow of information and the involvement of different individuals often changes frequently, particularly as the company moves through stages such as prospectus drafting, regulatory submissions, and investor presentations. A good practice is to review the list regularly, ideally at each key milestone, to ensure all relevant individuals are properly recorded. This vigilance not only ensures compliance with MAR but also provides a clear audit trail in case of any market abuse investigation.
What are the legal obligations for storing and protecting insider lists?
Companies must maintain insider lists in an electronic format that is secure and capable of being retrieved promptly. These lists must be retained for at least five years from the date they are created or updated. The regulation also requires that listed individuals be made aware of their legal and regulatory duties and the potential sanctions for insider dealing. Insider lists should be stored in a way that prevents unauthorised access, typically through password-protected databases or secure document management systems. Companies must implement internal controls to ensure only authorised personnel can access or modify the list. Failure to comply with these obligations can expose the company to regulatory action, including investigations, fines, or reputational damage.
How should companies notify and educate insiders about their responsibilities?
Companies must inform individuals included on the insider list of their obligations under the Market Abuse Regulation, including the prohibition on using or disclosing inside information unlawfully. This notification should be formal and in writing, and companies must obtain written acknowledgment from each insider that they understand their duties. It is also advisable to provide clear guidance or brief training sessions, particularly for those who may not be familiar with financial regulation, such as external consultants or non-executive directors. By providing this information, companies not only comply with MAR but also protect themselves by demonstrating they took reasonable steps to prevent market abuse. Clear, proactive communication reduces the risk of unintentional breaches and strengthens the organisation’s compliance culture.
What are the risks of poor insider list management during an IPO?
Failing to maintain a compliant insider list can lead to significant legal and reputational consequences. If insider dealing occurs and the company’s list is found to be inaccurate, incomplete, or outdated, regulators may impose fines or initiate enforcement action. This can be particularly damaging during an IPO, when public and investor scrutiny is at its highest. A poorly managed list could also result in delays to the offering or a loss of market confidence. Moreover, individuals who misuse inside information could face criminal prosecution, and the company may be deemed to have failed in its duty of oversight. Sound insider list management demonstrates robust governance and helps protect the company from regulatory and reputational risks during this critical phase.