Insider lists

The drawing up and updating of insider lists is provided for in Article 18 of MAR and in Commission Implementing Regulation No (EU) 2016/347 adopted pursuant to that Article. The maintenance of insider lists for issuers of securities subject to trading on an SME growth market is provided on in chapter 12, section 2 of the Securities Markets Act and Article 18 of MAR.

Open all elements Close all elements
Who has the obligation to draw up and update insider lists?

The obligation concerns issuers and persons acting on their behalf or on their account.

The person acting on the issuer’s behalf or on its account has an independent duty

A person acting on an issuer’s behalf or on its account (e.g. advisers and consultants) has an independent duty to draw up an insider list comprising all the persons who have access to inside information and who are working for them under a contract of employment. This duty also includes the submission of the insider list to the competent authority.

An issuer may outsource the drawing up and updating of its own insider list

If an issuer outsources the maintenance of its insider list to the person acting on its behalf or on its account, such as an adviser, the issuer is responsible for the drawing up and updating of its own insider list in accordance with the principles of outsourcing. The person acting on the issuer’s behalf or on its account is responsible for drawing up and updating its own insider list.

If an issuer delegates (outsources) the drawing up and updating of its own insider list to a third party not acting on the issuer’s behalf or on its account, the issuer is responsible for the drawing up and updating of the list in accordance with the principles of outsourcing.

Who is entered on the insider list?

All persons who have access to inside information and who are working for the issuer under a contract of employment or otherwise performing tasks which give them access to inside information, such as advisers, accountants or credit rating agencies.

Issuers and any persons acting on their behalf or on their account must take all reasonable steps to ensure that any persons on the insider list acknowledge in writing the duties entailed and are aware of the sanctions related to insider regulation. A sufficient acknowledgement consists in the insider acknowledging the duties once, after which it is sufficient to refer to the duties and sanctions. If the company so wishes, it may, however, require separate acknowledgement for each project.

What data is entered on the insider list?

Templates for a project-specific insider list and for a supplementary section listing permanent insiders are annexed to the Commission Implementing Regulation (Annexes I and II). Under Annex I, the project-specific insider list must contain the following data:

  • First name(s) and surname(s) of the insider, as well as birth surname(s) of the insider if different from current surname
  • Professional telephone number(s) of the insider, including work direct telephone line and work mobile numbers
  • Issuer name and address
  • The insider’s function and reason for being an insider
  • Date and time at which the person obtained access to inside information
  • Date and time at which the person ceased to have access to inside information
  • Date of birth of the insider
  • National Identification Number of the insider, if applicable
  • Personal telephone numbers (mobile phone number and other home telephone number, if any)
  • Full home address of the insider (street name, street number, city, postcode and country).

Insider list of an issuer listed on an SME growth market

In accordance with chapter 12, section 2 of the Securities Markets Act, an issuer of securities subject to trading on an SME growth market shall maintain a list of its insider projects as referred to in Article 18 (1) of MAR (project-specific insider list). The exact format of the insider list for issuers on an SME growth market will be provided on in a Commission delegated regulation issued at a later date. Until then, issuers on SME growth markets may comply with currently valid practices concerning the maintenance of insider lists.

In addition, the insider list must indicate the date and time of creation of the insider list section, the date and time of the last update as well as the date of transmission to the competent authority.

How is an insider list drawn up and managed?

An insider list is drawn up in electronic format and updated at all times without delay when

  • there is a change in the reason for including a person who is already on the insider list,
  • there is a new person with access to inside information, who therefore needs to be entered on the insider list,
  • a person ceases to have access to inside information.

Each update must specify the date and time when the change triggering the need for an update occurred and the date of the update.

Templates for insider lists

On the basis of the Commission Implementing Regulation, the Financial Supervisory Authority has drawn up templates for a project-specific insider list and a supplementary section listing permanent insiders. An issuer or a person acting on the issuer’s behalf or on its account may manage an insider list using the Financial Supervisory Authority’s list templates or in any other manner fulfilling the requirements of MAR and of secondary regulation adopted pursuant to it.

The Financial Supervisory Authority’s example of a project register (in Finnish)(excel)

The Financial Supervisory Authority’s example of a permanent insiders list (in Finnish) (excel)

The Financial Supervisory Authority’s example of an insider list to be submitted by issuers of financial instruments admitted to trading on SME growth markets (in Finnish) (excel)

Reliable management of an insider list

Under Article 2(4) of the Commission Implementing Regulation, the electronic management of an insider list must ensure

  • the confidentiality of the information included by ensuring that access to the insider list is restricted to clearly identified persons from within the issuer and any person acting on the issuer’s behalf or on its account who need that access due to the nature of their function or position
  • the accuracy of the information contained in the insider list
  • the access to and the retrieval of previous versions of the insider list.

In order to meet the duties described above, the manager of an insider list should name the persons responsible for managing the insider list and their deputies.

The insider list must be stored for at least five (5) years from the time it was drawn up or updated.

How is an insider list submitted to the Financial Supervisory Authority?

On request of the Financial Supervisory Authority, the manager of an insider list must submit the insider list to the Financial Supervisory Authority as soon as possible.

The insider list must be submitted to the Financial Supervisory Authority as an Excel spreadsheet, and its presentation must correspond to the template of the Financial Supervisory Authority (column titles, number of columns and column order). 

The insider list must be submitted to the official of the Financial Supervisory Authority who requested it (firstname.lastname@finanssivalvonta.fi) using a secure e-mail connection.

Secure e-mail connection

Related information

In addition to a project-specific insider list, an issuer or a person acting on the issuer’s behalf or on its account may draw up a supplementary section concerning permanent insiders. Maintaining a permanent insider list is voluntary. A supplementary section concerning permanent insiders may contain data on only those persons who have permanent access to all insider information within the company.