The EU’s Market Abuse Regulation (“MAR”) came into effect on July 3, 2016 replacing the EU’s Market Abuse Directive. Unlike the Directive, the MAR has direct effect in each EU member state, including the UK.

The MAR, a civil market abuse regime, is intended to ensure the smooth functioning of the financial markets and enhance market integrity and investor protection by penalizing abusive behavior in the financial markets, market manipulation and insider dealing.

MAR is extra-territorial in its application applying to all issuers who have their financial securities traded on, or are in the process of admitting financial securities to trading, on an EU regulated market or multilateral or organized trading platforms.

MAR requires that issuers or persons acting on their behalf or account maintain insider lists in the prescribed form to monitor and control the flow of insider information. In order to ensure compliance with their obligations, issuers will require their advisory team to also maintain such insider lists and provide them with information maintained on such insider lists.

To ensure that there is uniformity on insider lists, the European Securities and Markets Authority has produced the precise form of the insider lists. This prescribed format requires, amongst other things, personal data of individuals who have access to insider information, including former surnames, home address, home and mobile telephone numbers.

Those who are required to maintain insider lists, especially the advisers to issuers, will have to properly consider their duties as data controllers as such insider lists will contain personal data. Consideration will also have to be given in relation to any requirements to make such insider lists available to issuers or any third parties. Parties will have to consider internal data privacy policies, training employees, getting appropriate consents and building appropriate protections into any contractual arrangements with issuers who require such lists be maintained on their behalf.