The company shall establish an insider list (”logbook”) of all persons who: (a) have access to inside information, and work for the company through employment contracts, or (b) otherwise perform information through which they have access to inside information such as advisers, auditors or credit rating agencies (MAR Art. 18).
The logbook should be electronic – and the content requirements are very detailed. The establishment shall be made without delay when the inside information has been identified and then at each change (e.g. when new persons are added). Each update should specify the date and time of the change that caused the update.
An issuer (or person acting on behalf of the issuer) shall update the logbook without delay:
- When the reason for a person appearing on the insider list is changed.
- When a new person has inside information (and therefore needs to be added).
- When a person no longer has access to inside information.
At the request of the financial supervisory authority, the logbook must be handed in as soon as possible.
If another person acting on behalf of the issuer, or for the account of the issuer, assumes the task of preparing and updating the logbook, the issuer remains fully liable for that the rules for managing logbook are followed.
Each section of the logbook should have a title indicating the name of the business-specific or event-based inside information.
The field ”Company name and company address” usually indicates the company in which the person in question is employed and the address of the place where the person is working.
The field ”Function and reason for access to inside information” indicates the capacity (e.g. legal adviser) the person has access to the information (i.e., no specific inside information a person has).
The issuer shall take all reasonable steps to ensure that all persons listed in the logbook confirm in writing that they are aware of the legal obligations involved and the sanctions applicable to insider dealing and unauthorized disclosure. If a person who has previously been admitted to a particular issuer’s logbook, and thus submitted such written confirmation, is included in a new section, no new confirmation is required, but it is sufficient for the issuer to send a notification to the person in question. (If the last confirmation was issued on the basis of a notification that only stated the sanctions applicable before 1 February 2017, a new confirmation should be obtained.)
When updating the logbook, it is not necessary to store the previous wording in particular (according to the financial supervisory authority confidential communication). It is then enough to keep new people in the logbook on a regular basis and record in the prescribed manner when the logbook was last updated with the date and time (i.e. using UTC time code), concerning when individuals were given, or ceased to have, inside information. However, the logbook will ensure ”access to and recovery of earlier versions” of the logbook (see Implementing Regulation). This means, among other things, that out-of-date sections must be preserved in a manner that corresponds to the requirements for access to current sections. It also means that if a logbook is transferred in a new format or similar, the previous version must be retained. As long as the issuer is merely entering new information in the logbook on a regular basis and in the prescribed manner, only one version of the logbook is found (no ”previous versions”), where it is also duly identified how persons were added as more individuals received inside information.
Read our 7 step checklist for MAR compliance.