FCA warns firms over control of access to inside information

Out-Law News | 02 Sep 2019 | 11:27 am | 2 min. read

The Financial Conduct Authority (FCA) has warned firms to ensure that access to sensitive insider information is restricted to only those who require that access in order to do their jobs.

Firms should also ensure that 'insider lists' setting out who has access to their insider information and when are kept up to date, as required by the Market Abuse Regulation (MAR).

The warnings were published in the latest issue of Market Watch (4-page / 145KB PDF), an FCA newsletter on market conduct and transaction reporting issues. They were prompted by the recent conviction for insider dealing of former investment bank compliance officer Fabiana Abdel-Malek, as well as a recent review by the FCA of the systems and controls used by a sample of market participants to manage access to inside information.

"By allowing widespread and unchallenged access to individuals who do not require the inside information to do their job, firms increase the risk of that information being disclosed unlawfully," the FCA said in the publication.

"Firms also risk being caught up in unlawful disclosure and insider dealing investigations. They may expose themselves to regulatory action and significant reputational risk," it said.

Corporate governance expert Martin Webster of Pinsent Masons, the law firm behind Out-Law, said: "The FCA is putting all on notice that it is not happy with the way in which sensitive information is being controlled."

Inside information is defined by the Financial Services and Markets Act (FSMA) as information which is not generally available; which relates directly or indirectly to one or more of the issuers of a qualifying investment; and which would, if generally available, be "likely to have a significant effect on the price of the qualifying investments or on the price of related investments". An individual is guilty of insider dealing on disclosure of inside information to another person, other than in the proper performance of the functions of their employment, office or profession.

Abdel-Malek was found guilty of five counts of insider dealing after passing inside information about several price-sensitive corporate transactions which were not in the public domain to a third party, who was not an employee of the bank where she worked. That individual used the information to trade contracts for difference (CFDs) on the relevant securities. According to the FCA, Abdel-Malek obtained the information by repeatedly accessing electronic compliance systems. Importantly, she had "no business need" to access that information.

In this case, Abdel-Malek was included on her employer's insider list despite there being no business need for her inclusion. However, the FCA is also concerned that firms have been omitting the names of people who were provided with or had access to inside information. It has also found evidence of individuals accessing inside information who were not named on the relevant insider lists during its investigations.

The FCA carried out a thematic review of the processes that investment banks have in place to control flows of confidential and inside information in 2015. Recently, it carried out a review of the inside information systems and controls of a sample of investment banks, legal advisers and consultancies. It found a number of failings, including large numbers of non-deal staff being given the same access to inside information as deal staff, no regular reviews of access rights and insufficient access monitoring, record keeping and audit trails.

"We view an inability to respond to a regulatory request with accurate records of who had access to inside information as an indication of underlying weaknesses in systems, procedures and policies," the FCA said. "We expect firms to take reasonable steps to ensure that the risks of handling inside information are identified and appropriately mitigated."