The British Financial Conduct Authority's Disclosure and Transparency Rules (DTR) oblige every issuer to draw up a list of people who have regular or occasional access to its 'inside information.' Its recent comments on the UBS Abdel-Malek case outline its expectations in this area.

Our recent article on the FCA’s market cleanliness pledge explained how the FCA is using MiFID transaction reports and suspicious transaction and order reports to identify potential market abuse. Now the FCA, which regularly espouses standards of good market conduct in its Market Watch publications, has published edition 60 which lays out its concerns about the control of access to inside information in the light of the recent conviction of a former UBS compliance officer.  

Ms Abdel-Malek was convicted of 5 counts of insider dealing. The FCA found that she was named on the UBS 'insider list' but had no legitimate business reason to access the information. She shared that information with an accomplice outside the bank who proceeded to trade contracts for differences in the related securities for personal gain.

The FCA believes that to give an employee widespread and unchallenged access to inside information that is not pertinent to his job increases the likelihood of market abuse and unlawful disclosure. It has therefore used Market Watch 60 to publish examples of good and poor controls that it has seen at various investment banks, legal advisory firms and other consultancies.

These examples provide a useful list of dos and don’ts for firms that are striving to control access to inside information and they also describe the standards that the FCA expects. Although they are aimed at issuers and their advisors, asset managers may choose to use them to review their own arrangements for the handling, control and dissemination of inside information.

DO make sure that every individual with access to inside information has a legitimate reason for seeing it.
DON'T allow support staff to have access to inside information on an arbitrary basis.

DO anonymise information that your IT people or other support staff need to see for maintenance or permission purposes.
DON'T store electronic files containing inside information in general team folders.

DO periodically review access rights internally, particularly when someone is changing his job or leaving the firm, and have a comprehensive audit trail of access.
DON'T allow the same access rights to all individuals - this includes letting information cross jurisdictions.
 
DO record sufficient details about the people who have access to inside information and the reason they need the access.  
DON'T be generic and undescriptive when writing down the names of people who have access to such information.

DO be sure that your list only contains the names of people who have access to inside information.  
DON'T write down the name of anybody who did not actually have such access.

DO monitor people's access to information in a risk-based manner and use staff who understand the need to control inside information.  
DON'T monitor things in a way that is so vague that it does not capture enough detail about the people who had access to the information.

DO consider whether any suspicions that anyone might have about market abuse could also point to money laundering.
DON'T permit anyone to edit, delete or manipulate internal documents in any way.

The FCA views an inability to respond to a regulatory request with accurate records of the people who had access to inside information as an indication of underlying weaknesses in systems, procedures and policies. If a firm cannot do so accurately and promptly, it might attract further regulatory scrutiny.  

As the FCA asks in its "key conduct questions": What proactive steps do you take as a firm to identify the conduct risks inherent in your business? Do you have confidence that you have effective market abuse systems and controls? Do you know who in your organisation is accessing inside information and why he or she needs to? How promptly and accurately will you be able to obtain information to respond to a request from the FCA identifying "who, what and when"?

* Kim Ellis can be reached on +44 (0)20 3146 1864 or at kim@elliswilson.co.uk