Insider lists
The drawing up and updating of insider lists is provided for in Article 18 of MAR and in Commission Implementing Regulation No (EU) 2026/1291 adopted pursuant to that Article. The maintenance of insider lists for issuers of securities subject to trading on an SME growth market is provided on in chapter 12, section 2 of the Securities Markets Act and Article 18 of MAR.
The obligation concerns issuers and persons acting on their behalf or on their account.
The person acting on the issuer’s behalf or on its account has an independent duty
A person acting on an issuer’s behalf or on its account (e.g. advisers and consultants) has an independent duty to draw up an insider list comprising all the persons who have access to inside information and who are working for them under a contract of employment. This duty also includes the submission of the insider list to the competent authority.
An issuer may outsource the drawing up and updating of its own insider list
If an issuer outsources the maintenance of its insider list to the person acting on its behalf or on its account, such as an adviser, the issuer is responsible for the drawing up and updating of its own insider list in accordance with the principles of outsourcing. The person acting on the issuer’s behalf or on its account is responsible for drawing up and updating its own insider list.
If an issuer delegates (outsources) the drawing up and updating of its own insider list to a third party not acting on the issuer’s behalf or on its account, the issuer is responsible for the drawing up and updating of the list in accordance with the principles of outsourcing.
All persons who have access to inside information and who are working for the issuer under a contract of employment or otherwise performing tasks which give them access to inside information, such as advisers, accountants or credit rating agencies.
Issuers and any persons acting on their behalf or on their account must take all reasonable steps to ensure that any persons on the insider list acknowledge in writing the duties entailed and are aware of the sanctions related to insider regulation. A sufficient acknowledgement consists in the insider acknowledging the duties once, after which it is sufficient to refer to the duties and sanctions. If the company so wishes, it may, however, require separate acknowledgement for each project.
Templates for a project-specific insider list and for a supplementary section listing permanent insiders are annexed to the Commission Implementing Regulation (Annex I). Under Annex I, the project-specific insider list must contain the following data:
- First name(s) and surname(s) of the insider
- Professional telephone number(s) of the insider, including work direct telephone line and work mobile numbers
- The insider’s function and reason for being an insider
- Date and time at which the person obtained access to inside information
- Date and time at which the person ceased to have access to inside information
- National Identification Number (if applicable) or otherwise Date of Birth
In addition, the insider list must indicate the date and time of creation of the insider list section, the date and time of the last update as well as the date of transmission to the competent authority.
An insider list is drawn up in electronic format and updated at all times without delay when
- there is a change in the reason for including a person who is already on the insider list,
- there is a new person with access to inside information, who therefore needs to be entered on the insider list,
- a person ceases to have access to inside information.
Each update must specify the date and time when the change triggering the need for an update occurred and the date of the update.
Templates for insider lists
The Financial Supervisory Authority’s example of a project register (in Finnish)(excel)
The Financial Supervisory Authority’s example of a permanent insiders list (in Finnish) (excel)
Reliable management of an insider list
Under Article 1(3) of the Commission Implementing Regulation, the electronic management of an insider list must ensure that
a) access to the insider list is restricted to clearly identified persons that need that access due to the nature of their function or position;
b) the information included is accurate and kept up to date;
c) previous versions of the insider list are accessible.
In order to meet the duties described above, the manager of an insider list should name the persons responsible for managing the insider list and their deputies.
The insider list must be stored for at least five (5) years from the time it was drawn up or updated.
On request of the Financial Supervisory Authority, the manager of an insider list must submit the insider list to the Financial Supervisory Authority as soon as possible.
The insider list must be submitted to the Financial Supervisory Authority as an Excel spreadsheet, and its presentation must correspond to the template of the Financial Supervisory Authority (column titles, number of columns and column order).
The insider list must be submitted to the official of the Financial Supervisory Authority who requested it (firstname.lastname@finanssivalvonta.fi) using a secure e-mail connection.
Related information
In addition to a project-specific insider list, an issuer or a person acting on the issuer’s behalf or on its account may draw up a supplementary section concerning permanent insiders. Maintaining a permanent insider list is voluntary. A supplementary section concerning permanent insiders may contain data on only those persons who have permanent access to all insider information within the company.