The Market Abuse Directive requires all companies trading on EU regulated markets to ensure that they and advisers acting on their behalf or on their account, draw up a list of those persons working for them, under a contract of employment or otherwise, who have access to inside information relating directly or indirectly to the company, whether on a regular or occasional basis.

Responsibility for maintaining insider lists rests with the company, and not its advisers.

An insider list must contain:

• The identity of each person having access to inside information
   
  
• The reason why such person is on the insider list
   
• The date on which the insider list was created and updated

There is an obligation to update insider lists promptly:

• When there is a change in the reason why a person is already on the list
   
• When any person who is not already on the list is provided with access to inside information
   
• To indicate the date on which a person already on the list no longer has access to inside information

The information contained within any insider list (including all of the old versions of the list) must be kept for at least five years. Lists must be made available to the relevant authorities on demand, as soon as possible.

Companies must ensure that all insiders acknowledge the legal and regulatory duties involved and are aware of the sanctions attaching to the misuse or improper circulation of inside information.