Insider dealing risk frameworks: policies, controls and training
Insider dealing — trading on the basis of material non-public information (MNPI) — is both a criminal offence under Part V of the Criminal Justice Act 1993 and a civil offence under the UK Market Abuse Regulation. For investment firms, the risk of insider dealing arises wherever the firm handles MNPI — in the course of M&A advisory work, debt capital markets transactions, private equity investment, or any situation where the firm obtains information about a company that has not been publicly disclosed. A robust insider dealing risk framework is not merely a compliance requirement; it is an essential risk management tool that protects the firm and its staff from criminal and civil liability.
Information barriers — commonly referred to as 'Chinese walls' — are the primary structural control for managing MNPI within a multi-business investment firm. An effective information barrier must be more than a policy document: it requires physical and system-level separation of information flows, restrictions on the movement of personnel between sides of the barrier, documented procedures for crossing the wall when business necessity requires it, and regular testing of whether the barrier is effective in practice. The FCA has found that information barriers in some firms are nominal rather than real, with information flowing freely between front-office teams that are formally separated on paper. A quarterly penetration test of the information barrier — reviewing communications, systems access logs, and information flows — is a minimum expectation for any firm where MNPI is regularly held.
Personal account dealing by staff is a significant insider dealing risk. COBS 11.7 requires firms to have personal account dealing policies that restrict employees from trading in securities about which they may have MNPI, and from trading in securities of any kind immediately before a client order in the same security is executed (front-running). Employees must pre-notify or seek pre-approval for personal trades in restricted securities, and the compliance team must have a process for reviewing pre-notification requests against the restricted list and the firm's current transaction book. A watch list (monitoring unusual activity in securities about which the firm may have information) and a restricted list (prohibiting staff trading in specific securities) are complementary tools that most firms use in combination.
Training is an essential component of any insider dealing risk framework. Staff must understand what MNPI is (including the difference between generally available information and information that a reasonable investor would consider likely to have a significant effect on price), what the legal and professional consequences of insider dealing are, and what they should do if they find themselves in possession of MNPI unexpectedly. Training should be specific to the individual's role — a structuring lawyer's training requirements differ from those of a sales trader — and should be refreshed at least annually. The firm should maintain records of training completion that can be provided on FCA request.
Escalation and investigation procedures
Firms must have clear procedures for escalating suspected insider dealing to the compliance function, for conducting internal investigations, and for determining whether a STOR should be filed. The decision-making process for STORs should be documented and should involve a senior compliance officer. Where an internal investigation identifies evidence of insider dealing, the firm must consider its obligations under UK MAR to cooperate with the FCA's investigation and must not take any action that could be construed as obstructing that investigation.