What are the Key Points of MAR?

The Market Abuse Regulations (MAR) was created in July 2016 to enhance and harmonise the EU regime on market abuse. The key points of the MAR focus on the types of market abuse which will not be tolerated and how to identify and avoid market abuse. The MAR also increases the scope of existing offences and introduce new offences, such as attempted insider dealing and manipulation of benchmarks. The points set out in the MAR must be complied with to ensure that we are all contributing to a healthy and competitive culture for financial services firms.

What is Market Abuse?

Market abuse refers to the actions of an individual which distort the transparency of the market and creates an unfair advantage for that individual. Reducing market abuse is at the core of the Financial Conduct Authority’s objectives at the moment, as they aim to enhance confidence in the UK markets and to prevent UK markets from being used for financial crime.

The key points in the MAR refer to the following types of market abuse:

  • Insider Information: This is information which is price sensitive and has not been released as public information but is used by an inside employee for personal gain.
  • Market Manipulation: This can include manipulating the price of listed investments for an individual’s purpose and advantage.
  • Attempted Market Manipulation: The attempt to manipulate the market is a considerable civil offence.
  • Insiders’ Lists: This is a list maintained by issuers which includes details of all persons who have access to inside information.
  • Disclosure of Managers’ Deals: This refers to the sensitive information included in such deals, which also may not be public information.
  • Suspicious Transaction Reporting: This applies to transaction reports which are suspicious and suggest that market abuse might have taken place.
  • Research Disclosure: A firm must disclose the identity of the person responsible for researching the firm.

Why did the MAR replace the Market Abuse Directive (MAD)?

The MAR replaced the MAD in July 2016 intending to expand the regulatory scope across more financial instruments and venues, to ensure that there is a stronger crackdown on market abuse. The MAR has extended regulatory scope across financial instruments admitted to trading on multilateral trading facilities (MTF), organised trading facility (OTF) and over the counter (OTC).

Through expanding the regulatory scope, it sets the precedent that market abuse will not be tolerated.

In January 2018, the FCA reported that they had fined Interactive Brokers (UK) (IBUK), a London based online broker, for failing to identify and control market abuse during the period February 2014 to February 2015. The FCA investigated IBUK’s post-trade systems and controls used for identifying and reporting suspicious transactions. The post-trade monitoring systems implemented by IBUK were inadequate as they were unable to identify potential market abuse and oversight of the team responsible for reviewing reports. Therefore, IBUK could not identify when a suspicious transaction report had occurred.

The FCA concluded that IBUK had demonstrated very poor market abuse controls and serious weaknesses in their procedures, which could have allowed market abuse to occur. Therefore, the FCA fined IBUK £1,049,412.

The MAR is an important regulatory framework which must be complied with across the UK and the EU member states. Therefore, knowledge of the MAR’s key points and how to comply is of utmost importance.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.