Insider List Management

Law firms that handle price sensitive matters in jurisdictions subject to tight regulatory controls must take special care to maintain accurate records of compliance. For example, in the EU the Market Abuse Regulation (MAR) mandates that firms with publicly listed clients need to include much more detail when compiling “insider lists” of individuals at the firm with access to price sensitive information.

With high-profile lawyer violations coming to light internationally, and successful insider-trading prosecutions in several jurisdictions, several regulatory bodies have stated that they will be taking a more aggressive stance to ensure that firms observe and enforce applicable rules. A critical rule affecting many law firms is the requirement to maintain and be prepared to furnish insider lists that document all individuals who have accessed, or even had the ability to access price sensitive information. This data must be tracked on a per matter basis and include the nature and duration of those access rights.

And because the stakes are so high, clients that previously were content to ask firms to produce insider lists only when facing official requests from regulators are increasingly asking firms to proactively maintain real time insider lists from day one.

The Problem

In response to these and other trends, firms increasingly are employing sophisticated information security and confidentiality enforcement software to tightly control who has access to price sensitive information. But without specific tools for insider list management that automate tracking of access rights and production of defensible records, firms must generate lists manually.

Unfortunately, manually creating insider lists is time-consuming, presents significant administrative burdens, and heightens risks of error and omission:

  • icon question
    Reviewing historical data such as time entry records will only identify fee earners, not support staff

  • icon question
    Reports generated in this fashion may only present client-level and not matter-level activity

  • icon question
    Time entry records do not exhaustively address the question of how long individuals had the ability to access price sensitive information, exercised or not

  • icon question
    Nor do they capture or present necessary detail describing why specific individuals were added or removed from a matter

Adding to these burdens, lists must present different information depending on the jurisdiction in question, with some countries mandating the collection of personal information that is explicitly prohibited in others. The net result is that firms pursing manual approaches are disadvantaged compared to peers able to produce timely, completely, automated insider lists.

The Intapp Solution – Intapp Walls for Regulatory Reporting

A better approach to insider list management relies on automation that weaves access control and tracking into the fabric of firm business processes in a way that is transparent and burden-free to lawyers and risk management staff. Intapp provides confidentiality enforcement technology that centralizes and automates insider list management. It is the only solution that automatically monitors matter team composition, maintains a historical record of individuals with access, and generates insider list reports instantly, on demand.

This software-based approach allows firms to dramatically reduce the resources required to achieve compliance.

Next: ISO 27001 Certification intapp arrow