These procedures are to be used by all FSA employees.

What type of information should be regarded as highly market sensitive?

The definition is:

'Information held within the FSA and not yet available to the market, relating to a significant 'event' which, if made public, could enable others to benefit from and/or cause them to take action that they would not otherwise have taken. (In the majority of cases, but not all, this would relate to information that is likely to lead to a substantial movement in market prices.)'

A key determining factor will be whether the information relates to a listed company (or in some cases a mutual) and the size/impact of the company.

The types of scenarios that would most likely warrant such a classification include:

  • significant mergers and acquisitions;
  • significant demutualisations;
  • major strategic initiatives;
  • significant divestments; or
  • significant one-off, and unexpected movements in balance sheet/ profit and loss.

It is envisaged that the number of cases warranting such a classification will be small and will ordinarily only relate to issues raised at the very highest levels within the FSA.

In each case a member of ExCo, or a designated Director, will decide whether a highly market sensitive classification is warranted. Directors of the following areas are deemed to be designated Directors within the meaning of this policy:

  • Major Retail Groups;
  • Permissions, Decisions & Reporting;
  • Wholesale Firms;
  • Markets;
  • Prudential Risk;
  • Retail Firms;
  • Financial Crime and Intelligence; and
  • Wholesale & Prudential Policy

Back to topBack to top

 

Procedures to be followed


First point of contact and classification

  • It is the originator (or first FSA recipient) of information, including HMSI, that is responsible for ensuring that information is appropriate classified and marked.
  • If you receive information that is potentially highly market sensitive (HMS) you must communicate directly with either one of the designated Directors identified above, or a member of ExCo, for a classification decision.
  • The Director (or member of ExCo) will decide whether a written summary of the main points is required. The general principle is that the recording of highly market sensitive information (HMSI) should be kept to a minimum.

Who needs to know

  • HMSI will be distributed on a 'need-to-know' basis only. This will differ for each case and will partly depend upon what (if any) anticipatory work is required prior to the information going public. The 'need-to-know list' should be kept to the absolute minimum.
  • The Director (or member of ExCo) will decide who should be included on the 'need-to-know list' as soon as information has been classified as HMS. These individuals will be made aware of the increased sensitivity of the information to which they will be privy (see footnote 1).
  • The Director (or member of ExCo) will task an individual with the responsibility for setting up and maintaining a record of those on the 'need-to-know list'.
  • HMSI should not be recorded within the standard filing or internal reporting mechanisms or discussed in the presence of individuals not on the 'need-to-know list'.

Use of codenames

  • Codenames will be used in respect of significant mergers and acquisitions (preferably adopting the same codenames used by the affected parties).

Classification of documentation

  • Documents containing HMSI must be classified as "HIGHLY MARKET SENSITIVE" - to appear at the top of every page, centred and in bold.
  • HMS documents received into the FSA should, ideally, be similarly marked upon identification.
  • Documents should, ideally, be de-classified once the information is no longer highly sensitive.

Back to topBack to top

Circulation, storage and copying of HMSI within the FSA

Appropriate measures must be taken to ensure documents circulated are only viewed by those individuals on the 'need-to-know list' (see footnote 2).

These measures include:

  • correct classification of documents;
  • personal collection by, or hand delivery of a document to the intended recipient, in a sealed envelope marked 'Addressee Only'; and
  • HMS documents must be typed or copied only by individuals on the 'need-to-know list' and stored in a restricted access directory.

Care must be taken to:

  • ensure copies are not left lying around and reach their intended recipient;
  • ensure that the printer/copier is not left unattended whilst in production of HMSI – if using a networked-printer, the 'Print and Hold – Confidential' feature must be used, together with a suitable PIN, to ensure that the printer is attended while the document is output;
  • keep a record of who has received a copy of the HMSI in the 'need-to-know list';
  • shred unwanted copies and dispose of in confidential waste;
  • store HMSI documentation securely when not in use – it is the responsibility of each individual to store the information they need for their own purposes in a secure place, which may be a RightSpace locker so long as this is only accessed by the individual; and
  • not to file HMSI documents mainstream documents relating to the institution/ issue concerned - a separate secure file, maintained by a need to know individual, should be established to store all documents needing to be held centrally.

If HMSI is to be distributed by internal email, then the following measures must be adopted:

  • wherever possible, HMS documents should be included as a hyperlink reference (to the document location in the appropriate restricted access directory), rather than as an attachment to the email or within the body of the email itself (although both of these options are permitted under these procedures);
  • The subject line of the email must include an indication that the contents are HMSI, the applicable codeword (but not the name of the firm(s)) and an indcation of the content – for example, "HMSI – Neptune – Analysis of Threshold Conditions"; and
  • HMSI must not, under any circumstances, be sent to a personal email account and/or downloaded onto a home (non-FSA) computer.

Where possible, discussions relating to HMSI – including those held over the telephone – should take place in a meeting room. Discussions on mobile phones relating to HMSI should only occur in private to avoid being overheard.

Back to topBack to top

Circulation of HMSI outside the FSA

Other than in the course of the FSA's activities as a member of the Tripartite Standing Committee, it is expected that the FSA will not, in the majority of cases, share HMSI with third parties. (The affected parties should be encouraged to pass information on to the third parties themselves, if relevant.) However, there may be occasions when it is necessary to do so. Other than where information is shared with staff at the Treasury or Bank of England, which is deemed to be 'pre-approved', in such cases:

  • a designated Director (or a member of ExCo) will approve all information-sharing;
  • the affected parties will be informed that the FSA is to share the information with an external body, unless it is not appropriate to do so; and
  • shared information must be communicated in a secure manner (if being sent to an external email address other than to the Treasury or Bank of England, IS Security must be contacted for advice) and the recipients alerted to its highly sensitive nature.

When meeting with external parties to discuss highly market sensitive matters, consideration should be given to the following:

  • using a neutral venue for joint meetings (e.g. an advisor’s office in a merger scenario) so that parties can avoid being seen together in discussion with the FSA;
  • using private meeting rooms (i.e. rooms that people cannot see into); and
  • arranging meetings at the FSA for times that are unlikely to clash with the majority of other third party visitors to the FSA.

Transmission of HMSI via fax should be avoided where possible. Where it is necessary, the sender must ensure that the intended recipient is standing by at the receiving end and that confirmation of safe receipt is obtained.

Where HMS documents need to be posted to an external recipient (including Board members) then the Postroom must be contacted to engage the services of an approved secure courier.

Where possible, phone calls with external parties relating to HMSI should take place in a meeting room. Discussions on mobile phones relating to HMSI should only occur in private to avoid being overheard.

Back to topBack to top

Taking work off-site

  • HMSI should only be taken off-site (e.g. to attend an external meeting) where there is no other practical alternative.
  • HMS documents taken offsite must be kept in a suitable briefcase, portfolio or other appropriate document holder, or in a sealed envelope, which must remain in the possession of the intended carrier at all times. Anyone taking documents offsite must know which documents have been removed, so that if they are lost or stolen they can be accounted for, and the appropriate mitigating actions taken.
  • HMSI taken offsite in electronic form must be transported on a BlackBerry provided by the FSA or an encrypted FSA laptop – memory sticks, CDs and other removable media must not be used.
  • HMSI must not be read in public (e.g. whilst on the train) or be discussed with non-FSA staff (unless approved by a designated Director or a member of ExCo).

Investigation of leaks

  • The Company Secretary will be:
    • the point of contact for all leak allegations;
    • in conjunction with a member of ExCo, responsible for deciding if the allegation warrants an investigation; and
    • responsible for instructing the Internal Audit Division to undertake an independent investigation.
  • Internal Audit Division will be responsible for investigating leak allegations and providing a report to the Chairman and Deputy Chairman.
  • In some cases the Chairman may also feel it necessary to appoint an external body to perform an investigation.

Declassification of HMSI

A designated Director (or a member of ExCo) must decide that the information is no longer highly market sensitive. HMS documents should be declassified once that decision has been made.

  • "HIGHLY MARKET SENSITIVE" must be removed from the document header by deleting (for electronic) or striking through (for hardcopy) and the header replaced with the appropriate security marking. In order to protect the audit trail of the document, the declassification date should be noted, in brackets, after the security marking, eg "FSA Restricted (HMSI declassified 12/04/02)". Any HMSI label within the footer should also be removed.
  • Ensure that any HMSI label is removed from the file naming convention and properties box.
  • The standard procedure should be to return documents to their 'home' area after declassification. For example, firm specific documents should be moved to the appropriate GROUP or FIRM folder. If the document no longer needs to be contained within a restricted electronic folder, the access permissions should be updated to reflect this. An IS request form will need to be completed and sent to the IS Helpdesk.
  • If appropriate, hardcopy declassified HMS documents may be filed with mainstream documents relating to the institution/issue concerned.
  • The individual with responsibility for the 'need-to-know list' must send an email to all recipients on the list informing them that the HMSI has been declassified.

Back to topBack to top

Handling HMSI circulated by the Listing Transactions department

  • The nature of the transactions reviewed by the Listing Transactions department means that most of the information it handles is market-sensitive. Listing Transactions department therefore has its own procedures for dealing with market sensitive information which replace those documented above.
  • As part of its work, the department circulates HMSI outside the Markets Division. Where this happens, the sender (within Listing Transactions) must indicate that the information is HMSI, and the period of time over which it should be considered as such.
  • On receipt of HMSI from a colleague in the Listing Transactions department, the recipient must apply the procedures defined above, beginning with notifying a designated Director or a member of ExCo.
  • Employees will need to be made aware that by being on the 'need-to-know list', they are technically being made 'insiders' and as such have statutory obligations regarding the handling of such information. They should also be made aware of the consequences of failing to abide by the insiders requirements.
  • It may be appropriate for an Administrator to be nominated as a dedicated resource to undertake all administrative tasks.

 

Footnotes

1. Employees will need to be made aware that by being on the 'need-to-know list', they are technically being made 'insiders' and as such have statutory obligations regarding the handling of such information. They should also be made aware of the consequences of failing to abide by the insiders requirements.

2. It may be appropriate for an Administrator to be nominated as a dedicated resource to undertake all administrative tasks.