What One FCA Enforcement Action Teaches Us About Third-Party Insider Risk
Insider dealing undermines fair markets, damages investor trust, and exposes firms to severe regulatory and reputational risk. Detecting it quickly is essential to maintain market integrity, and regulators are increasingly relying on firms’ surveillance capabilities to do so. We’re going to explore a recent real-world example to understand why strong, scalable controls matter.
How a Consultant Exploited MNPI to Generate Illicit Trading Gains
Between October 2018 and January 2022, an external consultant with access to market-sensitive geological data used inside information to trade shares in a listed oil and gas issuer.
The activities included:
- Buying shares ahead of positive announcements
- Selling ahead of negative news to avoid losses
- Generating £128,765 in illicit gains
- Trading through multiple brokerage accounts while based overseas
The FCA imposed a penalty equal to three times the profit made (discounted for early settlement). The FCA’s final notice against this consultant is a sharp reminder that insider dealing risk extends far beyond employees.
How Surveillance Alerts and STORs Triggered the FCA’s Investigation
The FCA’s investigation was triggered by Suspicious Transaction and Order Reports (STORs) filed by a firm. Once alerted, the FCA surveillance systems mapped trading patterns across several accounts and brokers.
This case reinforces a core truth: that market abuse is identified when firms have the technology to detect it.
Key Risks That Were Identified
Individuals with Material Non-public Information (MNPI) are Not Always Employees
Contractors, consultants, advisers, and third parties often fall outside traditional compliance controls. Ignorance of the Market Abuse Regulation (MAR) is no defence, and penalties remain severe.
Issuer and Listed Company Requirements Are Not Always Met
This case highlights persistent weaknesses in issuer obligations:
- Are insider lists complete and up to date?
- Do they capture all external parties with access to material nonpublic information?
- Is your training and completion tracking automated and auditable?
Manual processes are no longer adequate.
Regulatory Consequences Are Increasing
For offences after November 2021, insider dealing can carry:
- Up to 10 years’ imprisonment
- Unlimited fines
- Career-long reputational damage
The FCA has made clear that it will use all supervisory, civil, and criminal powers, supported by industry data and firms’ surveillance reporting.
All RegTech Solutions Are Not Equal
The FCA reaffirmed the critical role of firms’ surveillance systems in uncovering abuse. Weak or outdated surveillance technology can, and will, expose firms to regulatory, reputational, and operational risk.
Why a Comprehensive RegTech Solution Is Now Mandatory
This case, and others, underscore a critical shift that market abuse cannot be effectively managed with fragmented tools, manual tracking, or incomplete insider governance.
A modern compliance programme requires:
- Real-time trade surveillance with cross-account pattern detection
- Automated insider list management, including external parties
- Digital training, policy delivery, and attestation tracking
- STOR guidance workflows and audit-ready reporting
- Continuous control testing and MAR risk assessments
Only a truly integrated RegTech solution can close the gaps, especially when insiders operate remotely, across borders, or outside traditional employment structures.
ACA Delivers Market Abuse Controls the FCA Expects
ACA’s ComplianceAlpha® solution, alongside our advisory and managed services offerings, provides the comprehensive monitoring and governance framework demanded by regulators today, including:
- Market abuse risk framework: Identify gaps across areas like information barriers, private credit, and cross-asset activity, and strengthen your control environment.
- Surveillance technology: Monitor trade and communications with ComplianceAlpha to support detection, escalation, and defensible documentation.
- Transaction reporting assurance: Ensure consistency between surveillance and reporting through ACA’s Regulatory Reporting Monitoring and Assurance (ARRMA) service.
- Training and governance: Build a culture of accountability with SM & CR-focused guidance and escalation training.
- Health checks and mock audits: Test your STOR process and documentation before the regulator does.
It’s time to move from a reactive approach to proactive, technology-driven risk management, the standard regulators now expect. Contact us today to see how ComplianceAlpha can elevate your programme, and future-proof it.