Back to overview

Why Insider Lists in Excel Put Your Company at Risk

Companies risk fines of up to €1 million if they manage insider lists using Excel spreadsheets. We take a look at why.

by Moritz Homann 2 min

    Excel spreadsheets are prone to error. This is according to James Kwak, Professor of Law at the University of Connecticut School of Law. In a highly acclaimed blog post, Kwak analyses JPMorgan’s derivatives scandal known as the “London Whale” and demonstrates how faulty Excel spreadsheets played a role.

    Kwak, who has built a number of software applications, concludes:

    “But while Excel the program is reasonably robust, the spreadsheets that people create with Excel are incredibly fragile. There is no way to trace where your data come from, there’s no audit trail (so you can overtype numbers and not know it), and there’s no easy way to test spreadsheets, for starters.”

    Excel Can Quickly Become a Threat to Insider Lists

    What does all this have to do with insider lists? Many companies still rely on Excel solutions when it comes to creating and managing insider lists required by the EU Market Abuse Regulation (MAR). Excel does not ensure compliance:

    • What happens when ‘auto-save’ is on or ‘save’ is clicked on instead of ‘save as’ when a change is made to an insider list? The list immediately becomes non-compliant as versioning is an important part of MAR compliance.
    • Do other users also understand the table even if the original creator leaves the company?
    • Can several users work simultaneously on the list? The data in Excel spreadsheets will also rely heavily on information collated by emails. Are these emails accessible by several people in case the main stakeholder leaves the company.
    • What about backups?

    MAR Requires Accurate Insider Lists

    Excel is not a reliable solution for maintaining insider lists. Particularly as the requirements of MAR are so high:

    1. Project-related insiders and permanent insiders must be listed in separate sections of the insider list. This can be time-consuming and cumbersome in Excel.
    2. The regulator requires that any change to an insider list is saved as a new version. Past versions must be stored. It’s easy to change an Excel file without creating a new version and it is difficult to trace which data has changed from version to version.
    3. All information on insiders must be retained for five years. Server relocations, employee departures, or locally stored data put companies at high risk with simple Excel files.

    Avoid Excel if you want to manage your insider lists and comply with MAR. If you don’t, the penalties are high: the supervisory authorities can punish inaccurate insider lists with fines of up to €1 million.

    The ultimate guide: optimising compliance risk assessment

    Tips on how to successfully analyse compliance risk in your organisation

    Download now
    Moritz Homann
    Moritz Homann

    Managing Director Corporate Compliance – EQS Group | Moritz Homann is responsible for the department of Corporate Compliance products at EQS Group. In this function, he oversees the strategic development of digital workflow solutions tailored to meet the needs of Compliance Officers around the world.