Strengthening information barriers: Why it matters now 

The FCA recently released its Primary Market Bulletin 54, it did more than offer guidance—it issued a clear warning. Strategic leaks during M&A deals are no longer isolated compliance breaches. They’re becoming systemic, and the regulator is taking note. 

This bulletin turns a spotlight on what many in legal and compliance functions have long known: Information barriers are not a sufficient control. You may say two people shouldn’t talk about x, but information barriers cannot sufficiently stop them from talking about x. In an environment where material non-public information (MNPI) can leak across voice, chat, or email in seconds, firms need to rethink how information control frameworks actually work. 

The stakes have changed—and so must the approach. 

The FCA’s red flags: What firms should take away 

The FCA’s bulletin doesn’t just revisit UK MAR expectations. It raises questions about the operational integrity of how firms handle sensitive deal information today. In particular, the regulator is concerned about: 

• Strategic or negligent disclosures that appear to originate from inside deal teams 
• Weak enforcement around “need-to-know” protocols across advisory and issuer networks 
• A lack of auditable oversight mechanisms to detect, prevent, and respond to information seepage 
• Culture and governance gaps that enable sensitive data to circulate too freely—and too informally 

When the FCA starts linking M&A leak patterns with enforcement risk, it’s not a time for incremental fixes. 

Rising risks in the numbers 

The FCA’s 2024 Suspicious Transaction and Order Report (STOR) figures reinforce the urgency behind Market Bulletin 54.  In 2024, 87% of all STORs submitted related to insider dealing—the majority linked to trading ahead of earnings announcements and M&A activity. Equities dominated the reports, while commodities, fixed income, and FX markets showed significantly lower volumes, raising concerns about under-surveillance and potential blind spots. 

The takeaway is clear: While equity surveillance appears relatively mature, non-equity markets like commodities, FX, and fixed income lag behind, suggesting blind spots in detection and reporting. In less-monitored asset classes, gaps can be even wider. Without comprehensive monitoring and active information barriers, firms risk missing critical threats—and exposing themselves to growing regulatory scrutiny. 

Why legacy information barriers aren’t enough anymore 

The way firms used to manage inside information—with restricted lists, firewalled teams, and manual compliance checks—still leaves the space for leaks wide. Even with surveillance ad hoc reviews based on lexicons does not provide preventative or adequate control. Digital collaboration and hybrid working models have blurred boundaries and made static controls feel increasingly performative. 

The numbers from the 2024 STOR report show that insider risks are rising even in highly surveilled markets. As trading patterns become more complex and corporate activity increases, static information barriers leave firms exposed to faster-moving, harder-to-detect leaks. 

In practice, many firms struggle with: 

• Visibility into how restricted lists actually translate across communication platforms 
• Differentiating between permissible internal collaboration and boundary-crossing disclosures 
• Retrospective reviews that surface issues too late to mitigate reputational or legal damage 

The result is an ever-widening gap between policy and practice—one that the FCA, and other regulators, are now pointing to explicitly. 

Now what? 

Getting ahead of this risk isn’t just about tightening controls—it’s about making them dynamic, contextual, and enforceable. Firms serious about preventing unlawful disclosures during M&A activity (and similar high-risk events) should focus on two core shifts: 

• Automate the linkage between restricted entities and communications surveillance—including voice, email, chat, and collaboration platforms. 
• Monitor both proactively and retroactively, surfacing misuse or unauthorized access for the entire time an individual or team remains on a “need-to-know” list. 

It’s this kind of dynamic enforcement that moves a firm from “we had a policy” to “we saw the breach, and we stopped it.” 

What good looks like: Bridging compliance lists and communications 

At Shield, we’ve seen the benefits of this firsthand. Our  Information Barriers model within Shield Surveillance was designed to operationalize the surveillance of sensitive information across eComms and voice. It connects compliance lists—watch, restricted, deal, research—to real-time alerts and review workflows. 

It doesn’t just enforce policy. It closes the loop. 

By scanning for risk across the lifecycle of a deal, the platform gives compliance teams the ability to detect and respond to potential leaks while individuals are still within the “need-to-know” window. Whether used proactively to prevent misuse, or retroactively to investigate, it provides the accountability regulators are demanding. 

Shield’s broader platform was also recently recognized by Gartner as a Visionary in the Digital Communications Governance and Archiving (DGCA) Magic Quadrant and a number 1 vendor in AI critical capabilities. One of the reasons cited: Our ability to operationalize AI for modern surveillance—and translate policy into actual protection. 

Rethinking risk 

Information barriers aren’t just a compliance concern. They’re a trust signal. They protect firm reputation, deal value, and client confidence. As the FCA sharpens its focus on information control, firms have an opportunity to get ahead—not just to avoid fines, but to build smarter risk cultures. 

In a world where leaks are no longer tolerated as inevitable, enforcement is no longer about the breach. It’s about the response. 

And that’s something every firm should be ready to show.