CMF Guide for Issuers on the Application of Preventive Measures under the Market Misconduct Regulation

Guide for Issuers on Applying Preventive Measures under the CMF Regulation on Market Misconduct September 2017

Objective of the guide: This guide aims to outline the practical arrangements enabling the application of preventive measures against misconduct concerning inside information, as provided for by the Council of the Financial Market (CMF) Regulation on market misconduct.

Persons concerned:

• Companies whose securities are admitted to the stock exchange listing or fall under the off-market segment and are traded on the electronic system (hereinafter referred to as "issuers");
• Persons exercising managerial responsibilities within the issuers: • managers: members of the board of directors, management board, supervisory board, managing director, general manager, deputy general manager, or delegated general manager; • any other person who, on the one hand, has the power to take management decisions or decisions concerning the development and strategy of the issuer, and on the other hand, has regular access to inside information directly or indirectly concerning said issuer.
• Persons having a link with persons exercising managerial responsibilities, namely: • the spouse; • ascendants and descendants up to the first degree; • any legal entity or body managed, administered, or controlled directly or indirectly by persons exercising managerial responsibilities or by a person having a link with them.

Definition of inside information: Inside information is information that directly or indirectly concerns an issuer or its securities. Inside information must be: • precise; • not public; • likely to have a significant influence on the price of the concerned security when made public.

What is precise information? Precise information refers to a set of circumstances that exist or may reasonably be expected to exist, or an event or its intermediate stages that has occurred or may reasonably be expected to occur, allowing a conclusion to be drawn regarding the possible effect of this set of circumstances or event on the price of securities.

What is non-public information? Information is considered non-public if it has not been disseminated publicly and widely to investors. Thus, for illustration, information shall not be considered public until it has been disclosed in an official press release by regulatory authorities, through a news agency or a major-circulation daily newspaper, during a public audio conference trackable by investors or via the Internet, or in documents sent to shareholders such as an annual report or prospectus.

What is information likely to have a significant influence on the price of a security? Information is qualified as likely to have a significant influence on the price of a security if, once made public, a reasonable investor would be able to use it as a basis for investment decisions. Such information may concern both the issuer's outlook or situation and the development prospects of its securities. These non-exhaustive pieces of information may thus relate to: • strategy (acquisitions, alliances, disposals or other asset changes, change in control of the company or change in its management team...); • financial statements (revenue, operating result or profit estimate...); • financial operations (capital increase, merger...); • any event having a significant impact on a material asset or liability (patents, major litigation, investigations or proceedings conducted by supervisory authorities...).

Legal references: Articles 6 to 15 of the Council of the Financial Market Regulation on market misconduct, as referenced by the Order of the Minister of Finance dated March 28, 2017.

First Part Preventive measures borne by issuers

Obligation to establish procedures and measures regarding inside information management

• Legal reference: Article 7 of the CMF Regulation on market misconduct. • Issuers must implement written procedures for their employees to prevent the undue circulation of inside information. These procedures must be evaluated and updated regularly, taking into account the risks borne by the issuer. Issuers are advised to formalize in a written document, such as an information note or codes of conduct, the adopted procedures and obligations incumbent upon directors or employees who may have access to inside information. This document is recommended to include, in addition to a description of the measures implemented by the issuer, a reminder of the definition of inside information, a description of applicable legal and regulatory provisions, and information on incurred sanctions. • Issuers must also establish effective practical measures to prevent access to inside information by persons other than those who need it for their functions. These measures primarily aim to limit access to any inside information. Only persons whose functions or responsibilities justify it should be able to access this type of information. These measures apply both on a day-to-day basis and during the preparation of financial operations, or during sensitive periods such as before the publication of the issuer's accounts. Indicative measures include: • limiting the number of participants in important meetings; • systematically using a code name for operations; • regularly verifying IT access rights; • implementing an efficient information system; • establishing a calendar of the issuer's public communications and promptly informing the market of sensitive information; • implementing adequate "data room" management to preserve confidentiality: listing data room participants, issuing access cards or codes...

Obligation to list persons with access to inside information

• Legal reference: Articles 7 to 10 of the CMF Regulation on market misconduct. • Issuers must compile a list of persons under their authority or acting on their behalf who have regular or occasional access to inside information directly or indirectly concerning the issuer. It should be noted that there is no standard list of concerned persons. Each issuer must therefore identify them according to its internal organizational specifics. These will essentially be persons who regularly access inside information due to managerial or executive functions within the issuer. The issuer's statutory auditor, or persons exercising permanent advisory activities, also fall within this scope. It may also involve persons with occasional access to this type of information due to their participation in specific operations, whether they are employees of the issuer or service providers such as lawyers, chartered accountants, stockbrokers, or investment banks working with the issuer on structuring an operation or project, as well as communication agencies selected for this operation. Rating agencies are also concerned insofar as they act at the issuer's request and have access to inside information. • Content of the list The list must indicate, among other things: • the identity or name of each person having access to inside information; • the reason justifying their inclusion on the list; • the date of access to inside information; • the dates of creation and updating of the list. The list is prepared in accordance with Annex 1 to the CMF Regulation on market misconduct. • Obligation to update the list The list must be updated without delay in the following cases: • change of the reason justifying inclusion on the list; • addition of a new person to the list; • removal of a person from the list, specifying the date on which this person ceases to have access to inside information. • Obligation towards the CMF The list is retained by the issuer and must be immediately made available to the Council of the Financial Market upon request. • Obligation to inform listed persons Issuers must notify concerned persons of their inclusion on the list by any means leaving a written record. This written proof of notification is retained by the issuer and must be immediately made available to the Council of the Financial Market upon request. This notification obligation aligns with respecting the rights of listed persons and helps sensitize them to the issue of using inside information. It is thus recommended that notifying the concerned person be accompanied by a reminder of the rules applicable to holding, communicating, and using inside information, as well as sanctions for violating these rules.

Obligation to list persons exercising managerial responsibilities and declare them

• Legal reference: Article 15 of the CMF Regulation on market misconduct. • Issuers must compile a list of persons exercising managerial responsibilities. This list includes two types of persons: • Persons explicitly holding executive functions within the issuer, namely members of the board of directors, management board, supervisory board, managing director, general manager, deputy general manager, or delegated general manager. • "Assimilated" persons due to:
  • having within the issuer the power to take management decisions or decisions concerning its development and strategy, and
  • having regular access to inside information directly or indirectly concerning said issuer. These two criteria are cumulative. For "assimilated" persons, there is no standard list. Each issuer must therefore identify them according to its organizational and shareholder structure specifics. If no person within the issuer meets the characteristics mentioned above, issuers are advised to explicitly indicate to the Council of the Financial Market that no person meets the definition provided by the CMF regulation. • Content of the list The list is prepared in accordance with Annex 2 to the CMF Regulation on market misconduct. • Obligation to update the list The list must be updated without delay as soon as there is a change affecting persons exercising managerial responsibilities. • Obligation towards the CMF Issuers must transmit to the Council of the Financial Market the list of persons exercising managerial responsibilities: • By January 31 at the latest each year; • Without delay upon each update of the list. • Obligation to inform listed persons Issuers must notify concerned persons of their inclusion on the list of persons exercising managerial responsibilities. This notification obligation aligns with respecting the rights of listed persons and helps sensitize them to the issue of using inside information. It is thus recommended that notifying the concerned person be accompanied by a reminder of the rules applicable to holding, communicating, and using inside information, as well as sanctions for violating these rules.

Obligation to establish trading blackout periods

• Legal reference: Articles 11 and 12 of the CMF Regulation on market misconduct. • The issuer must define in its written procedures periods prohibiting transactions on its securities. Persons subject to these trading blackout periods are: • persons exercising managerial responsibilities; • persons listed among those having access to inside information. It is up to the issuer to define periods it considers sensitive and justifying a prohibition for covered persons from trading its securities on the stock exchange. However, there are two mandatory regulatory blackout periods:
• the period between the date the issuer becomes aware of inside information and the date it is made public through legal and regulatory channels;
• the 15-day period preceding the publication of annual and interim financial statements and quarterly activity indicators by legal and regulatory channels. The issuer's obligation in this regard is an obligation of means. This means the obligation is deemed fulfilled when the issuer proves it has taken all necessary steps to sensitize covered persons and inform them of the existence of these blackout periods. In any case, it is important to remind covered persons that they are prohibited from executing transactions on the issuer's securities as long as they hold inside information, and that executing a transaction during an "authorized" period does not exempt them from liability.

Second Part Preventive measures borne by persons exercising managerial responsibilities within issuers and persons having a link with them

Obligation to declare owned securities

• Legal reference: Article 13 of the CMF Regulation on market misconduct. • Persons exercising managerial responsibilities within the issuer and persons having a link with them must, by no later than 7 trading days after the entry into function of the person exercising managerial responsibility, declare to the Council of the Financial Market the number of securities of the issuer they own. • Content of the declaration The declaration is prepared in accordance with Annex 3 to the CMF Regulation on market misconduct. • The declaration is personal and must be carried out individually by each concerned person. However, they may entrust their account keeper with making the required declarations without exempting them from personal liability. • The declaration is confidential and not published by the Council of the Financial Market.

Obligation to declare monthly operations Legal reference: Article 14 of the CMF Regulation on market misconduct. • Persons exercising managerial responsibilities within the issuer and persons having a link with them must declare by the end of each month to the Council of the Financial Market and to the issuer operations (acquisitions, disposals, subscriptions, and exchanges) carried out on their own behalf concerning securities issued by said issuer. • Content of the declaration The declaration is prepared in accordance with Annex 4 to the CMF Regulation on market misconduct. • The declaration is personal and must be carried out individually by each concerned person. However, they may entrust their account keeper with making the required declarations without exempting them from personal liability. • The declaration is confidential and not publishable by the Council of the Financial Market or by the issuer.

Obligation to declare significant operations Legal reference: Article 14 of the CMF Regulation on market misconduct. • Persons exercising managerial responsibilities within the issuer and persons having a link with them must declare to the Council of the Financial Market, the Tunis Stock Exchange (BVMT), and the issuer within 3 trading days following their execution, significant operations (acquisitions, disposals, subscriptions, and exchanges) carried out on their own behalf concerning securities issued by said issuer. Operations on the issuer's securities are considered significant if: • involving a volume equal to or greater than 50% of the total trading session volume, and • valued at equal to or greater than 20,000 dinars. These two criteria are cumulative. • Content of the declaration The declaration is prepared in accordance with Annex 5 to the CMF Regulation on market misconduct. • The declaration is personal and must be carried out individually by each concerned person. However, they may entrust their account keeper with making the required declarations without exempting them from personal liability. • The declaration is published upon receipt by the Tunis Stock Exchange (BVMT) on its website. When a linked person is an individual, their name does not appear in the declaration published on the BVMT website. Only the mention "individual with a link" and the identity of the executive with whom this person has links are published. This mention indicates that it is not the executive who acted but a linked person. When a linked person is a legal entity, its corporate name is published in the declaration.