Third Parties MAR, Listings and Disclosures Policy

header symbol

Shawbrook Group Version 1, 16 October 2025

1.    Purpose

This Policy ensures all outsourced suppliers and third-party service providers to Shawbrook Group plc (“Shawbrook” or “the Group”) understand and comply with obligations under the UK Market Abuse Regulation (UK MAR), the Listing Rules (LRs), and the Disclosure Guidance and Transparency Rules (DTRs).

It supplements confidentiality and data protection obligations within supplier contracts and forms part of Shawbrook’s Market Conduct Framework.

2.    Scope

This Policy applies to all external suppliers, contractors, advisers and service providers who: 

  • Have access to Shawbrook’s confidential, price-sensitive, or inside information; or
  • Provide services where exposure to such information may occur (e.g. IT, data hosting, communications, legal, finance, PR, or audit).

3.    Key Requirements

3.1  Safeguarding Inside Information

Suppliers must:

  • Treat all non-public information relating to Shawbrook as strictly confidential.
  • Use information only for the purpose of fulfilling contractual obligations.
  • Ensure appropriate IT, physical, and personnel security controls are in place to prevent unauthorised access or disclosure.
  • Have controls to identify and contain inside information.
  • Report immediately to Shawbrook if they become aware that any information they hold could be inside information. 

3.2   Compliance with the Market Abuse Regulation

Any supplier or its personnel who have access to inside information must comply with the following additional restrictions:

  • You must not deal in Shawbrook shares, bonds, or any related financial instruments while in possession of inside information.
  • You must not recommend or encourage others to deal in Shawbrook securities.
  • You must not use inside information to deal in the securities of any third party (e.g., a Shawbrook customer, supplier, or acquisition target).
  • During Shawbrook’s Closed Periods, or where notified by the Company Secretary, you must not deal in Shawbrook securities at all.
  • If you or any of your personnel wish to deal in Shawbrook securities at any other time, you must first obtain written clearance from Shawbrook’s Company Secretary.
  • Breach of these obligations may constitute criminal or civil market abuse offences under UK MAR and may lead to regulatory enforcement and termination of contract.

3.3   Insider Lists

Where Shawbrook identifies that supplier personnel have access to inside information, the supplier must:

  • Maintain an Insider List in the format prescribed by Article 18 of UK MAR.
  • Obtain written acknowledgements from all listed individuals confirming awareness of their legal obligations. 
  • Update the list promptly as individuals gain or lose access. 
  • Retain the Insider List for at least five years and provide it directly to the FCA upon request.

3.4   Confidentiality and Data Protection

Suppliers must: 

  • Restrict access to inside information to authorised staff only and on a strict “need to know” basis.
  • Never make external disclosures or press statements regarding Shawbrook without Shawbrook’s Company Secretary approval.
  • Support Shawbrook in preparing holding announcements if confidentiality fails.

3.5   Notification Requirements

Suppliers must immediately notify the Company Secretary if:

  • Any breach, data loss, or unauthorised disclosure of rumours or inside information occurs; or
  • They receive a request from any regulator in relation to Shawbrook.

Suppliers must notify Shawbrook within 24 hours of any actual or suspected breach. Failure to do so may lead to contract termination, FCA notification and/or possible regulatory investigation or civil/criminal sanctions under UK MAR or the Criminal Justice Act 1993.

3.6   Subcontracting

No subcontracting of services involving access to inside information may occur without prior written consent from Shawbrook. Approved subcontractors must sign equivalent confidentiality and MAR undertakings.

3.7   Training and Awareness

Suppliers must ensure relevant staff are trained on MAR, confidentiality, and insider information handling, and maintain evidence of such training.

3.8   Record Keeping and Audit

Suppliers must:

  • Retain records relating to insider list maintenance, acknowledgements, training and breach reports for at least five years.
  • Provide these records to Shawbrook or its auditors on request.

3.9   Breach Consequences

Non-compliance may result in termination of engagement, legal action, and/or notification to the Financial Conduct Authority (FCA).

4.    Contact

All queries regarding this Policy should be directed to the Company Secretarial Team at company.secretariat@shawbrook.co.uk.