By 
Regulated firms in financial services are subject to very prescriptive anti-market abuse regimes and, collectively, are highly experienced in protecting themselves against threats and monitoring for insider trading. But how do non-financial, corporate issuers of securities, such as public limited companies (PLCs), compare?
As market abuse regulations have become more stringent in the US and Europe, regulators’ ability to identify potential abuse has also improved thanks to advances in technology. This has been a catalyst for financially-regulated firms to enhance their own technical capabilities for protecting against and detecting market abuse, including insider trading.
The implementation of surveillance systems, for example, has allowed regulated firms to understand who exactly has access to what non-public, confidential, or inside information, and ensure they’re protecting the business, their employees, and the market from potential harm.
While compliance with market abuse regulations is a top priority for financial services firms, it has largely been in the peripheral vision of corporate issuers. As corporations are also subject to less stringent requirements than financial services firms, certain areas, such as monitoring employee trading, are not prioritized. But, without a full understanding of the risks that inadequate monitoring exposes them to, and how to mitigate them, they will be more vulnerable to insider trading.
CARELESS WHISPERS
Most senior executives at publicly traded companies are aware of at least some of their responsibilities for preventing market abuse, such as the obligation to refrain from trading company shares during close periods and to avoid sharing information with personal contacts, including family and friends. The recent Theranos case in the US, for example, focused on what the company’s senior management knew and how this might have influenced their share trading patterns.
But this isn’t necessarily true for the majority of a corporation’s employees, who are unlikely to have received the same level of education and compliance training as their counterparts in financial services. Do they understand the importance of not discussing that upcoming product launch, new contract signing, or planned expansion into a new market?
Most instances of market abuse tend to be inadvertent rather than deliberate, often the result of insufficient monitoring and controls, or perhaps due to a momentary lapse in an employee’s concentration. This includes seemingly innocuous conversations, like a casual chat with your brother-in-law at a barbecue, for example, and more formal discussions – such as talking to select key shareholders about future plans over lunch, instead of addressing all shareholders together.
If an experienced chair of a listed entity can fall into this trap, it is likely that other corporate executives will have blurred the lines as well. If you say something to one shareholder, you have to say it to all of them.
THE DATA CHALLENGE
Regulators and corporations both face challenges when it comes to data and insider trading.
Many regulators are keen to obtain and analyze as much data as possible to understand trading patterns and behavior. It’s true that if you’re trying to find a needle in a haystack, the answer isn't necessarily to get a bigger haystack. But if a regulator or competent authority can also leverage technology that delivers actionable intelligence, they will stay ahead of any (potential) non-compliance issues.
Corporations face the challenge of generating more data than they need and storing it for longer than they should. They, therefore, need to assess their ability to store and manage the data they produce, and determine what documents need to be created and retained. If you routinely record all Teams calls and Zoom meetings, for example, what’s your justification? Routine recording makes data hard to manage from the point of view of GDPR – if an aggrieved employee requests data from a recording, all personal data of any other participants will need to be redacted (a resource-intensive activity).
Overlap between regulatory regimes can create additional challenges if they pull in different directions. Market abuse regulations, for example, require records of communication that might contain inside information to be maintained, while GDPR might have different or contradictory requirements on how that data is to be held and retained.
PREVENTATIVE MEASURES: TECHNOLOGY & CULTURE SHIFT
Following the recent amendments to SEC Rule 10b5-1, corporate issuers are in the regulatory spotlight, facing greater scrutiny and accountability for the trading activity of their employees. If these firms are to meet their obligations – and close the gap with financial services – they will need to ensure they have technology in place that supports effective monitoring of employee trading. They will also need to continue to support compliance being front and center in everyone’s mind, and enable employees at all levels to understand their individual responsibilities and role in preventing market abuse. Having the right tools available for employees to use; making it easy for them to stay on the right side of regulatory changes, is a critical part of fostering a culture of positive compliance.
Find out more in Terry Dawson’s fireside chat on corporations and market abuse with Jonathan Armstrong, a corporate compliance attorney at Cordery Compliance.
