By 
The four components of insider dealing. Why it’s not just front-office staff who can leak MNPI. Why a culture of compliance counts now more than ever. We cover all this and more in this week’s StarBlog
A lot of important ground was covered in the 2021 Star EMEA Virtual Spring Forum. It brought together Star clients and other key operators in the compliance sphere from across the region, who were guided through a wide range of topics by Damon Batten of Bovill: a financial services regulatory consultancy. Just in case you missed this showcase of insights and solutions, or are looking for a concise wrap-up, we’ve pulled the top five takeaways for you. At the bottom of the page, you’ll also be able to access a full recording of the event.
1. INSIDER TRADING HAS FOUR DISTINCT COMPONENTS
“The trading part of insider trading is the easy part,” says Batten. “Either a trade has taken place or it hasn’t. The inside information part is where things get interesting.” Per Batten, there are four components to a working definition of inside information. First, the information must be precise in nature, i.e., it must contain factual information not open to interpretation. Second, the information must not be public; it must not be common knowledge. Third, it must have a direct link to a financial instrument, depending on how the regulation is cast. The final component is price sensitivity: if this information were to become public, would there be a price reaction? Batten: “I think the real challenge for compliance officers is to look at each case, think about each of these four components, and try and reach a reasonable outcome to determine whether information really is inside or not. There will certainly be cases where two people look at the same information and reach different conclusions.”
2. USE REAL-LIFE EXAMPLES TO GET YOUR MESSAGE ACROSS
One of the things that makes compliance so challenging is not just the fact that compliance teams must write their policies in light of an ever-changing set of global perceptions, guidelines, and principles, but then those policies must be communicated to the rank and file effectively and efficiently. How is that best accomplished? Batten: “The best way to communicate the increasingly complex and nuanced world of compliance to employees is by example. Choose specific cases, look at real-life situations, and use those for discussion. In the last year or two, there have been a few cases that have specifically caught my attention. The one that hit closest to home was that of the UBS compliance officer who, through her role in compliance, got access to a wealth of information about UBS's M&A pipeline. She then used a personal relationship to profit from that information: a friend who executed the trades. Stories like that can make what otherwise seem like abstract concerns very real.”
3. IT’S NOT JUST FRONT-OFFICE STAFF WHO CAN LEAK MNPI
It’s understandable to focus attention on front-office workers when it comes to MNPI-related risk, but it’s worth keeping in mind who from the back office has access to sensitive information. Batten: “I think most firms have gotten very good at constraining information in the front office, and having very defined individuals there who are clearly associated with a deal. But there’s still a degree to which, for example, people from IT might end up having unnecessary access to MNPI. At times, I think we’ve all thought the risk with inside information lay solely with front-office staff. But, of course, support staff are subject to the same temptations as front-office staff when it comes to inside information.”
4. DON’T UNDERESTIMATE THE POWER OF THE BASICS
Sometimes it’s the simple things—a profession’s time-tested tools and processes—that still do a job best. With compliance those may include physical segregation of environments, attention to folder access and controls, good documentation, and the insider list. The insider list can not only help you keep track of who to keep track of, it can also be instructive in and of itself. That is, just by looking at it, you can tell if it's being used effectively. Batten: “Going back to the UBS case, the insider list was very comprehensive: perhaps too comprehensive. In its review, the FCA implied that sometimes they're seeing insider lists with too many people on them, because compliance is trying to make sure every avenue of risk is covered. But no one is challenging the appropriateness of that long of a list. An insider list is a very simple tool; it's job is to keep track of how far certain information is moving within the organization, with the idea being that said movement is being constrained. So if that list is growing too large, it suggests perhaps a primary element of control isn’t functioning in the way it was intended.”
5. CULTURE COUNTS, NOW MORE THAN EVER
There will inevitably be times when new vulnerabilities and new avenues of risk arise through situations compliance has little to no control over, and no time to prepare for. The pandemic has been one such situation. It forced a world of knowledge workers—like those in finance—quickly into remote-work. Compliance had to then respond as best it could in an ad hoc manner in a rapidly changing situation, one previously undreamt of, until effective processes and policies could be put in place. It’s times like this that a culture of compliance can make all the difference. This is the idea that covered workers, out there operating largely on their own, will do what’s right and what’s required of them because up to that point they’ve been so strongly inculcated with the firm’s principles of compliance.
Batten: “In the last 15 months, I think the cultural aspects of compliance have become notably more important. Here’s an example. If I was not minded, as a covered employee, to engage in insider dealing or other market abuse behaviors because I was in a positive compliance culture in the office, I would be less inclined to do so once I'm working from home. That culture simply would transfer over from one place of work to the other. Moving forward, from the other end of the spectrum, I see firms going down the more big-brother route, where—if employees say they want to work from home—they're going to have cameras pointed at their desks all day and have their time very closely logged. I think for some firms the temptation to do that will be too strong to ignore. Some of these measures are going to be inevitable, which then raise concerns about privacy, GDPR, etc. It’s a good lesson moving forward. No one saw this pandemic coming, but what’s the next thing no one sees coming? What's the next situation compliance has to jump into and feel its way through? If you have a positive compliance culture in place, no matter what happens, your people are far more likely to do what it is they’re supposed to do, what they’ve been taught to do from the start: naturally comply.”
