General Counsel Best Practices: Insider Trading

It's part and parcel of modern business operations that some employees will have early access to information that could sway the value of the overall business. It might be the financial team preparing the annual accounts, or it could be the corporate secretary sitting in the board meeting, or it could even be the IT administrator who doesn't have direct exposure but who does know where to access that information.

The mere fact that some employees and stakeholders will have advance access to performance information means that insider trading is a risk, even if all staff have signed a non-disclosure agreement (NDA) and are trustworthy. Even with that trust, the risk remains, and General Counsel best practices must include determining the internal process with which to deal with this risk.

While in-house lawyers and the General Counsel have a role to play in setting the policies and governance to prevent things like insider trading, they are at a disadvantage, as they only set the parameters – they don't control the system. General Counsel best practices around insider trading are to determine which documents are confidential, to set the security levels around the corporate record and to develop the process for reporting; but they do not act as gatekeepers for that information. It would be not just impractical, but impossible, for every single document and every piece of data to be cleared by the General Counsel before being released to the organization or beyond.

How, then, can the General Counsel guard against insider trading? And what exactly is their role in this process? Let's take a quick look at the issues around General Counsels and insider trading and start to explore the responsibilities of this all-important role.

Insider trading is a governance, risk and compliance issue

Insider trading rings seem to be increasing in regularity in the news, perhaps because we're getting better at rooting them out and identifying the ringleaders. Some of the most high-profile scandals in recent years include:

• Palo Alto Networks Inc., whose former IT administrator used his IT credentials and work contacts to obtain highly confidential information about his employer's quarterly earnings and financial performance, and then alerted a group of friends who traded securities, making millions of dollars over several years.
• A former Apple lawyer, who was in charge of enforcing Apple's Insider Trading Policy and who had access to Apple financial results before they were made public, was indicted on insider trading charges in October 2019. He allegedly traded based on the advance-access results to both make a profit and avoid losses.
• A former senior lawyer at SeaWorld Entertainment Inc., who knew the company's revenue would be better than anticipated for the second quarter of 2018 and purchased 18,000 shares of stock the day after he received a confidential draft of the earnings. He immediately sold the shares for around $65,000 in profit after the stock price increased 17% on announcement of the earnings.

In each of these cases, a trusted employee in a position where they had access to confidential business information used that power for personal gain. These employees had inside information ' they knew things the general public could not, and would not, know for a period of time – and they made the most of it.

Insider trading is not just a criminal offense, it is a failure in governance, compliance and risk management processes. It is a difficult thing to define beyond that, though, as there is no statute or rule that defines insider trading per se; it is instead a legal concept that has developed primarily through judiciary and administrative proceedings.

The key to overcoming this ambiguity is by being strict and clear within the organization about what it means and how you'll deal with it, writes W. Ira Bowman and Ekaterina G. Long in Today's General Counsel's Fall 2019 edition: "Prioritize the issue of insider trading and develop a corporate culture based on this priority," they write, adding that an important first step is to use recent enforcement cases as the basis for continuing employee education and training. They also recommend providing employees with an avenue for the anonymous reporting of suspected violations.

The General Counsel's insider trading obligations

The General Counsel's insider trading obligations revolve around process development and communications. It's their job to set the confidentiality levels for corporate information, to decide who has access to them, and to determine the level and frequency of policing this.

When it comes to the General Counsel and insider trading, of course, it's also part of their role to determine the internal penalties and punishments when a breach is discovered. They must then ensure that all those who have access to confidential data are aware of what will happen if they abuse this privilege – that all those who have access, whether authorized or not, are aware that it's a terminable offense to access this data and a criminal offense to use it.

General Counsel best practices for insider trading, then, include:

• Determining confidentiality levels for corporate data
• Determining policies and processes around data handling, in conjunction with IT and other stakeholders
• Determining penalties for misuse of confidential data
• Establishing a robust and confidential whistleblowing program, considering bringing in a third party to operate it for an added trust factor
• Communicating these processes and penalties to all staff to make sure everyone is aware of and understands exactly what they should and shouldn't talk about
• Working with authorities when an insider trading breach is discovered

General Counsel's insider trading policing involvement should also include determining how the organization will track insider trading. The entity data management systems in use are incredibly important in helping to pinpoint any potential issues and building a picture of how far back and wide-ranging the abuse of privilege extends.

Keeping track of legal operations is key

Having policies that adhere to General Counsel best practices and robust plans to deal with insider trading mean nothing if you don't also keep a tight record of entity data that includes an audit trail. Modern governance best practices that place entity management in the cloud for security reasons can also provide backup to the General Counsel who is tracking down an insider trading breach.

Working with secure, cloud-based entity management software helps organizations to centralize and manage their corporate subsidiary data management to simply entity governance throughout the entire organization, improving compliance and mitigating risk.

This entity management software, such as Diligent Entities, enables legal operations to keep tight control and oversight of the corporate record, storing entity information, documents and organizational charts in a highly secure format to create a single source of truth. It also enables reporting on governance and compliance requirements. Diligent Entities also seamlessly integrates with Diligent Boards and a secure file-sharing platform to create the Governance Cloud, an all-in-one ecosystem for modern governance that enhances the audit trail, locks down access to corporate information, and helps those in charge of legal operations to pinpoint issues and data breaches more efficiently.

Get in touch and request a demo to see how Diligent Entities can support General Counsel best practices for insider trading.