The SEC’s staff has released a report of its observations following an examination of 19 brokerage firms’ programs to protect against the misuse of material nonpublic information (MNPI). The reviews assessed each broker-dealer’s information barriers for compliance with Section 15(g) of the Exchange Act and evaluated how each firm integrated new business activities, structures and technologies into its compliance protocols. Below is a summary of some specific concerns and effective practices highlighted by the staff. Following the summary is a more in-depth discussion of the staff’s findings.
Identifying Information Flows
The staff emphasized the importance of identifying information flows – the sources of potential MNPI:
The Control Structure
The staff observed that firms generally categorize various groups, functions, activities and information for control purposes. Business groups are classified as “public-side” or “private-side,” with private-side groups that have routine access to MNPI typically being physically segregated and restricted from trading in securities about which the group has MNPI.
Some firms use an “above-the-wall” classification for certain senior management, research or syndicate. The staff expressed concern about persons or groups above-the-wall receiving MNPI where physical barriers, documentation or other controls may be limited or non-existent.
MNPI may be transactionally sourced, item-specific or may arise from ongoing sources. There must be clear and effective protocols for notifying the control room promptly, however the MNPI is sourced. The staff noted that some firms lacked controls to address absence or delays in notice. In the absence of systems to automatically notify the control room, some firms conduct lookback reviews to account for possible reporting delays.
Information reported to the control room is assessed for materiality to determine whether a company should be placed on a monitoring list. While materiality determinations are judgment calls, the staff believes that broker-dealers should monitor and evaluate the reasonableness of those determinations. According to the staff, monitoring was difficult at firms that either failed to memorialize transactions deemed immaterial or to document the basis for a determination of immateriality, lacked specific factors to assess materiality or failed to identify later receipt of MNPI.
The staff also observed that because judgments about when to place material transactions on a monitoring list or when to remove them were not based on bright-line tests, variation occurred between transactions. Practices that result in delay in placement on a monitoring list, including waiting for a formal mandate, can be problematic. Another practice that may result in an absence of monitoring is removing items from a monitoring list upon public announcement where the broker-dealer continues to work on the transaction.
Limiting Authorized Access
The staff believes one important component of an information barrier program is restricting access to MNPI only to those persons that need to know the information. Most broker-dealers have written policies in this regard that are supported by protocols for documenting deal team members and public-side over-the-wall staff who have access to MNPI. However, this is an area about which several concerns were raised.
Some broker-dealers have established cross-selling groups between asset management and investment banking. The staff noted a failure at some firms to document when the cross-selling group was given access to the investment banking information, as well as the lack of adequate physical barriers surrounding the group. Firms that are dually registered as investment advisers or closely integrated with an affiliated adviser also need to consider the specific challenges such circumstances present in designing their controls.
As noted in the summary, informal discussions between private-side and public-side employees create the potential for unauthorized disclosure of MNPI. The staff also expressed concern about informal discussions between public-side employees and external parties, such as corporate insiders or consultants who may have MNPI. Because these types of contacts are viewed as too numerous to document, firms rely on general proscriptions and directives to self-report. The absence of any documentation or controls can be problematic. While the staff did not cite any effective practices in this regard, firms may consider incorporating a news feed into their control database and expanding their lookback procedures and training protocols with this issue in mind.
The staff identified several concerns with the adequacy of physical barriers. Although firms are moving more groups into separate physical spaces with key card access, some private-side areas have glass walls allowing visual access to information. The staff also noted a lack of physical barriers surrounding some groups that support private-side areas, such as IT, operations or loan site monitors.
Some effective barriers noted by the staff include:
The staff noted that MNPI may be provided based on informal confidentiality agreements. The absence of controls to identify emailed or oral confidentiality agreements entered into without notice to the control room was another source of staff concern.
Private – Public Transactions
Similarly, the absence of systematic reviews of employee transfers from private-side areas to public-side business units raised staff concern. Additionally, some firms lacked a process for identifying when private corporations became public through the issuance of securities.
Information Given to External Parties
The staff noted that broker-dealers are developing control procedures over providing information to both private institutional investors, including private equity, and public institutional investors, including hedge funds.
The staff observed that controls over granting and eliminating access to loan sites remain informal and suggested firms consider where additional controls may be needed. Controls utilized at some firms include:
The staff noted that the use of emails to transmit MNPI between persons working on a transaction is common. Controls to minimize misdirected emails include:
Among the gaps identified by the staff in some firms’ email review process were:
Employee Pre-Trading Clearances
The staff observed a trend toward requiring pre-clearance of personal trades by contingent workers (e.g., consultants or others employed by a third party), as well as by firm employees with control/support functions, if they have access to MNPI.
Managed accounts are typically exempt from pre-clearance, but the staff had concerns about use of external managers where there was no scrutiny over an employee’s ability to influence trading in the account.
While most firms compare executions against pre-clearances obtained, many were less effective in tracking and/or responding to multiple failures to pre-clear. Some firms have policies to reverse trades made without pre-clearance, even if the trade would have been approved, which the staff believes may be an effective deterrent.
Scope of Review
The scope of surveillance activities to identify misuse of MNPI has expanded to capture trading in other types of accounts, including institutional customers, asset management affiliates, retail customers and contingent workers. Firms are also expanding their reviews to take into account all products that could be used to profit from MNPI. For example, if a structured product references a security about which the firm has MNPI, the firm may need to have controls to prevent the issuance of the structured product from being based on MNPI.
Brokers are enhancing the types of pattern analysis they conduct. In addition to identifying repeat violations, pattern analysis may create exceptions based on:
Compliance Access to Information
Surveillance personnel are being provided greater access to deal developments:
The staff noted that some firms do not have mechanisms to identify transactions that are removed from the database and subsequently reactivated.
Resolution of Exceptions
Without adequate documentation, the staff cannot assess the adequacy of how firms research and resolve surveillance items. Merely noting that a trade was reviewed is insufficient. Documentation should at least include a brief description of the basis for resolution.
Resolving exceptions without independent confirmation was considered problematic by the staff, as was a lack of in-depth analysis of trading, e.g., whether an account traded in multiple securities indicating a specific source of information, a position built over time in a security or trading correlated with deal developments.
The staff observed that broker-dealers are enhancing their controls, although gaps in controls and informal control practices remain problematic. The staff plans to continue its review of information barriers in future examinations.
 Staff Summary Report on Examinations of Information Barriers: Broker-Dealer Practices under Section 15(g) of the Securities Exchange Act of 1934 (Exchange Act) by the Staff of the Office of Compliance Inspections and Examinations of the United States Securities of Exchange Commission (SEC), September 27, 2012.
 Examinations were conducted by examiners from the SEC, FINRA and NYSE’s Division of Market Regulation, all of whose observations were incorporated into the report. Six of the largest brokerage firms were examined by the SEC and an additional 13 firms were examined by the NYSE or FINRA.
 Originally enacted as Section 15(f) and renumbered by the Dodd-Frank Wall Street Reform and Consumer Protection Act, Section 15(g) of the Exchange Act requires registered broker-dealers to establish, maintain and enforce written policies and procedures reasonably designed, taking into account the nature of their business, to prevent the misuse of MNPI by the firm or its associated persons in violation of the Exchange Act.
 Other federal securities laws may impact barriers in place at broker-dealers. Section 204A of the Investment Advisers Act of 1940 places similar obligations on registered investment advisers.
Kathy H. Rocklen and Benjamin J. Catalano are Partners in the Corporate Department at Proskauer and Co-Heads of the firm’s Broker-Dealer & Investment Management Regulation Group.