The SEC’s staff has released a report[1] of its observations following an examination of 19 brokerage firms’ programs to protect against the misuse of material nonpublic information (MNPI).[2] The reviews assessed each broker-dealer’s information barriers for compliance with Section 15(g) of the Exchange Act[3] and evaluated how each firm integrated new business activities, structures and technologies into its compliance protocols. Below is a summary of some specific concerns and effective practices highlighted by the staff. Following the summary is a more in-depth discussion of the staff’s findings.

Summary

Concerns

• A significant amount of interaction between groups that have MNPI and internal and external groups that have sales and trading responsibilities occurred on an informal (undocumented) basis, making it difficult to trace inadvertent (or even intentional) disclosures.
• At some broker-dealers, senior executives, referred to as “above-the-wall,” received MNPI without its documentation and with no monitoring or restrictions. Many of these senior executives had managerial responsibilities for sales and trading. The absence of any documentation or controls raises serious concerns about the ability of broker-dealers to guard adequately against misuse of MNPI in firm and customer trading.
• Formal and documented discussions may occur between internal business groups, in which MNPI is provided to sales, trading or research personnel for business purposes. In some cases, broker-dealers were not conducting any focused review of the trading that occurred after traders were provided with MNPI.
• The staff identified gaps in oversight coverage at most broker-dealers. Some broker-dealers did not review trading within accounts of institutional customers, assets management affiliates, or retail customers; or did not conduct any review when MNPI came through business activities outside of the investment banking department – such as participation in bankruptcy committees, employees serving on public company boards, changes in research ratings or company insiders placing unusual trades.

Effective Practices

• Broker-dealers are developing processes that differentiate between types of MNPI based on the source (e.g., business unit) from which the information originated or the nature (e.g., transaction type) of the information. In some cases, firms are creating tailored exception reports taking into account the different characteristics of the information.
• Broker-dealers are expanding the scope of instruments they review for potential misuse of MNPI by traders, including: credit default swaps, equity or total return swaps, loans, components of pooled securities such as unit investment trusts and exchange-traded funds, warrants and bond options.

Discussion

Identifying Information Flows

The staff emphasized the importance of identifying information flows – the sources of potential MNPI:

• Primary access points within the firm for receipt of MNPI:
  • Public company clients, through M&A, capital markets, derivative sales or credit,
  • Corporate borrowers,
  • Issuers of public finance securities or securitized products,
  • Institutional investors,
  • Insider customers, and
  • Information within a firm’s own research, sales, trading or asset management groups.

• Secondary access groups within the firm to which MNPI is conveyed:
  • Control Room,
  • Information Technology,
  • Operations, and
  • Credit.
• External parties to whom the MNPI may be communicated:
  • Parties participating in M&A, capital markets or loan transactions.

The Control Structure

The staff observed that firms generally categorize various groups, functions, activities and information for control purposes. Business groups are classified as “public-side” or “private-side,” with private-side groups that have routine access to MNPI typically being physically segregated and restricted from trading in securities about which the group has MNPI.

Some firms use an “above-the-wall” classification for certain senior management, research or syndicate. The staff expressed concern about persons or groups above-the-wall receiving MNPI where physical barriers, documentation or other controls may be limited or non-existent.

Capturing MNPI

MNPI may be transactionally sourced, item-specific or may arise from ongoing sources. There must be clear and effective protocols for notifying the control room promptly, however the MNPI is sourced. The staff noted that some firms lacked controls to address absence or delays in notice. In the absence of systems to automatically notify the control room, some firms conduct lookback reviews to account for possible reporting delays.

Information reported to the control room is assessed for materiality to determine whether a company should be placed on a monitoring list. While materiality determinations are judgment calls, the staff believes that broker-dealers should monitor and evaluate the reasonableness of those determinations. According to the staff, monitoring was difficult at firms that either failed to memorialize transactions deemed immaterial or to document the basis for a determination of immateriality, lacked specific factors to assess materiality or failed to identify later receipt of MNPI.

The staff also observed that because judgments about when to place material transactions on a monitoring list or when to remove them were not based on bright-line tests, variation occurred between transactions. Practices that result in delay in placement on a monitoring list, including waiting for a formal mandate, can be problematic. Another practice that may result in an absence of monitoring is removing items from a monitoring list upon public announcement where the broker-dealer continues to work on the transaction.

Limiting Authorized Access

The staff believes one important component of an information barrier program is restricting access to MNPI only to those persons that need to know the information. Most broker-dealers have written policies in this regard that are supported by protocols for documenting deal team members and public-side over-the-wall staff who have access to MNPI. However, this is an area about which several concerns were raised.

Some broker-dealers have established cross-selling groups between asset management and investment banking. The staff noted a failure at some firms to document when the cross-selling group was given access to the investment banking information, as well as the lack of adequate physical barriers surrounding the group. Firms that are dually registered as investment advisers or closely integrated with an affiliated adviser also need to consider the specific challenges such circumstances present in designing their controls.[4]

Informal Discussions

As noted in the summary, informal discussions between private-side and public-side employees create the potential for unauthorized disclosure of MNPI. The staff also expressed concern about informal discussions between public-side employees and external parties, such as corporate insiders or consultants who may have MNPI. Because these types of contacts are viewed as too numerous to document, firms rely on general proscriptions and directives to self-report. The absence of any documentation or controls can be problematic. While the staff did not cite any effective practices in this regard, firms may consider incorporating a news feed into their control database and expanding their lookback procedures and training protocols with this issue in mind.

Physical Barriers

The staff identified several concerns with the adequacy of physical barriers. Although firms are moving more groups into separate physical spaces with key card access, some private-side areas have glass walls allowing visual access to information. The staff also noted a lack of physical barriers surrounding some groups that support private-side areas, such as IT, operations or loan site monitors.

Technology Barriers

Some effective barriers noted by the staff include:

• Automated systems within investment banking to limit information access to approved deal members,
• Prohibiting remote log-ins, and
• Disabling the ability to download information to removable storage.

Confidentiality Agreements

The staff noted that MNPI may be provided based on informal confidentiality agreements. The absence of controls to identify emailed or oral confidentiality agreements entered into without notice to the control room was another source of staff concern.

Private – Public Transactions

Similarly, the absence of systematic reviews of employee transfers from private-side areas to public-side business units raised staff concern. Additionally, some firms lacked a process for identifying when private corporations became public through the issuance of securities.

Information Given to External Parties

The staff noted that broker-dealers are developing control procedures over providing information to both private institutional investors, including private equity, and public institutional investors, including hedge funds.

• Some firms pre-qualify institutional investors, including the appropriate contact person or procedure,
• Controls around capital markets transactions include provision of limited information, made available only shortly prior to public disclosure,
• Control procedures typically specify the information that may be provided based on the type of confidentiality agreement obtained: oral with an email confirmation by the broker-dealer, oral with an affirmative email reply from the investors or a written agreement,
• Most firms maintain a contact log, and
• Access to virtual data rooms requires a unique log-on and audit trails are maintained of the accessing of information, but they are not necessarily maintained after a transaction closes. The absence of historical audit trails and the general informal nature of controls surrounding virtual data rooms was concerning to the staff.

Credit Extensions

The staff observed that controls over granting and eliminating access to loan sites remain informal and suggested firms consider where additional controls may be needed. Controls utilized at some firms include:

• During the loan origination process:
  • Granting access only to potential lenders appearing on a list of credible investors, and
  • Eliminating access to potential investors with a history of accessing sites without participating.
• In the secondary market:
  • Granting access only upon purchase of a loan interest,
  • Removing access upon sale (some firms review trading reports to identify sellers), and
  • Identifying lenders’ designated contacts and requiring user email addresses that include the institution’s name.

Email Controls

The staff noted that the use of emails to transmit MNPI between persons working on a transaction is common. Controls to minimize misdirected emails include:

• Requiring private-side employees affirmatively to identify emails as appropriate for transmission outside the department or the firm,
• Disabling the auto complete function so employees must type in a full email address, and
• Creating pop-up messages alerting employees to external distribution.

Among the gaps identified by the staff in some firms’ email review process were:

• Failing to review emails of compliance and IT,
• Reviewing the names of the senders and recipients, but not the emails’ content, and
• Failing to monitor internal communications through chat rooms.

Employee Pre-Trading Clearances

The staff observed a trend toward requiring pre-clearance of personal trades by contingent workers (e.g., consultants or others employed by a third party), as well as by firm employees with control/support functions, if they have access to MNPI.

Managed accounts are typically exempt from pre-clearance, but the staff had concerns about use of external managers where there was no scrutiny over an employee’s ability to influence trading in the account.

While most firms compare executions against pre-clearances obtained, many were less effective in tracking and/or responding to multiple failures to pre-clear. Some firms have policies to reverse trades made without pre-clearance, even if the trade would have been approved, which the staff believes may be an effective deterrent.

Scope of Review

The scope of surveillance activities to identify misuse of MNPI has expanded to capture trading in other types of accounts, including institutional customers, asset management affiliates, retail customers and contingent workers. Firms are also expanding their reviews to take into account all products that could be used to profit from MNPI. For example, if a structured product references a security about which the firm has MNPI, the firm may need to have controls to prevent the issuance of the structured product from being based on MNPI.

Pattern Surveillance

Brokers are enhancing the types of pattern analysis they conduct. In addition to identifying repeat violations, pattern analysis may create exceptions based on:

• Accounts that trade in multiple securities on the monitoring lists,
• Accounts that have not historically traded in a security,
• Newly opened accounts, or
• Positions in monitoring list securities that constitute a substantial percentage of the account.

Compliance Access to Information

Surveillance personnel are being provided greater access to deal developments:

• Some firms provide compliance personnel with direct access to investment banking deal management systems,
• Other firms rely on detailed status updates provided to control group personnel by the deal team and input into the control database.

The staff noted that some firms do not have mechanisms to identify transactions that are removed from the database and subsequently reactivated.

Resolution of Exceptions

Without adequate documentation, the staff cannot assess the adequacy of how firms research and resolve surveillance items. Merely noting that a trade was reviewed is insufficient. Documentation should at least include a brief description of the basis for resolution.

Resolving exceptions without independent confirmation was considered problematic by the staff, as was a lack of in-depth analysis of trading, e.g., whether an account traded in multiple securities indicating a specific source of information, a position built over time in a security or trading correlated with deal developments.

Conclusion

The staff observed that broker-dealers are enhancing their controls, although gaps in controls and informal control practices remain problematic. The staff plans to continue its review of information barriers in future examinations.