News | SteelEye

5 ways to protect your firm from MNPI breaches | SteelEye

Written by SteelEye | Mar 24, 2022 11:46:46 AM

The leakage of material non-public information (MNPI) and the use of MNPI in trading, otherwise known as Insider Trading, is a significant risk and something that financial firms need to monitor for. 

However, identifying MNPI leakages or insider trading offenses can be challenging. In this blog, we explore the importance of securing the confidentiality of material non-public information within your organization and five key ways you can protect your firm from MNPI breaches to ensure compliance.

Topics covered: 

What is material non-public information (MNPI)?

Before getting into the specifics of MNPI breaches, it is worth looking at what material non-public information is. In short, MNPI is information that is not public knowledge, nor generally available to investors, but would likely influence an investment decision.

The use of material non-public information in trading is considered “insider trading” since it is done using information that is not widely available. “Material” refers to the nature of the information and if a reasonable investor would consider it important for an investment decision. “Non-public” specifically maintains that the information is not publicly known or available as of yet.

 

MNPI Examples

So, what constitutes material non-public information? Here are some common MNPI examples:

  • Capital investment plans

  • Acquisition or disposition negotiations

  • Strategic plans

  • Financial results

  • The loss or gain of major contracts 

  • Other confidential information that could impact a company’s stock price

It is also worth noting that when cases of insider trading are judged in a court of law, the materiality of MNPI is assessed in hindsight, often after a transaction has been completed, meaning a change in stock price could lead to presumptions of materiality.

 

Who has access to MNPI?

Investment professionals often receive MNPI as part of their regular business operations, advisory processes, or trading activities. In such circumstances, a duty of trust and confidence must be owed to their client or the involved party, and discretion exercised to avoid misuse of the information.

To mitigate any risk associated with this commonality at a firm level, internal controls to monitor trader activity need to be implemented.

 

Instances of MNPI breaches

Insider trading is a serious offense across the globe. Despite this, instances of regulators cracking down on offenders and serving large fines and other sanctions have made headlines for decades.

An example from 2020 was the fining of alternative investment asset management firm, Ares Management, for $1 million. The SEC ruled that the firm had failed to implement and enforce adequate compliance policies and procedures to prevent the misuse of MNPI when senior members within the firm were appointed as directors to the board of a publicly traded company Ares had made a large equity investment in.

Although the public company was placed on Ares’ restricted list, the dual role occupancy of Ares personnel had resulted in trading decisions that the SEC found to be inadequately investigated by the Ares’ compliance team, leading to the conclusion that the firm had violated the Investment Advisers Act’s requirement for compliance policies and procedures to prevent the misuse of MNPI. 

Another famous example of insider trading is the case of Ivan Boesky, a stock trader who was convicted of insider trading in 1986, resulting in two years imprisonment, a permanent ban from trading in securities, and a $100 million fine. Boesky had amassed a team of corporate insiders from investment banks who tipped him off about upcoming corporate takeovers, which heavily influenced Boesky’s investment decisions for over 10 years. After a group of corporate partners sued Boesky for misleading legal agreements, the SEC started investigating him, discovering that Boesky had profited from nearly every major M&A deal of the 1980s.

Previous and ongoing instances of insider trading as a result of MNPI continue to be seen in the news, indicating how seriously regulatory bodies take market abuse activity on an individual and firm wide level, and the losses financial institutions suffer as a result of poor internal controls. 

 

MNPI risk for smaller firms and new funds

A lot of the market abuse behaviors and offenses larger firms need to monitor for through trade surveillance systems, such as wash trading and spoofing, are not as relevant for younger funds that are run by a small number of people. Senior managers within these funds naturally have more oversight over their smaller teams, sometimes consisting of only one or two people. 

Sophisticated technology to sift through thousands of trades is not necessarily needed in these instances, as monitoring and analysis can be done manually with smaller trading volumes. However, monitoring for insider trading and MNPI breaches is something all firms, small and large, need to do. 

What does an MNPI breach look like?

At a high level, insider trading becomes a risk to firms when MNPI is leaked, and trading activities are conducted because of the insider information. How this information is elicited and disseminated can be because of individual or firm wide MNPI breaches. 

Types of MNPI breaches

An MNPI breach can be intentional where someone privy to MNPI advises an acquaintance to make a trade or sell stocks using the information. However, a breach can also happen unintentionally due to poor internal controls or weak information barriers within a firm.

This is a significant compliance risk that regulators are cracking down on. Organizations are obligated to control the spread of sensitive information. Instances of poor information control include confidential conversations being overheard either by colleagues within a shared office space, or by family members or friends when a trader is working from home.

Conflicts of interest may also occur in situations where, for example, an employee is in a relationship with an employee from a competing firm or trading company - increasing the risk of accidental MNPI leakage. In these instances, firms need to have policies in place to ensure that employees inform the firm's compliance team of these conflicts of interest. 

Whether intentional or unintentional, firms can be penalized heavily if they are not able to identify, prevent, and mitigate future MNPI breaches. 

The current state of MNPI compliance

Globally, trading in a company’s securities while in possession of material non-public information is prohibited.

MNPI rules in the US

The US Insider Trading Prohibition Act prohibits an individual from trading while aware of MNPI if the person knows that the information was wrongfully obtained or that trading based on the information would constitute a wrongful use of the information. This act builds on the Exchange act of 1934. While the 1934 act does not specifically mention insider trading it forbids the use of “manipulative or deceptive” means in buying or selling securities. 

There is also the US Investment Advisers Act of 1940 where section 10(b) deems it unlawful for any person to, directly or indirectly, operate fraudulently or deceitfully in connection with the purchase or sale of any security.

More recently, the Stop Trading on Congressional Knowledge (STOCK) Act, enacted in April 2012, made changes to state that there is no exemption from the insider trading prohibitions for Members of Congress, congressional employees, or any federal officials.

MNPI rules in the UK and Europe

In the UK and Europe, the Market Abuse Regulation (MAR) states that dealing in securities on the basis of inside information is considered fraud and is a criminal offense. MiFID II also requires firms to establish, maintain, and enforce written policies and procedures for internal monitoring to prevent the misuse of MNPI by associated persons.

Other changes

Circumstances under which trades are being conducted have shifted, impacting regulatory requirements considerably. In light of the pandemic, the SEC issued a statement in early 2020 noting that the extraordinary circumstances lockdowns had imposed on market activity was leading to increased instances of MNPI, and it emphasized the importance of maintaining market integrity and following corporate controls and procedures. The statement also highlighted the SEC’s plan to “commit substantial resources” to ensuring that investors were not victims of fraud or illegal practices in the "unprecedented market and economic conditions".

Consequences of non-compliance 

The US Insider Trading Sanctions Act of 1984 and the Insider Trading and Securities Fraud Enforcement Act of 1988 made it possible to impose up to treble damages on a person found guilty of insider trading. For firms, consequences include high fines, trading sanctions, and reputational damage. 

To avoid heavy fines, civil penalties, and even imprisonment, firms need to adequately manage MNPI through actionable policies and procedures, as well as comprehensive insider lists that are diligently consulted by management and compliance teams. 

This is especially important for private equity funds or hedge funds, where the SEC has noted that policies and procedures relating to MNPI compliance within these funds have been generally deficient

Having sufficient controls in place helps reduce the risk of market abuse and ensures firms are compliant with regulations. While compliance managers are accountable for a firm's compliance, in reality, it is also every employee’s responsibility. A firm’s compliance manual and conduct policies should support this by distributing responsibility where appropriate.

The reality of MNPI breaches in a digital world

While failure of duty remains the main instance of an MNPI breach, material non-public information can also be wrongfully obtained through instances of theft, bribery, misrepresentation, espionage, misappropriation, unauthorized taking of MNPI, and other such methods. However, recent concerns around remote working and the subsequent risk of increased access to MNPI via virtual means, have resulted in bodies like the SEC further emphasizing the need for firms to prioritize monitoring for insider trading

Issues like web scraping or “spidering”, specifically enabled by Big Data, adds a layer of complexity to insider trading. Fund managers can gather data from third-party market intelligence sources and piece this information together, along with immaterial, publicly available information. From there they can reach material conclusions that constitute as material non-public information. While these issues don’t fit neatly into the framework of insider trading, the same standards of MNPI gathering and handling, as stipulated by comprehensive policies, must apply. 

Additionally, in 2018 the SEC stated that if a company fails to have robust cyber fraud protections in place, making the company vulnerable to corporate asset theft and data breaches, this could constitute a violation of internal control provisions as required by the Exchange Act. This fact reveals that the increase in digitized processes and information access presents additional potential risks for firms to consider. 

What are the best ways to protect your firm from MNPI breaches?

 

1. Comprehensive policies and information barrier programs

 

Firms should have comprehensive insider trading and material information conduct policies in place that prescribe not only how MNPI should be managed, but how transactions should be executed.

They should also explain how access to company assets is permitted, and what authorization processes are in place for trades that require preclearance.

This extends to information barrier programs that include:

  • employee training on legal and firm requirements

  • physical barriers

  • reviews and restrictions of trading

  • surveillance

Restricted, or “grey” lists that specify if desks or traders are restricted from trading certain instruments also need to be adequately maintained to further minimize a firm’s risk exposure. Finally, firms also need to establish a disciplined framework for traders to determine whether they’re in possession of MNPI when considering trading. 

When assessing your firm’s written policies, it is important to consider if they are sufficient in mitigating compliance risks around material information that is non-public, by ensuring they adequately prevent the misuse of the information in violation of securities laws. Establishing, maintaining, and enforcing these policies need to be a consistent priority for firms.

 

2. Maintain Sound due diligence and preclearance procedures

 

Organizations need to have procedures in place that prevent employees from misusing confidential information the firm is aware it possesses.

These procedures should include prohibiting specific employees in the know about confidential information from trading, as well as preclearance processes for individuals likely to have regular access to MNPI. 

Other active steps your firm can take to prevent insider trading include:

  • Encouraging employees to report business, financial, or personal relationships that may result in access to MNPI to the compliance officer 

  • Regular review of firm trading activity by compliance officers using, for example, trade blotter reviews

  • Prompt written reports to firm management and legal counsel on any possible violations of the firm’s insider trading policy to pursue disciplinary action before any illegal activity takes place

  • Sufficient employee training on what constitutes insider trading and the repercussions of acting on MNPI

 

 

3. Cybersecurity measures 

 

 

While reviewing your firm’s insider trading policies, it is important to ensure they adequately address cybersecurity events and that when such an event occurs, the policies’ provisions are considered to mitigate associated MNPI breaches. 

Firms should also adopt cybersecurity measures like encryption, multi-factor authentication, access controls, network segmentation, and system monitoring to protect against external data breaches as well as potential internal MNPI compliance breaches. Cybersecurity should also be addressed in employee training, which should include information on risks such as phishing.

 

4. Ongoing surveillance 

 

Consistent and efficient activity monitoring is crucial for detecting MNPI breaches and insider trading.

Trade surveillance technology can help firms identify whether someone has significantly profited from a trade in a way that is not consistent with the behavior typically seen of a trader’s portfolio.

For example, an Insider Trading algorithm can monitor price spikes between the execution price of a trade and the price movement of the instrument to identify out-of-the-ordinary behavior. News can also be overlaid to enable firms to identify trades that have taken place ahead of a significant news release. Further, a restricted list algorithm can enable firms to monitor the trading activity of individuals on a restricted list for particular instruments in a specific given time period. 

Surveying communications is an additional monitoring mechanism firms can use to ensure they are able to detect information leakage and insider trading offences. Powerful communication surveillance tools offer lexicon searches of known language used to share insider information and for specific words related to companies involved in restricted activity to identify whether individuals are sharing information wrongfully. Extra communications monitoring can also be placed on employees with access to MNPI and/or on restricted lists to make sure no foul play takes place.

Having sufficient holistic surveillance mechanisms in place can help streamline monitoring, which is particularly useful for proactively identifying trades that might seem to be in violation of regulations, but where compliance officers can prove that no market abuse has taken place, thus demonstrating the firm’s commitment to its compliance obligations.



5. Clear and concise documentation

 


To help ensure your firm’s procedures are being followed, that compliance is being maintained, and that material non-public information is secured, sufficient documentation and record keeping is crucial.

Compliance staff also need to document investigations into trades that have been flagged as potential insider trading offences, as well as the findings of these inquiries that support the decision of whether or not market abuse has taken place.  

 

How SteelEye can help protect your firm from MNPI breaches

SteelEye brings communications and trades together on a holistic surveillance platform, enhancing firms’ ability to identify MNPI breaches, information leakages, and insider trading offenses. SteelEye’s RegTech platform provides insider trading algorithms, restricted list monitoring, and even news and social media data that provide an additional layer of context for investigations.

When it comes to MNPI compliance, SteelEye offers the following features and benefits:

  • Cloud-based, machine learning-enabled intelligent alerts that detect anomalies in firms’ communications and transactions 

  • Easy to use case manager with auto-trade reconstruction functionality - making it easy to investigate and report suspected instances of MNPI breaches or insider trading offenses

  • News and social media monitoring for contextual insights that may help determine if insider trading has occurred  

  • Intelligent communications surveillance with an AI-driven lexicon to identify information leakages 

Summary

The risk of not having robust policies and procedures in place to control and manage MNPI is a real threat to all financial organization, small and large. If not managed properly, the leakage of material non-public information can result in severe consequences for firms trading in the financial markets. 

Implementing the right policies, processes, and surveillance is key for protecting your firm from instances of insider trading through material information misuse. Integrated data and holistic surveillance platforms like SteelEye will increase your data visibility and control and support you in achieving full regulatory compliance. Learn more about SteelEye’s data solutions and the range of sophisticated tools our platform possesses.

 

Explore SteelEye’s Surveillance Solutions