Employee Hotlines Are the Key to Securities Compliance
The SEC’s aggressive approach to enforcing insider trading laws globally has important implications for internationally active market participants. To address this development, firms should consider taking the following steps to either develop a comprehensive cross-border compliance program in the first instance or incorporate appropriate enhancements to existing programs in an effort to mitigate the risk of cross-border regulatory scrutiny:
First, firms should ensure that their policies and procedures track the highest legal standard against which their conduct may be judged which, in many cases, may be that of the United States. Internal procedures should seek to ensure that legal and compliance functions are well integrated with a firm’s trading operations such that they are positioned to understand new and evolving ways in which a firm receives and shares information, both internally and with third parties. Policies and procedures also should address the circumstances in which internal information barriers are necessary or appropriate as well as specific procedures for
involving legal and compliance in determining whether the firm has received material non-public information and, as such, should restrict itself from trading in the relevant securities.
Second, firms should adopt or enhance comprehensive training programs to ensure that a firm’s employees are familiar with their compliance roles and responsibilities, particularly with respect to the handling and sharing of non-public information. Among other things, training programs should explore the current global enforcement environment, the standards against which firm and individual employee conduct will be judged as well as the internal mechanisms available to employees to report any compliance concerns or potential violations. Specifically, firms should implement an internal ethics/whistleblower hotline. The SEC’s new whistleblower program has seen a significant uptick in whistleblower complaints originating from outside the United States.
The point of incorporating these items into compliance training is to ensure that employees understand that the incentives of the SEC whistleblower program are such that potential whistleblowers are incentivized to report any potential concerns first through internal reporting mechanisms prior to raising the issue externally to the SEC or other regulators (i.e., primarily because one of the factors to be applied by the SEC in determining the amount of any whistleblower award is whether the individual first reported through available internal channels).
Third, firms should take care to develop tailored protocols for ongoing compliance monitoring and surveillance of trading activity to identify and address insider trading and other risks. These monitoring procedures should be risk-based, taking into account the nature and degree of information to which different categories of employees may have access, and must be
flexible enough to permit adjustments and enhancements based on the evolution of how information is received and disseminated within an organization and with third parties. Firms also should dedicate sufficient resources to internal legal and compliance departments so as to make compliance monitoring a legitimate, meaningful process that is fully supported by senior business leaders and credible to domestic and foreign regulators alike.
Firms should proactively develop an internal playbook for responding to a potential insider trading problem before an issue is detected. As recent case studies demonstrate, time is often of the essence once an issue has captured the regulatory interest of the SEC or other regulators around the world. As a result, firms should develop a process for conducting internal reviews on a cross-border basis in order to gather relevant facts expeditiously and consider how best to mitigate regulatory risk both domestically & internationally. Ultimately, if an issue identified internally is of a sufficient magnitude that makes self-reporting either necessary or advisable, internationally active firms will need to consider carefully how best to self-report potential violations and how best to navigate the real possibility of having to self-report to a number of different regulators around the world.
Finally, firms should be prepared for how they will respond to a cross-border regulatory investigation, whether in the form of an SEC subpoena (or, an asset freeze order from a foreign court) by carefully analyzing the intersection of a foreign request or court order with local banking, privacy, and consumer protection laws in the various jurisdictions in which they operate. While such issues must be considered on a fact-specific basis, firms that think about the steps they will take to respond to these issues before they arise will be far better positioned to handle them when they occur than those who put off consideration of such cross-border complexities until a problem arises.