www.sii.org.uk

Download Report

Transcript www.sii.org.uk

Controlling inside information:
responding to the FSA review
Jonathan Marsh
Partner
Berwin Leighton Paisner LLP
Adelaide House
London Bridge
London EC4R 9HA
Tel : 020 7760 4989
Fax : 020 7760 1111
5841007.1
Brian McDonnell
Senior Associate
Berwin Leighton Paisner LLP
Adelaide House
London Bridge
London EC4R 9HA
Tel : 020 7760 4114
Fax : 020 7760 1111
Overview
FSA’s increasing focus on controlling inside
information
What is “inside information”
Control of inside information
Lessons to be learnt from the FSA’s thematic
review
Four key points
Increasing focus on systems and
controls
“It is extremely important for those who
are privy to inside information to ensure
that controls are robust and awareness
of the risk of leakage is high in order to
mitigate the risk of a leak of information”
Market Watch no. 21, July 2007
FSA focus on inside information
Statutory objectives
– Disclosure by issuers
– Control of inside information by issuers and financial
institutions
– Market abuse and insider dealing
Market cleanliness survey (OP25)
– informed trading ahead of takeovers remains high
FSA thematic review of controls over inside
information relating to public takeovers – Market
Watch no. 21, July 2007
FSA focus on inside information
Issues for financial institutions
Financial institutions as issuers
– Listing principles / General Disclosure Obligation
Financial institutions (and employees) as
advisers/brokers/lenders
– Principles for Businesses / SYSC – senior management
responsibility
Market Abuse by firm (or clients – STR) – same
definition of inside information as Disclosure Obl
Increased risks in context of private equity and hedge
funds
What is Inside Information?
Sources of law and regulation
Financial Services and Markets Act 2000
Disclosure Rules and Transparency Rules
(“DTR”)
Listing Principles (“LP”) – LP 2
Exchange provisions
Commission of European Securities
Regulators (“CESR”) guidance
What is inside information?
Definition
In relation to qualifying investments (traded on
prescribed market), or related investments (where
price/value depends on that of qualifying investment),
which are not commodity derivatives, inside
information is information which is:
– of a precise nature;
– is not generally available;
– relates, directly or indirectly, to one or more issuers of the
qualifying investment or to one or more of the qualifying
investments; and
– would, if generally available, be likely to have a significant
effect on the price of the qualifying investments or on the
price of the related investments.
Inside information: “Likely to have
a significant effect on price”
Information would be likely to have a significant effect
on price if and only if it is information of a kind which
a reasonable investor would be likely to use as part
of the basis of his investment decisions – s.118(C)(6)
And would therefore be likely to have a significant
effect on the price of the issuer’s financial
instruments (the “reasonable investor test”) – DTR
2.2.4G
– “Mere possibility is not enough, but on the other hand a
degree of probability close to certainty is not necessary
either” – CESR/02-089d
Inside information: “Likely to have
a significant effect on price” (2)
The significance of information will vary from issuer to issuer but
information which is generally likely to be relevant includes that
which affects:
– the assets and liabilities of the issuer;
– the performance, or the expectation of the performance of the
issuer’s business;
– the financial condition of the issuer;
– the course of the issuer’s business;
– major new developments in the business of the issuer; or
– information previously disclosed to the market (DTR 2.2.6G)
No percentage test but consider use of sensitivity list.
Includes information which only concerns the issuer indirectly
Inside information: “Of a precise
nature”
Information is only precise where it:
– (1) indicates circumstances that exist or may reasonably be
expected to come into existence or an event that has occurred or
may reasonably be expected to occur; and
– (2) is specific enough to enable a conclusion to be drawn as to the
possible effect of those circumstances or that event on the price of
qualifying investments or related investments – s.118(C) FSMA.
Would enable conclusion to be drawn as to possible impact on
price either when it would enable a reasonable investor to take
an investment decision without (or at very low) risk or when the
information is such that it is likely to be exploited immediately on
the market - CESR/07-416
Not rumour (reliable source), speculation or information which is
wholly contingent
Inside information: “Not generally
available”
Information which can be obtained by
research or analysis conducted by or on
behalf of users of a market is to be regarded
as generally available to them – s.118(8)
FSMA
What must an issuer do with
inside information? - The General
Disclosure Obligation
An issuer must notify a Regulatory Information Service
(“RIS”) as soon as possible of any inside information
which directly concerns the issuer unless [a delaying
provision applies] – DTR 2.2.1 R
When and how to disclose
As soon as possible via a RIS
–
delay of minutes/hours may be permissable if clarification necessary in order to present
news to the public in a meaningful way
–
use “holding announcement” where danger of inside information leaking – e.g.
“Company X announces that it will not meet market expectations for the current
financial year. An assessment is currently being made to quantify this impact and
further details will be announced in due course.”
An issuer must take all reasonable care to ensure that any information that it
notifies to an RIS is not false, misleading or deceptive and that it does not omit
anything likely to affect its import – DTR 1.3.4R
Inside information announced via a RIS must be available on the issuer’s
internet site by the close of the business day following the day of the RIS
announcement – DTR 2.3.2R
Synchronise release “as closely as possible” in all jurisdictions – DTR 2.4
Annual information update – PR 5.2
Delay in disclosure and selective disclosure
Disciplinary cases pursued
against listed companies
Marconi plc – 2003
Sportsworld Media plc – 2004
Universal Salvage plc – 2004
Shell – 2004
Pace Micro Technology - 2005
MyTravel Group plc – 2005
Eurodis Electron plc - 2005
Control of inside information –
Listing principles
Listing Principle 2 – An issuer must take reasonable steps to establish and maintain
adequate procedures, systems and controls to enable it to comply with its obligations
Timely and accurate disclosure of information to the market is a key obligation of
listed companies. For the purposes of LP 2, a listed company with a primary listing of
equity securities should have adequate systems and controls to be able to:
1. ensure that it can properly identify information which requires disclosure under the listing
rules or DTR in a timely manner; and
2. ensure that any information identified under paragraph (1) is properly considered by the
directors and that such a consideration encompasses whether the information should be
disclosed – LR 7.2.3G
“Recognising the evidential challenges in bringing successful enforcement cases, we
will take a robust line where we identify leaks that may have been caused either
deliberately or due to serious weaknesses in controls or behaviour” – Market
Watch 21 (July 2007)
Systems to ensure inside information identified, escalated, and decision made quickly
Control of inside information –
DTR
An issuer must establish effective arrangements to deny access to
inside information to persons other than those who require it for the
exercise of their functions within the issuer – DTR 2.6.1R
An issuer must have in place measures which enable public
disclosure to be made via a RIS as soon as possible in case the
issuer is not able to ensure the confidentiality of the relevant inside
information - DTR 2.6.2R
The directors of the issuer should carefully and continuously
monitor whether changes in the circumstances of the issuer are
such that an announcement obligation has arisen – DTR 2.2.8G
Control of inside information –
DTR: insider lists
An issuer must ensure that it and persons acting on its behalf or on its account
draw up a list of those persons working for them, under a contract of
employment or otherwise, who have access to inside information relating directly
or indirectly to the issuer, whether on a regular or occasional basis – DTR 2.8.1R
If so requested, an issuer must provide to the FSA as soon as possible an
insider list
Every insider list must contain the following information:
– the identity of each person having access to inside information;
– the reason why such person is on the insider list (“access to X inside information”);
and
– the date on which the insider list was created and updated – DTR 2.8.3R
An insider list must be promptly updated:
– when there is a change in the reason why a person is already on the list;
– when any person who is not already on the list is provided with access to inside
information; and
– to indicate the date on which a person already on the list on longer has access to
inside information - DTR 2.8.4R
An issuer must ensure that its “insider” employees acknowledge the legal and
regulatory duties entailed and are aware of the sanctions attaching to the misuse or
improper circulation of such information – DTR 2.8.9 R
The list must be kept for at least 5 years from update – DTR 2.8.5R
Control of inside information – DTR:
insider lists kept by advisers
It is not necessary for an issuer to maintain a list of all the individuals working for
another firm or company acting on its behalf or its account where it has:
– recorded the name of the principal contact(s) at that firm or company;
– made effective arrangements, which are likely to be based in contract, for that
firm or company to maintain its own list of persons both acting on behalf of
the issuer and with access to inside information on the issuer; and
– made effective arrangements for that firm or company to provide a copy of its list
to the issuer as soon as possible upon request – DTR 2.8.8G
An issuer and not its advisers or agents is ultimately responsible for the maintenance
of insider lists – DTR 2.8.6 G
An issuer must ensure that any person that:
– is acting on its behalf or on its account; and
– has drawn up an insider list;
has taken the necessary measures to ensure that every person whose name is on the
insider list acknowledges the legal and regulatory duties entailed and is aware of the
sanctions attaching to the misuse or improper circulation of such information – DTR
2.8.10 R
Control of inside information – DTR:
insider lists kept by advisers (2)
Which employees of the adviser must appear on insider list?
– Employees of firms “acting on behalf” of an issuer need only appear on an
insider list if they both have access to inside information and are acting for
issuer eg. members of deal teams and client-facing staff provided that they
have access to inside information.
Examples of those likely to fall outside the scope to the requirement
include:
– someone at an adviser employed to photocopy documents or who acts in a
“control room” type function as they would not be acting on behalf of a issuer
despite, in theory, having access to inside information; and
– an adviser’s senior management unless they were clearly working on an
assignment for an issuer.
Transaction reporting and the
Model Code
Persons discharging managerial responsibilities (“PDMR”) and their connected persons,
must notify the issuer in writing of the occurrence of all transactions conducted on their own
account in the shares of the issuer, or derivatives or any other financial instruments relating
to those shares within four business days of the day on which the transaction occurred –
DTR 3.1.2R
Subsequent notification by issuer to RIS no later than end of business day following receipt
of information
A person discharging managerial responsibility is:
–
–
a director of an issuer:
• registered in the UK that has requested or approved admission of its shares to trading on a
regulated market; or
• not registered in the UK or any other EEA State but has requested or approved admission of its
shares to trading on a regulated market and who is required to file annual information in relation
to shares in the UK in accordance with Article 10 of the Prospectus Directive; or
a senior executive of such an issuer who:
• has regular access to inside information relating, directly or indirectly, to the issuer; and
• has power to make managerial decisions affecting the future development and business
prospects of the issuer
Connected person
Model Code
Lessons to be learnt from the
FSA’s thematic review
Jonathan Marsh
The FSA review - background
Four recent M&A deals reviewed in detail
– three involved an unusual degree of price volatility
ahead of the announcement
– the other did not – used as comparator
Visited all key parties to the deals
Also held meetings with other M&A firms not
involved in the transactions
Over 50 meetings in total
General findings
Many examples of good controls identified
All of the firms were confident that leaks did
not originate from them
– firms were “perhaps too complacent” about their
own procedures
Concerns about very high numbers of
insiders
Few firms had formulated policies to conduct
internal reviews following a leak
Six specific areas of concern
High level policies and procedures
Reducing the distribution of inside information
Use of information technology
Training
The way that information is passed to third
parties
Personal account dealing
Written policies and procedures
Maintain formal, documented policies that relate to information handling. Ensure
that policies are regularly reviewed (by internal audit) and updated
Ensure that insider lists are complete, accurate and up to date so that any leak
enquiries can be expedited
Maintain a policy on contact with the media
Staff policies:
–
–
–
–
–
Maintain formal, written procedures for staff to “whistleblow” when they see sensitive
information being handled inappropriately
When staff who hold sensitive information leave a firm, or change roles, remind them of
their responsibilities regarding the ongoing confidentiality of that information
Maintain a policy on the use of temporary or contract staff in handling M&A work (i.e.
ensure trained and aware of their responsibilities)
Proper staff vetting checks for jobs in M&A areas
Acknowledge risk of organised criminals placing insiders in firms to access information
Reducing the distribution of
confidential information
Make effective use of a clear policy for making
someone an insider
– Limit the number of people who need to know about a deal
and ensure made aware of their responsibilities before
handling sensitive information
– Even if there is a need to know, limit access to some of the
information if possible
– Advise other insiders when someone is removed from an
insiders’ list
Where practical, physically separate deal teams
– Place “Chinese Boxes” between individual deal teams
– Where possible conduct due diligence research offsite
Reducing the distribution of
inside information (2)
Security documents:
– Have a policy on secure disposal of confidential documents
– Monitor and enforce a clear desk policy
– Maintain formal, written procedures for when staff work offsite or when they take information out of the office
– Place code names on the front cover of documents
– Limit or control the hard copy distribution of papers (e.g.
numbered copies or bar codes on documents).
Use restricted access systems in areas that handle
sensitive information
Use appropriate code names to disguise the
identities of relevant parties (and use for IT files and
email subject lines)
Effective use of IT
Restrict IT access to only named individuals working
on a specific deal
– Use secure data rooms; ensuring that security to the portal is
robust and that access to the portal is restricted to named
individuals
– Password protect documents/encrypt electronic equipment
such as mobile phones, Blackberry devices, laptops and
memory sticks
– Restrict access to other peoples email accounts
– Mark sensitive calendar entries as private
– Use automatic locking facilities on computers so that when
people leave them for brief periods no-one else can access
them
Effective use of IT (2)
Use Virtual Private Networks for staff who need access to
business systems when working off-site
Procedure so that once a member of staff leaves a firm, or
changes roles, the individual’s access to IT systems is quickly
and completely removed
Detection of potential problems
– Perform risk-based security checks on deal rooms to check for any
breaches
– Use technology to generate an audit trail of all those people who
have access to sensitive files, including when they actually access
those files
– Employ ‘ethical hackers’ to check the robustness of IT systems and
keep abreast of any new methods of data theft
Use dedicated IT support for deal teams – ensure all insiders
Training
Tailored induction training, as well as refresher
training, for all staff regardless of their position in the
firm (including support staff)
– use case studies where possible
Have a dedicated training person/team so that
training can be prioritised and structured
Maintain accurate, up-to-date training records to
ensure consistency
Test awareness and understanding
Disclosures to third parties
Maintain formal, written procedures for adding third parties to
the information chain that formally makes them insiders and
spells out the responsibilities that the third party has for handling
the information
– Do not solely rely on the signing of confidentiality letters and for
less experienced parties sit down with them and talk through their
responsibilities and the sensitivity of the information being passed
Ensure external printers are made insiders
Minimising the risk of inadvertent disclosure to third parties:
– Take care when contacting third parties to undertake conflicts
checks
– Undertake caution if ‘beauty parades’ are used to engage with
potential advisors; ensure that those advisors are aware of their
responsibilities
Disclose information to third parties as late as practical
Personal account dealing
Maintain a formal, written procedure for any
personal account dealing by members of staff
(and family) ensure that staff are aware of it
– Explicit reference to PA dealing policy covering
derivatives or related products (this was not
included at many firms)
– Policy covers accounts for which staff hold power
of attorney
Ensure that staff are aware that insider
dealing is a criminal offence
Personal account dealing (2)
Blanket ban on personal account dealing?
– Only allow staff members to deal (if they attest that they do
not hold any inside or relevant information) after they have
obtained permission to deal from their immediate manager
or compliance officer
– Require staff to use specified brokers when dealing
– Require staff to file annual declarations of their holdings
Keep a written log of permission requests and their
outcomes, including details of why the request was
made and why (if any) permission to deal was given
Carry out risk-based monitoring of staff trading
activities against announcements
FSA call to action
“we would encourage senior management of
all firms who handle inside information to
consider what controls are appropriate given
the breadth, scale and context of their own
business”
Market Watch no. 21, July 2007
Four key points
Awareness that protection of inside
information remains a key wholesale priority
for the FSA
Review of existing control procedures in the
light of the FSA’s findings
Identify key risks and implement appropriate
systems and controls to counter the risks
Document the decisions taken by senior
management
Controlling inside information:
responding to the FSA review
Jonathan Marsh
Partner
Berwin Leighton Paisner LLP
Adelaide House
London Bridge
London EC4R 9HA
Tel : 020 7760 4989
Fax : 020 7760 1111
5841007.1
Brian McDonnell
Senior Associate
Berwin Leighton Paisner LLP
Adelaide House
London Bridge
London EC4R 9HA
Tel : 020 7760 4114
Fax : 020 7760 1111