Equifax Atlanta HQ. Photo by John Disney/ ALM. |

The four executives who sold stocks just days after Equifax Inc.'s security department observed suspicious activity have been cleared by a special committee tasked with looking at various aspects of the breach. The execs in question did not have knowledge of the security incident and “received clearance from the appropriate Legal Department personnel prior to trading,” according to the report from the special committee.

Questions about the timing of these sales often focus on the company's chief legal officer, John Kelley III, who along with being in charge of company cybersecurity is responsible for approving share sales by Equifax executives. But per the report, Kelley, who did not immediately respond to request for comment for this article, followed company policies with respect to these stock sales and had no reason to believe the execs in question had knowledge of the data security incident.

In September, the same month the cybersecurity incident was announced, Equifax's board formed the special committee of independent directors to look at the company's response to the breach that has affected some 145 million U.S. consumers to company policies and the stock sales, among other issues. The focus for the report, released Nov. 3, was on the securities trading.

Given his roles within the company, it comes as no surprise that Kelley has been a point of focus with respect to the breach. In multiple hearings before Congress in October, former Equifax CEO Richard Smith was pressed, in part, about the timing of the stock sales and Kelley's decision to approve the transactions. Smith testified that he believed Kelley was notified about suspicious activity on July 31. On the same day and on Aug. 1, Kelley approved stock sales totaling roughly $1.8 million from CFO John Gamble, president of U.S. information solutions Joseph Loughran and president of workforce solutions Rodolfo Ploder.

Friday's announcement noted that Douglas Brandberg, senior vice president of investor relations, received pre-clearance to sell Equifax securities on Aug. 1. All trades were executed on Aug. 1 and Aug. 2.

But after looking through more than 55,000 documents—including emails, text messages and other records—the special committee determined that “none of the four executives had knowledge of the incident when their trades were made, that preclearance for the four trades was appropriately obtained, that each of the four trades at issue comported with Company policy, and that none of the four executives engaged in insider trading.”

As part of this review, the special committee examined “all Equifax emails, texts, voicemails, calendars, and other electronic documents for the period of July 29 through August 2” from those in the legal department most involved in the security investigation and/or the preclearance of the trades in question. In person or telephone interviews were also conducted of those who potentially knew about the investigation of the data security incident on or before the trades were made, which would likely include Kelley.

Per the report, Equifax policy stipulates that directors and certain senior officers may only trade Equifax securities in specified trade windows and must receive preclearance from Kelley or his designee. Each of the four execs sent an email to the legal department requesting preclearance between July 28 and Aug. 1. In one case, greater specificity was requested from the legal department related to the number of types of shares to be sold, but ultimately, all received the required preclearance.

“Based on its review, the Committee has concluded that neither Equifax's Chief Legal Officer nor his designated preclearance officer had reason to believe that Messrs Gamble, Loughran, Ploder, or Brandberg had knowledge of the security incident's existence as of the date of their preclearance requests or the date of their trades,” according to the report. “Accordingly, the Special Committee has concluded that the preclearance authorization obtained by [these four executives] was within the authority permitted under the policy.”

The report also revealed that on Aug. 15, Equifax's legal department imposed a trading blackout on all company personnel “identified as aware of the breach as of that date.”

This may not be the end of the questioning for Kelley and Equifax around the stock sales, though, as the U.S. Department of Justice has reportedly opened a criminal investigation into whether the executives' actions amounted to insider trading.