Taking a photo. Photo by Shutterstock.com.

This article is part one of a three-part series discussing recent trends that warrant public companies to consider whether their insider trading policies should be updated. Part one provides practical guidance on mitigating risks associated with employees who may inadvertently share confidential information with others. Part two discusses practical suggestions to comply with U.S. Securities and Exchange Commission (SEC) guidance to public companies that insider trading policies should address cybersecurity risks. Part three provides a primer on potential legislative changes involving stock trading plans (aka Rule 10b5-1 Trading Plans) routinely relied on by corporate insiders to trade their company's stock legally.

Employees Working Remotely Should Safeguard Confidential Information

Technology advancements have enabled employees to work seamlessly from home and public places. Companies are embracing remote work options to cultivate a more satisfied and productive workforce. However, a negative consequence of this otherwise positive trend is that employees routinely remove sensitive company documents from the secure confines of their offices and company databases. Unprotected confidential information is susceptible to being furtively viewed and misused by outsiders for personal gain, including to commit illegal insider trading. Indeed, enforcement agencies continue to file a steady stream of insider trading cases stemming from confidential information being absconded from unwitting corporate insiders.  The risk of such incidents is increasing due to the expected continued escalation of remote working.

Recent SEC enforcement cases illustrate how bad actors can and will take advantage of an opportunity to abscond confidential information from unwitting corporate insiders working remotely. In May, in SEC v. Fettner, the SEC charged a lifelong friend of a general counsel of a public company with illegal insider trading for trades commenced based on confidential information he stole while staying as a guest at the home of his friend. According to the SEC complaint, while staying as a guest for several days at the general counsel's home, the guest/defendant surreptitiously viewed a folder containing confidential documents related to a potential acquisition of a target company in the general counsel's home office and executed multiple trades on the basis of this information, as did others he tipped off.

In SEC v. Hengen, the SEC charged the husband of a company executive for illegally trading on two separate occasions based on confidential information he usurped by eavesdropping on his wife's business teleconference calls taken in their home and reviewing her business notebook.  According to the SEC complaint, filed in November 2018, the husband/defendant overheard his wife on a work teleconference discussing her company's pending acquisition of a target company while she was working from home. Based on this information, the defendant (and four persons he tipped off) purchased and sold the target company's stock. Separately, the defendant illegally traded securities based on confidential information about another pending acquisition that he gleaned from reviewing his wife's work notebook on their dining room table.

It is also dangerous for employees to innocuously share confidential information with family members and others they trust implicitly. Employees understandably may assume that a loved one or friend would never misuse information they innocently share. Unfortunately, greed has led many people to commit egregious acts, including executing illegal trades based on confidential information entrusted to them by a loved one. Such a scenario is reflected in the SEC and Department of Justice (DOJ) prosecutions of a senior drug safety executive's husband in 2017 and 2018. On at least three occasions, the husband misused information his wife entrusted to him and profited from trading shares of the wife's employer. The husband committed these acts despite his wife expressly informing him of her company's insider trading policy and instructing him not to trade the company's stock.

Multiple cases involving similar violations of law and trust were filed over the past two years. In November 2018, the SEC filed an insider trading action against a health care executive's brother where the health care executive confided in his brother at a family holiday gathering that the executive's company was to be acquired to explain why the executive recently had traveled heavily for work. The brother soon thereafter purchased shares of the target company that he later sold for a profit. A few months before, the commission sued the son of a bank director for trading based on information the father shared in confidence with his son regarding a potential bank acquisition. In yet another enforcement action in December 2017, the SEC sued the brother of a biotech company employee for trading based on the information he learned from the biotech employee about nonpublic clinical results of a cancer drug.

Recommendations for Consideration

In light of these potential collateral risks, public companies have good reason to ensure they craft their insider trading policies to minimize the likelihood of illegal trading events arising from bad actors obtaining confidential information from their employees. We recommend in-house counsel consider several issues when assessing their company's insider trading policies and training, including:

1. Companies should educate their employees on the need to take appropriate precautionary measures to protect confidential information and on the potential legal consequences of failing to do so.

2. As businesses continue to embrace flexible work arrangements, it is critical for employees to be informed of the specific risks presented when remote working. Employees should understand that anytime they work outside of the office, a risk of exposing company confidential information arises for anyone to steal and use it for illicit purposes, including illegal insider trading. Coffee shops, hotel lobbies, shared office spaces (e.g., WeWork), and public transportation (e.g., airplanes and trains) are full of people who can overhear telephone conversations, "visually hack" information displayed on an employee's device (e.g., laptop, tablet, smartphone) or view hard copy documents left in the open. A laptop privacy screen may be a simple and cost-effective solution to some of the "visual hack" risks.

3. Employees should be instructed to secure company information present in their home, as family members, hired workers, and other invited guests could view and misuse that information.

4. Employees should be reminded that danger lurks even when innocently sharing company information with trusted family members and friends. While an insider's family member or close friend admittedly is unlikely to trade on such shared information, the safest course is not to share information.

5. Counsel should work closely with the company's information technology professionals to keep pace with the remote work methods being offered and used by the company's workforce so that counsel can understand the risks those methods present and draft the company's policies accordingly.

Michael J. Rivera is a member in the Washington, D.C., office of Bass, Berry & Sims. He represents businesses and individuals in securities enforcement proceedings and internal investigations. He may be reached at [email protected].

Abby Yi is an associate in the Washington, D.C., office of Bass, Berry & Sims. She represents companies in connection with internal and government investigations concerning white-collar and corporate compliance matters. She may be reached at [email protected].