Risks present with confidential and inside information not always managed appropriately, says FCA

Out-Law News | 14 Dec 2015 | 5:28 pm | 3 min. read

The UK's Financial Conduct Authority (FCA) has identified shortcoming with the way some investment banking firms manage confidential and inside information they receive and generate.

The regulator expressed concern about the standard of controls in place at some firms to manage risks such as insider dealing and conflicts of interest arising should confidential and inside information they handle be misused.

Although the firms were aware of the risks they "were not doing enough to manage" them, the FCA said in a report highlighting the results of a thematic review it conducted (25-page /282KB PDF).

It said employees at some of the firms had "shared information without adequate deliberation", that "senior management responsibility and accountability in managing flows of information was not always clear and understood" and that some compliance checks were too "remote" and others were focused too heavily on the responsibilities of front line staff.

The FCA also said that firms had not always thought about risks of putting staff with "conflicting roles or responsibilities" close to one another in offices and that surveillance systems relied on to monitor flows of information, both manual and automated, were "not always fit for purpose". In addition, the regulator said that some policies and procedures investment firms had in place were "not user-friendly" and that training was not always "tailored to the needs of employees".

"Some of the practices observed result in heightened risks for market participants and firms," the FCA said. "These include conduct and conflict of interest failings as well as FCA regulatory and legal breaches. Furthermore if the information qualifies as inside information, then insider dealing and improper disclosure of information can result. Both are serious civil, as well as criminal, offences and the penalties are correspondingly severe."

The FCA said that heightened risks of misuse of confidential or inside information arise where businesses change their business model or grow quickly. It said that financial services firms need to think about and try to mitigate these risks "from the outset" but that it had identified several investment firms that "had not thought sufficiently about these types of circumstances".

It said that one example of where there are heightened risks is where firms provide services to multiple bidders involved "in a competitive M&A transaction". In those circumstances a firm needs to "consider how to control flows of information and manage its conflicts of interest".

The FCA said "firms may want to consider only sharing confidential and inside information where certain criteria are met".

"Employees disclosing information should always ensure that they take into account the best interests of the client, and identify and manage any potential conflicts of interest that may arise either between (i) the firm and a client of the firm or (ii) one client of the firm and another client," the regulator said. "For inside information, firms must consider whether the disclosure is made in the proper course of the exercise of employment, profession or duties."

To help companies assess if disclosing confidential or inside information is necessary firms should first consider if disclosure is "accompanied by the imposition of confidentiality requirements on the person to whom the disclosure is made". They could then consider if disclosure is "reasonable" for the purpose of enabling "a person to perform the proper functions of his employment, profession or duties" or "for the purposes of facilitating any commercial, financial or investment transaction", the FCA said.

"When disclosing information, whether externally or to other parts of the business, the firm should be able to explain why the particular recipient needs to know this information," the FCA said. "Firms would further find it advantageous to always keep the number of people privy to the information, confidential or inside, to the minimum necessary to perform a particular role or task to the appropriate standard."

The FCA said the results of its review and recommendations were of relevance to businesses across the financial services sector.

"It is essential that firms’ senior management pay heed to the findings and messages outlined here, and take the steps necessary to identify and resolve any outstanding issues," the FCA said. "We expect all firms to identify, manage and control the risks arising from flows of information, put in place appropriate oversight and controls, including second line of defence controls, and instil a culture in which market integrity is at the heart of how they do business."

Financial regulation and enforcement expert Michael Ruck of Pinsent Masons, the law firm behind Out-Law.com, said the FCA's review served to highlight the challenge of identifying and managing confidential or inside information.

"Whilst reiterating the current regulatory theme that senior management and business heads should take responsibility for this issue, the issues raised in the thematic review apply much more widely than simply to regulated financial services firms," Ruck said. "An extremely large number of firms across a broad spectrum of industries need to consider the identification and management of inside information. The consequences for failing to do so appropriately can include criminal prosecutions and custodial sentences for activities including insider dealing, fraud and other financial crime related offences."