Compliance programs should be established by corporate management to prevent and detect misconduct and to ensure that corporate activities are conducted in accordance with applicable criminal and civil laws, regulations, and rules. Insider trading programs will be part of a broader compliance program, and can vary for each entity.
While no compliance program can ever prevent all criminal activity by employees, the critical factors in the US, according to the Department of Justice, are “whether the program is adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program[.]”1
In the US, with respect to an entity’s insider trading program, the DOJ and SEC will wish to explore whether or not the entity’s program is tailored to the specific practices and risks present for each specific entity, since there really is no one standard set of policies and procedures that will address the requirements established by the general guidance disclosed by the DOJ and SEC on such matter.
The FCA will take a similar position in the UK in respect of UK-authorized firms. For instance, if an entity relies heavily on outside research, the entity should ensure that it has robust insider trading policies that define appropriate policies and procedures for interacting with outside research providers.
Generally speaking, typical components of effective compliance programs include:
- tone at the top;
- compliance structure, autonomy, resources, and qualifications;
- code of conduct, policies, and procedures, including communication to employees and integration of the policies into the organization;
- effective training;
- risk assessment and management;
- avenues for confidential reporting (i.e., hotline) and investigations;
- employee incentives and disciplinary measures;
- internal audit and controls testing; and
- periodic review and updates to the compliance program.
Furthermore, in the UK, firms regulated by the FCA need to ensure they have an effective and up-to-date insider dealing program so that employees are aware of their legal and regulatory duties and obligations, know who to contact if they have concerns or questions, and understand the potential penalties for failures to comply.While even the most effective compliance program cannot prevent insider dealing from occurring, the FCA will be interested in the robustness of the policies and procedures of a firm. This will be particularly true where there have been a number of insider dealing offenses committed by employees of a firm, as this would suggest that systems and controls are lacking.
1 DOJ, Justice Manual 9-28.800.