Equifax Data Breach: Preliminary Lessons for the Adoption and Implementation of Insider Trading Policies
Insider trading allegations have surfaced at Equifax, a credit rating agency that last week announced a data breach that could potentially affect 143 million consumers in the United States, nearly half of the country’s population. SEC filings show that three Equifax executives – Chief Financial Officer John Gamble Jr., Workforce Solutions President Rodolfo Ploder and U.S. Information Solutions President Joseph Loughran – sold nearly $2 million in shares of the company’s common stock days after the cyberattack was discovered but before the news was publicly announced. It was unclear whether their share sales had anything to do with the breach. None of the SEC filings list the sales as being conducted as part of pre-established10b5-1 trading plans. Equifax said in a statement that the three executives sold a “small percentage” of their shares on August 1 and August 2, adding they “had no knowledge that an intrusion had occurred at the time they sold their shares.” Following the company’s announcement of the data breach on September 9, Equifax shares traded down by almost 14 percent. The SEC has not commented on the share sales.
While all of the facts are not yet public, the situation as reported raises a number of fundamental questions. Under Equifax’s insider trading policy, was there a mandatory pre-clearance policy requiring the executives to get approval prior to placing their sell orders? If so, why were the sales approved in light of the existence of a data breach? Did Equifax invoke a blackout period as soon as it knew of the data breach and, if not, why not?
These questions and the developing circumstances at Equifax serve as a reminder for public companies to consider the following practices when adopting or revising an insider trading policy:
- Make sure that your company has a policy and procedures in place that cover the purchase and sale of securities by insiders. The anti-fraud provisions of U.S. securities laws (Section 10(b) and Rule 10b-5 of the Securities Exchange Act of 1934 (the “Exchange Act”)) prohibit individuals with material nonpublic information fr om trading in the company’s securities on the basis of that information and from providing the information to others who may trade in the securities. Directors and executive officers of public companies are also subject to the reporting requirements and short-swing trading restrictions of Section 16 of the Exchange Act. A well-crafted and implemented insider trading policy can help prevent insiders from inadvertently violating these laws and incurring civil and criminal liability, and can protect the company from circumstances that would otherwise result in premature disclosures or “control person” liability. Keep in mind that the outcomes in these situations are typically determined with the benefit of 20/20 hindsight, and they can be costly not only in financial terms but also to the reputations of the insider and the company.
- Be clear on which individuals are subject to the insider trading policy, and how it applies to each class of persons. The policy may apply to anyone who has a fiduciary duty to the company (including directors, executive officers, other employees, and potentially advisors, consultants and contractors, and their related persons), and none of these individuals should be trading securities based on material nonpublic information. Restrictions on trading activities by these individuals, however, will vary depending on their level and function at the company. For example, many insider trading policies only require directors, executive officers and designated insiders with regular access to material nonpublic information to pre-clear their transactions. Companies must apply judgments on risk and feasibility of policy implementation in defining the set of “designated insiders” beyond directors and executive officers who are subject to additional restrictions not placed on rank-and-file employees.
- Articulate and enforce pre-clearance policies for directors, executive officers, other designated insiders and their related persons. Pre-clearance is the most effective procedure to prevent sales by insiders during a blackout period or at other times when they might be in possession of material inside information. Insiders should be encouraged to pre-clear transactions before they are discussed with their brokers or financial planners. The policy should also be clear on the types of transactions that require pre-clearance. Some transactions that require pre-clearance may not be intuitive, such as an intra-401(k) plan transfer into or out of the company stock fund and changes in the form of ownership or the manner in which ownership is recorded, such as transfers in or out of joint ownership; transfers into or out of a trust; and transfers into or out of a custodial account. Similarly, there may be exceptions related to employee stock purchase programs, dividend reinvestment plans or other arrangements wh ere the individual does not control a market transaction in the company securities.
- Establish clear blackout periods related to the quarterly financial reporting calendar. Directors, executive officers and those involved in the company’s external financial reporting process should be restricted from trading in company securities during pre-established blackout periods tied to the company’s financial reporting calendar. Blackout periods generally commence at a time prior to the end of a fiscal quarter, as determined by each company based on its internal information gathering and processing timetable, and continues until 24 to 48 hours following the public release of the company’s quarterly results.
- Provide for (and implement) event-specific blackouts to allow the company to impose trading restrictions outside of scheduled blackout periods when material nonpublic information is known within the company. The importance of event-specific blackout periods cannot be understated. The anti-fraud provisions the federal securities laws generally do not impose an affirmative duty on public companies to disclose material inside information unless, among other things, the company or its insiders are trading in the company’s securities. Therefore, trading by insiders essentially forces a company to disclose material inside information at time when it may be disadvantageous to the company and would not have otherwise been required. The law department should have a procedure in place to notify designated individuals subject to such a blackout that they may not trade in company securities, and that they should not disclose the existence of the blackout to other individuals. However, the failure to designate or notify these individuals does not relieve these individuals of an obligation not to trade while in possession of material nonpublic information.
- Provide examples in the policy of material nonpublic information. A simple statement that information may be considered material if a reasonable investor would consider it important in making a decision to buy, hold or sell securities may provide insufficient guidance. Instead, a set of specific examples can make the policy easier to understand. In addition, individuals should be reminded that their obligations extend to material nonpublic information about other companies that do business with the company, which were obtained in the course of their business activities on behalf of the company.
- Avoid standing orders to buy or sell company securities at a particular price, because they may be triggered when the individual is in possession of material nonpublic information. These concerns may be avoided by establishing a Rule 10b5-1 plan.
- Explain how trades may be exempt from the insider trading policy if they are made under a properly pre-established and maintained trading plan, known as a 10b5-1 trading plan, and articulate the criteria for a properly pre-established and maintained plan. In brief:
- the plan must be established when the individual was unaware of material nonpublic information;
- the plan must be established in good faith and not as part of a scheme to evade the prohibitions of Rule 10b5-1;
- the plan must specify the number or dollar value of company securities to be purchased or sold, the price at which the shares are to be traded, and the date of the trade; provide a written formula, algorithm or computer program for determining these variables; or not permit the individual to exercise any subsequent influence over how, when or whether to effect purchases or sales, provided that any other person exercising such influence must not be aware of material nonpublic information when doing so; and
- the purchase or sale must be pursuant to the plan (without deviation and without a corresponding or hedging transaction with respect to the securities).
- At least annually, remind directors, executive officers and designated insiders of trading restrictions, including restrictions under the insider trading policy, Section 16 of the Exchange Act and any anti-hedging and anti-pledging policies, and remind them of the scheduled blackout periods. Periodic educational sessions for the various classes of individuals subject to the insider trading policy are advisable.
- Identify a contact for questions concerning the insider trading policy. Generally, this would be the company’s General Counsel or another person who manages the disclosure of material information to the public.