COVID-19 and the subsequent lockdown has caused significant business disruptions and fueled huge distress in the global markets. As corporate India tries to adapt to the ‘new normal’, it is certain that our securities markets continue to battle old problems in a new garb.
Lockdown was imposed just before the end of the financial year coinciding with the period during which ‘price sensitive information’ related to financial results was in the process of being finalised. These dynamic circumstances pose a lucrative opportunity for ‘insiders’, who regularly have access to who regularly have access to information which is confidential or not public knowledge, which when disclosed to the public is likely to impact the price of the securities or shares.
A concern connected with the rise of COVID-19 has been the significant volatility in securities markets globally. In such a situation, insiders may have tremendous incentive and opportunity to trade on UPSI. At the same time given the depressed valuations, there has been a significant increase in the volume and amount of trading in equity shares.
As remote working has become more prevalent during the COVID-19 pandemic, the risks pertaining to leakage of UPSI have also increased in today’s environment due to various reasons as listed below:
Information technology related risks
- Working remotely increases the use of unsecured online channels and personal devices to conduct e-meetings and share confidential information. Such alternative modes of communication present increasing cybersecurity risks as they may not be protected with adequate firewalls to prevent unauthorised access to UPSI
- Exceptional approvals may have been granted by the IT department to select employees to move data to external storage devices and/or share using non-approved IT applications leading to heightened risk of unnoticed leakage of UPSI.
‘Outsiders’ related risks
- Companies that are not typically equipped or accustomed to having employees work remotely may have to engage additional third-party vendors/consultants, with access to existing IT infrastructure facilities, as an urgent or emergency measure. Involvement of third parties increases operational risk, transaction risk and compliance/regulatory risk. Moreover, these third parties may also have to be covered as ‘insider’ who need to comply with company’s requirements to prevent Insider Trading
- A large number of people from corporates and intermediaries’ employees, handling UPSI are working remotely. This creates headroom for leakage of UPSI to family members, friends and others who might have access to shared or virtual working spaces even if it unintentional.
Insider Trading Regulations’ related risks
- The volatility in stock markets may have triggered ‘margin calls’ or panic selling of securities by designated persons without enough opportunity to comply with the ‘Pre-Trade Clearance’ requirements.
- In addition to designated persons, companies may now have additional employees who are not ordinarily in the possession of UPSI but who might come into possession of UPSI as a result of the COVID-19 outbreak. Hence, in such unprecedented times, insider trades may not be limited to traditional company insiders alone.
A few steps to secure UPSI (indicative)
- Remind employees to exercise cyber hygiene and ensure adequate IT preparedness to avoid inadvertent cyberattack and unauthorised access to UPSI
- Conduct awareness sessions on regulatory requirements to safeguard UPSI and penalties on violation of Insider Trading regulations
- Identify additional employees and third parties who are granted access to UPSI on exceptional basis and impose all restrictions related to ‘Designated Persons’
- Reiterate (and possibly expand) blackout periods and preclearance of trades for Designated Persons and others in possession of UPSI
- Close monitoring of information leakage from official laptops/mobile phone by optimally using the data leakage prevention (DLP) tools
- Timely withdrawal of administrative rights and/or other exceptional IT privileges extended to select employees during the lockdown, if any
- Minimising circulation of UPSI to attendees, and adherence to highest possible standards of data security and confidentiality, while undertaking Board and Audit Committee meetings, on digital platforms.
Given the growing vulnerabilities to leakages of UPSI and insider trading violations, it is vital that organisations remain proactive in implementing necessary controls to prevent potential legal, financial and reputational implications.
Karan Marwah is Partner and Head – Capital Markets advisory, KPMG in India and Suveer Khanna, is Partner – Forensic Services, KPMG in India.)