Guidelines for Confidential Information Containment

GN-3500-21-001
Type: Rules Notice> Guidance Note
Rule connection:
IIROC Rules
Distribute internally to:
Institutional
Legal and Compliance
Senior Management
Trading Desk
Retail

Contact:

Business Conduct Compliance
Email:

Executive Summary

Effective Date: December 31, 2021

The following guidelines were identified from reviews of Dealer Members (Dealers) having well developed and effective systems for containing confidential information so as to prevent it being used for illegal insider trading. Policies and procedures commonly used by registrants to monitor and/or restrict transactions include the use of “Grey” (or “Watch”) and “Restricted” Lists.  These guidelines are being provided to assist Dealers that are implementing, revising or reviewing the effectiveness of their procedures. IIROC recognizes that such procedures will vary from Dealer to Dealer depending on factors such as the nature of the Dealer’s business, its size, clientele and the markets in which it conducts business.

Table of contents
  1. Introduction

The containment of confidential information is an issue for all Dealers, not just those engaged in corporate finance or investment banking activities. Dealers that are not involved in corporate finance or investment banking should identify the various means by which they, or their personnel, may come into possession of material non-public information that could be used for insider trading, such as through trading by issuers, research or relationships between personnel and corporate insiders.

Dealers must establish procedures to bring the receipt of such information to the attention of management and deal with it appropriately, using these guidelines. Dealers must implement, maintain and enforce robust policies and procedures to safeguard inside information.

  1. Information Barriers (Firewalls)

Information Barriers are physical and procedural means of restricting access to confidential information to those needing to know it and of recording who gets access to it and when.

  1. Assign a qualified senior officer, or a sub-committee of the Board of Directors (BOD), accountable to the Audit Committee of the BOD to
    • oversee the design, implementation, documentation and maintenance of the Dealer’s overall containment program, and
    • provide for full documentation of the same,

      including programs for periodic reviews and timely updates, continuous improvement and ongoing staff education.
  2. Set out a clearly worded definition of “confidential information” as it pertains to the Dealer’s dealings with issuers and the dealings of employees with same.
  3. Establish a reliable, Dealer-wide program for disseminating that definition to all staff and to provide consistent answers to questions for clarification.
  4. Establish a similar program to inform employees of the relevant policies and procedures that govern their handling of confidential information. 
  5. Obtain clear, formal employee undertakings to abide by those policies and procedures.
  6. Establish effective physical barriers limiting access to documents containing confidential information to those authorized to use them.
  7. Establish effective technological barriers limiting access to electronic documents and records containing confidential information to those authorized to use them.
  8. Establish effective procedural deterrents supportive of, and complementary to, those barriers.
  9. Determine in advance the processes by which outside individuals may be brought over the (fire)wall.
  10. Provide for keeping records on who is brought over the wall and when, or who has access to confidential information, including both internal personnel and outside consultants or advisers.
  11. Establish a regular program for testing all deterrents and to review results.
  12. If outside parties are involved in the implementation of and/or testing processes, ensure these are bound by solid confidentiality restrictions.
  13.  In Introducing/Carrying Broker arrangements, ensure clear, non-conflicting agreements are in place regarding respective responsibilities for information containment and leakage detection. Arrange mutually to revisit these at least annually.
  1. Grey (or “Watch”) Lists

A Grey list is a highly confidential and limited-circulation list of issuers on which the Dealer and its staff have confidential information. The list is distributed to qualified staff to monitor any trading activity that suggests the information is being misused or has leaked.

  1. Dealers must establish policies and procedures regarding
    • the purpose of a grey (or “watch”) list
    • the kinds of events that should see a security, or family of securities, added to or removed from the list
    • the process for having issuers added to or removed from the list
    • the information to be contained on the list, including dates and times of all additions and deletions
    • the person(s) charged with maintaining the list
    • the limited distribution of the list
    • the safe storage of the list and its data
    • and the means by which the list will be applied to the Dealer’s continuous self-supervision activities.
  2. Train all persons likely to come in contact with confidential information on Grey List procedures.
  3. Ensure the preparation of the list includes access to Corporate Finance or Research Department meetings (or timely receipt of the minutes)
  4. Instill a discipline of capturing insider account identities from all know-your-client forms and making the data readily available to all supervisory staff. Include all accounts over which Insiders wield authority.
  5. Ensure Grey List trading reviews cover:
    • all accounts at the Dealer, including inventory or proprietary accounts
    • related instruments or those that are derivatives of Grey List securities
    • employee-and associate /related accounts outside the Dealer
    • accounts of Insiders of the Issuer
  6. Establish clear actions to be taken in the event that questionable trading is detected.
  7. Provide in advance an adjudication process for possible exceptions.
  8. Provide in advance procedures for managing research on Grey list issuers.
  9. Include a review of the effectiveness of the Grey List among the Dealer other containment practice review efforts.
  1. Restricted Lists

The Restricted List is a list of issuers with whom the Dealer has a current, publicly disclosed involvement requiring restrictions on the Dealer’s trading or advising activities.

  1. Establish policies and procedures regarding:
    • the kinds of events that should see a security, or family of securities, added to or removed from the Restricted List,
    • the process for having issuers added to or removed from the Restricted List,
    • the information to be contained on the Restricted List, including dates and time of all additions and deletions,
    • the person(s) charged with maintaining the Restricted List,
    • the distribution of the Restricted list,
    • the archiving of the Restricted list, and
    • the means by which the list will be applied to the Dealer’s continuous self-supervision activities.
  2. Ensure all updates to the List are duly authorized, duly recorded, and disseminated to all affected on a reliable and timely basis.
  3. Train all persons involved in taking orders and handling trades on the restrictions on trading of issuers on the Restricted List. If there are various categories of restriction, ensure these are clearly explained to affected employees and their supervisors.
  4. Ensure Restricted List reviews cover
    • all accounts at the Dealer, including inventory or proprietary accounts,
    • related instruments or those that are derivatives of Restricted List securities, and
    • employee and associate/related accounts outside the Dealer.
  5. Establish clear actions to be taken in the event that questionable trading is detected.
  6. Provide in advance an adjudication process for possible exceptions.
  7. Provide in advance procedures for managing Research reports, sales literature and investment recommendations on Restricted List issuers.
  8. Include a review of the effectiveness of the Restricted List among the Dealer’s other containment practices review efforts.
  1. Applicable rules

IIROC Rules this Guidance Note relates to:

  • section 3508, and
  • Rule 3900.
  1. Previous guidance note

This Guidance Note replaces MR0377 – Guidelines for Confidential Information Containment.

  1. Related documents

This Guidance Note was published under Notice 21-0190 - IIROC Rules, Form 1 and Guidance.

  1. Appendices

Appendix:

There are “red flags” that indicate possible insider trading activity. Dealers should have trading surveillance which would detect this kind of activity and train their employees to watch for and report any suspicious client activity to management.

Since an order for an insider must be so indicated upon entry, a Dealer’s compliance department should have available a report of all insider trades.  The report could provide a basis for trading reviews to identify the following:

  1. A change in the pattern of trading activity of an insider account from inactivity to trading, or from buying and selling to abruptly aggressively buying or selling a significant position in the security.
  2. Immediate buying or selling of a significant inside position by a new insider account.
  3. Orders placed by an insider outside of the recent trading range, for example, a buy order at $1.20 when the recent trading range was from $.90 to $1.00.
  4. An insider account making a significant profit on a quick flip in the security, or liquidating the security position and then re-establishing it at a more favorable price.
  5. New accounts (non-insider accounts, but may be nominee or “tipped” accounts) that immediately take a substantial position in the security which is traded for a quick profit.  The accounts may belong to a nominee or have received an insider tip.
  6. A pattern of consistent profitable trading by an insider or other account in the security prior to a news release.
  7. Trading activity by insider accounts and the accumulation of significant positions in the security by other accounts immediately prior to the security being placed on the Dealer’s Grey List or during the time the security is on the Dealer’s Grey List

Dealers’ reviews of Grey List or Restricted List trading should include insider accounts (as referenced above).

Dealers should ensure that all their traders and Regulated Persons are aware of their Gatekeeper obligations (per the Universal Market Integrity Rules) to report suspected insider trading violations to their respective compliance departments.

“Dealers should ensure that all their traders and IAs are aware of their Gatekeeper obligations (as per the recent UMIR implementation) to report suspected insider trading violations to their respective compliance departments.”