TheCorporateCounsel.net

Broc recently blogged about the insider trading case involving an Equifax executive. While it appears on the surface to be pretty plain vanilla, this McGuireWoods blog says that the case may be pushing the envelope when it comes to what “knowledge” is required to support insider trading charges. This excerpt points out what’s unusual about the case:

Both the SEC and DOJ acknowledge in their charging papers that, at the time of his trading, Ying was not “aware” of Experian’s data breach – at least not explicitly. Indeed, when he traded, Equifax had disclosed this information to only a select few insiders, of which Ying was not one. To the contrary, Equifax had explicitly lied to Ying and told him that the data breach he and his team were working on was for an Equifax client.

As one of Equifax’s business lines is assisting clients with data breaches, this explanation seemed plausible. As time went on, however, the behavior of his superiors and colleagues made Ying suspicious that there was no “client” and that it was Equifax that had been breached. Based on his suspicions, Ying exercised his outstanding Equifax options and sold his shares.

But suspicions were all they were – Ying is alleged to have “put 2 and 2 together” according to the SEC’s Complaint. Indeed, Equifax did not reveal to Ying that it was the hacking victim until days later. Nevertheless, notwithstanding his avowed lack of actual knowledge, Ying was charged with criminal insider trading by the DOJ and sued civilly by the SEC.

When you put it that way, this case looks a little more interesting. When you consider that Bloomberg’s Matt Levine recently flagged a 2010 insider trading case involving similar guesswork that the SEC lost – it becomes downright fascinating. Don’t forget our upcoming webcast: “Insider Trading Policies & Rule 10b5-1 Plans.”

Insider Trading: Equifax Highlights Need for “Data Breach” Trading Halts

While we’re on the topic of the Equifax insider trading case, this Patterson Belknap blog says that the case – along with the SEC’s recent cybersecurity disclosure guidance – has at least one important takeaway for public companies:

In updated cybersecurity disclosure guidance issued by the SEC last month, the Commission highlighted the risk posed by insiders who trade securities between the time a breach is discovered and its public disclosure. As we noted in our recent client alert, the Commission “encourages” public companies to implement policies and procedures – including internal controls – to prevent trading on material non-public information relating to cybersecurity risks and incidents.

The guidance should spur companies to revisit their incident response plans, and if appropriate, consider imposing a temporary trading halt for insiders in defined circumstances. Companies would be “well-served,” suggests the SEC, by implementing a trading halt plan while investigating and assessing data breaches.

The trading halt plan should be part of comprehensive efforts to ensure that codes of ethics & internal policies properly anticipate the heightened risk of insider trading during a breach incident. By the way, Mark Borges extensively analyzed Equifax’s proxy statement in his blog over on CompensationStandards.com.

ICOs: This is Why We Can’t Have Nice Things. . .

This DLA Piper memo reviews the whirlwind of enforcement activity currently surrounding the cryptofinance industry. There seem to be a fair number of bad guys out there, but it’s important not to paint everybody with the same brush. For instance, this FT Alphaville story about Savedroid’s ICO & the world’s least funny practical joke shows that not every person involved in a sketchy looking deal is a crook – some are just knuckleheads.

– John Jenkins