October 25, 2023
Insider Trading Policy Updates: Who Approves?
A perennial question that we receive when suggesting updates to a company’s insider trading policy is whether board approval of the policy or any changes to the policy is required. We address this question in the Insider Trading Policy Handbook available in the “Insider Trading Policies” Practice Area as follows:
While the insider trading policy has been an integral part of companies’ compliance programs for many years, the question continues to come up from time to time as to what level of authority in an organization needs to approve the insider trading policy and any changes to the policy. There are no specific legal requirements on this point, but it is typically advisable for the board of directors (or a committee of the board of directors) to consider and adopt (or amend) the insider trading policy. With the SEC’s 2022 rules, companies will also need to file their insider trading policies and procedures as exhibits to Forms 10-K and 20-Fs, so boards should have a say in reviewing the policy. Our model policy includes model resolutions for the board to consider in approving the policy.
While the SEC’s 2018 cybersecurity guidance is silent on the topic, it is clear that the SEC expects to see board level involvement in the management of risk, which would include the risk of improper trading in the company’s securities around the time of a cybersecurity breach. Given these expectations, the board (or a committee) is best equipped to provide the level of oversight necessary over the insider trading policy and the implementing procedures, and would likely expect in most circumstances to be involved in the decision-making regarding such matters.
My approach to the approval of various corporate policies over the years has always been: “When in doubt, have the board (or an appropriate committee of the board) approve the policies.” It is important for the directors to have visibility into key corporate policies in exercising their oversight duties, and you certainly do not want them to be surprised by any company policies if an issue arises down the road.
– Dave Lynn