Late last month, I saw in the Securities Docket that two people were charged with insider trading after purchasing stock in advance of merger announcements that they learned about through their jobs as employees of an EDGAR filing agent. Apparently, they planned to leave the country but were thwarted when they were arrested by the FBI at JFK Airport. (I immediately thought Dave would be interested in that last part — since he recently shared that he was inspired to get a job at the SEC after seeing Gordon Gekko’s arrest in the movie Wall Street.)

Dramatic arrests aside, this Bryan Cave blog gives a practical take on this news and cites it as just one example of the special challenges public companies often face in protecting confidential information — especially when announcing material corporate developments and quarterly financial results. And it uses this news as an “opportunity” to share some best practices public companies can take to protect confidential information and internal controls public companies should develop surrounding public announcements. Among other things, the blog says those controls should include:

– Scrubbing metadata – or only using clean PDF formats – before releasing documents (or sharing via cloud collaboration). On some prior occasions, failures have allowed viewers to see:

• Tracked changes showing edits to sensitive documents.
• Comments showing internal disagreements over wording.
• Author names and timestamps showing the drafting timeline.
• Hidden text.

– Preventing premature posting, or mistaken posting of outdated versions, by:

• Establishing clear communications with financial printers, filing and transfer agents, as well as IR and website teams and other third party vendors with access to confidential or sensitive information.
• Evaluating drafting and review controls, including collaboration tools with audit trails, to avoid confusion over drafts or final versions.
• Maintaining formalized levels of review by legal, finance, IR, and other relevant teams.
• Reconciling SEC filings and press releases to ensure consistency.

– Evaluating controls for authorized release times, protocols for transmission to wire services and documentation of approvals from stakeholders.

– Periodically conducting testing for SEC filing and press release distribution protocols.

– Establishing procedures for promptly retracting or correcting erroneous communications, along with Form 8-Ks where appropriate.

– Reviewing or updating the external communications policy, including identification of parties authorized to speak to the media or analysts and related confidentiality obligations.

– Securing physical documents in locked drawers, whether at the office or at home.

– Evaluating third party agents for Edgarization or press release distribution, including with respect to their compliance policies, reputation, and employee training and confidentiality procedures.

It also highlights the need to remind employees of their obligations to protect confidential information, including by being careful about when and where they discuss a confidential topic. (That includes being careful at home — since I was immediately reminded of the WFH insider trading case from 2024.)

– Meredith Ervine