Skip Repeated Content

Insider trading is a front-and-center issue for the SEC, and consequently must be for financial services firms as well. The SEC included misuse of material non-public information (MNPI) on its list of 2022 exam priorities for investment advisers. Moreover, SEC Chairman Gary Gensler recently gave an interview in which he emphasized the importance of firms taking measures to prevent insider trading, saying that “this comes down to trust in our capital markets and trust that there’s a level playing field… [and] that somebody doesn’t have an information advantage from material non-public information.” The latest reminder of this pronounced regulatory focus was a Risk Alert by the SEC Division of Examinations (“EXAMS”), which called deficiencies related to Section 204A of the Investment Advisers Act and implementing Rule 204a-1 (the “Code of Ethics Rule”) “among the most commonly observed” violations it encounters. Given the high priority the SEC has given to insider trading, and its frequency in exam findings, investment advisers should ensure that their policies and procedures, controls and staff training are tailored to their insider trading risks. 

Broker-dealers, although not necessarily subject to SEC Rule 204A-1, are subject to the Bank Secrecy Act (31 U.S.C. 5311) and Treasury Rule 31 C.F.R. 1023.320, which require them to file a suspicious activity report (“SAR”) with FinCEN when they see red flags. For dual registrant firms, insider trading potential raises a myriad of inter-related regulatory issues. 

In its recent Risk Alert, EXAMS highlighted the portions of Rule 204A-1 and Section 204A of the Investment Advisers Act which are most problematic for investment advisers.

Code of Ethics Rule violations (Rule 204A-1)

  • Access persons. Rule 204A-1 requires firms to track certain activities of their supervised persons who have access to information regarding client purchases/sales of securities or non-public recommendations regarding securities (“access persons”). Firms must require such access persons to report their securities holdings at least once every 12 months, to report their securities transactions quarterly, and to seek pre-approval before investing in IPOs or limited offerings. Some firms had inaccurate definitions in their codes of ethics of who was an “access person,” while others failed to identify all access persons at all.
  • Written acknowledgment of receipt of the code. Rule 204A-1 requires that firms provide to all supervised persons, whether or not they are access persons, a copy of the firm’s code of ethics. Supervised persons must acknowledge receipt in writing. Some firms’ codes did not reflect the “written acknowledgment” requirement of the rule, while some supervised persons did not receive copies of the code as required.

EXAMS also included in the Risk Alert what could be characterized as a “best practices” list of anti-insider trading processes not explicitly required by Rule 204A-1, but which would reduce risk.  Specifically, EXAMS suggested:

  • Including a requirement in the firm’s code of ethics that supervised persons may not trade stocks while those stocks are on the firm’s “restricted list”; and
  • Implementing procedures that prevent supervised persons from trading on investment opportunities before they are available to the public.

Violations of Section 204A of the Investment Advisers Act

EXAMS noted patterns of violations resulting from misuse of insider information from three sources:

  • “Alternative data.” EXAMS defined this as non-traditional insider data, such as aggregate data from credit card transactions and social media postings, internet search data, geolocation data, and high-altitude photography of crop fields and retail parking lots, among other sources. EXAMS found that firms fell short in their policies and procedures related to such data sources, particularly regarding due diligence. However, EXAMS did not note a particular provision of Section 204A that requires such diligence nor did it provide any particularized guidance on how firms could have improved in the area. Lacking any clarity on what EXAMS believed was the shortcoming, firms should be careful to consistently apply and document their due diligence procedures across all alternative data service providers.
  • “Value-add investors.” The Risk Alert defined value-add investors as “clients or fund investors that are corporate executives or financial professional investors” who likely serve as periodic sources of MNPI. EXAMS found that some firms lacked any specialized policies and procedures addressing such individuals, while other firms failed to appropriately identify these individuals or track the firm’s relationship with them.
  • “Expert networks.” According to EXAMS, such networks are paid to provide specialized information or research. EXAMS found that firms needed improved policies and procedures and better implementation related to tracking calls with expert networks and reviewing call notes. EXAMS also suggested reviewing trades by supervised persons of publicly traded companies in similar industries as those discussed in the calls.

Financial institutions should carefully review EXAM’s findings and observations in its Risk Alert.  If history is any guide, this Alert suggests that enforcement actions are already being contemplated in this space.  At a minimum, firms should carefully review their policies, procedures and training, to ensure that these findings and observations are promptly addressed, and certainly before EXAMS begins an examination of the firm.



This document provides a general summary and is for information/educational purposes only. It is not intended to be comprehensive, nor does it constitute legal advice. Specific legal advice should always be sought before taking or refraining from taking any action.