Don’t Run the Risk

Avoid insider trading liability by staying alert to insider trading risks and taking steps to protect against illegal acts.


DISCLOSURES OF FAULTY PRACTICES at public companies have led to restrictions on services a CPA may provide to audit clients.

IN 2001 AUDITOR INDEPENDENCE RULES gave CPAs more freedom to buy and sell securities, increasing the risk that firms may violate laws against insider trading.

THE SEC SAYS AN INDIVIDUAL with “material, nonpublic information” about a security or its issuer must either abstain from trading in the securities of the company or he or she must properly disclose what is known before buying or selling them. Violators are subject to stiff civil penalties.

THE COURTS AND THE SEC APPLY three sets of rules to decide whether insider trading has taken place: traditional (information stemming from a relationship of trust with an entity or its shareholders), misappropriation (information disclosed in confidence) and tender offer (information about a company that’s in play).

UNDER TRADITIONAL RULES, all partners and employees (including non-CPA staff) are fiduciaries for all clients of the firm regardless of whether they perform audit or nonaudit services.

TO AVOID BREAKING THE LAW, a firm should solicit insider trading advice from experienced securities lawyers. Then it must identify risky situations, develop a written policy to manage them and be sure that all staff members understand its procedures.

SUSAN IVANCEVICH, CPA, PhD, is an assistant professor at the University of North Carolina at Wilmington. LUCIAN C. JONES, JD, and THOMAS KEAVENEY, CPA, are executives in residence at the University of North Carolina at Wilmington. Their e-mail addresses are, respectively, , and .

ecent disclosures of faulty practices at Enron and WorldCom have put CPA conduct under a microscope. They have led, too, to the 2002 passage of the Sarbanes-Oxley Act, with its sweeping changes to the U.S. financial reporting system and restrictions on services a CPA may provide to audit clients. Nevertheless, changes in auditor independence rules in 2001 gave CPAs more freedom in managing their personal stock portfolios to buy and sell securities issued by their firm’s clients. The changes increased the risk that CPAs and their firms might inadvertently violate laws prohibiting insider trading unless they have careful procedures in place to avoid that possibility.

Partners and staff face tough decisions when managing the insider trading risk inherent in the freedom to buy and sell securities. It’s a responsibility that requires a meticulous response in this post-Enron, Sarbanes-Oxley Act era. Many large accounting firms now have internal legal task forces to consider insider trading issues, and all accounting firms need to be aware of new insider trading risks. Smaller CPA firms may not yet have safeguards against them in place, however. This article summarizes insider trading laws, presents four common scenarios to illustrate how insider trading risks may arise in accounting firms and recommends steps CPAs and their firms can take to manage those risks. (For more information on SEC Rule 2-01 revisions, see “ The Engagement Team Approach to Independence, JofA , Feb.01, page 57.)

Rules under the Securities Exchange Act of 1934 make it unlawful for any person, in connection with the purchase or sale of a security (publicly traded or not), to engage in any action that deceives or would operate as a fraud upon any person.

In general, insider trading occurs when a person has “material, nonpublic information” about a security or its issuer and buys or sells that security. The SEC says an individual with such inside information either must abstain from trading in the securities of the company or properly disclose what he or she knows before buying or selling them. Violators of these rules are subject to civil penalties of up to three times the illegal profits gained or losses avoided by the insider trading plus criminal penalties. Criminal penalties for individuals may be a fine of as much as $5 million, prison for as long as 20 years—or both. Courts also permit injured private parties to sue for damages.
Penalties Can Be Stiff
A conviction for profiting by just
over $10,000 in an illegal insider
trade would lead to a mandatory jail
sentence of 8 to 14 months.

Source: Matthew Haverstick of Barley, Snyder, Senft & Cohen LLC, .

To decide whether insider trading has taken place, the courts and the SEC apply three sets of rules: traditional, misappropriation and tender-offer rules (see “ Insider Trading Risk in Practice ,” at the end of this article).

The scenarios below illustrate situations in which CPA firms are likely to face insider trading risks. In each situation traditional insider trading rules apply to information anyone in the firm gets from a firm client. If that information is about a tender offer, the tender offer rules could apply as well. If a firm partner or employee discloses the inside information to a confidant who is not a firm partner or employee, then the misappropriation rules may apply.

1. A partner of a CPA firm owns stock in a firm client. She does not participate in any attest engagements for this client, is not in a position to influence the client’s attest engagements or the professional staff performing those engagements and works in an office of the firm that performs none of the attest work for the client. At a recent meeting, this partner learns about certain nonpublic activities of the client that are not material in and of themselves. But the partner combines that information with other publicly available information about the client or the industry and concludes that the client’s stock price will decline. Can she sell the stock without violating insider trading rules?

Recommended action: The partner in this case may believe the information about the client was not material and that a sale of the stock would be lawful. But since the nonpublic information led the partner to sell, others might conclude the information is by definition material and that the sale is unlawful insider trading. To avoid liability risk, the partner should make no sale until after the information becomes public.

2. A partner in a CPA firm is responsible for attestation engagements for a client of the firm. He maintains his independence from the client. The partner learns the client has pending a significant acquisition of another company that will be announced to the public at the end of the week. What responsibilities under insider trading regulations does that partner have when disclosing the information to other partners? If informed, what responsibilities do the other partners have under the insider trading rules?

Recommended action: To minimize insider trading risks, the partner might decide not to share what seems to be material nonpublic information with anyone in the firm other than those individuals with a need to know who are also required to be independent of the client. This might include members of the audit team, reviewing partners and others directly involved. If the partner does share the information with others, they should be advised the partner believes the disclosure is of material nonpublic information that shouldn’t be communicated to others outside the firm or acted on (buying or selling stock of the client or the acquisition target) before the information becomes public. All recipients of the material nonpublic information, whether appropriately advised by the partner or not, should be aware of their potential liability under the insider trading rules if they buy or sell stock of the client or the target, or disclose the material nonpublic information outside the firm, before the information becomes public.

3. Several partners in a CPA firm serve clients in the same industry, both in attest and other capacities. Quarterly, they get together to share ideas and discuss industry conditions based on public information and insights gained in the course of serving their clients. These meetings are very helpful to the partners in designing audit strategy that adds value both to attest and to other services they provide. Some partners who participate in the meetings hold stock in clients they do not serve in an attest capacity. When holding these meetings, what “ground rules” should the partners observe in order not to violate the insider trading rules?

Recommended action: At the beginning of each meeting, all partners could disclose the names of the industry companies in which they have a financial interest. All partners attending could also, as a routine matter, acknowledge their understanding of the insider trading rules and their obligation to comply with them with respect to material nonpublic information shared at the meeting.

4. A manager, a senior and two staff members (including one who is not a CPA) are sitting in a “bull pen” area of their firm’s office when they overhear two employees discussing material nonpublic information about a firm client. None of the eavesdroppers is a member of this client’s engagement team. Under the new independence rules, none of the eavesdroppers is required to remain independent of this client. What rules apply regarding whether the eavesdroppers are “innocent” and can act on or share that material nonpublic information with others?

Recommended action: It is clear these eavesdroppers aren’t “innocent.” They are subject to the traditional rules (applicable to fiduciaries) and may not buy or sell stock of the client until after the material nonpublic information becomes public. Nor would it be prudent for them to disclose the information outside the firm, as this would violate the confidentiality requirement in the profession’s code of ethics and risk their personal and firm liability for being “tippers” of inside information.

CPA firm staff members who buy or sell securities must adhere to high ethical standards in all cases, and to avoid breaking the law, partners and staff need to follow stringent safeguards. To help shape them, a firm first should solicit advice from lawyers experienced in insider trading matters. Next, it must analyze its business in order to

Identify types of situations where material, nonpublic information may be exchanged (such as staff meetings or by circulating written materials within the firm).

Take steps to manage the risk in those situations (remind administrative staff members that they cannot trade on or disclose material nonpublic information gleaned from memos they prepare or learned from anyone else in the firm).

Be sure all staff members grasp firm policies and procedures; have them take training in insider trading rules and have printed guidelines on the subject that they must read and confirm their understanding of in writing.

Include the following elements in a formal firmwide approach to insider trading risk management:

Firmwide education. To teach the staff about insider trading rules and keep the issue at the forefront, have an expert talk to the staff on insider trading issues at scheduled intervals, such as annually. Lawyers and law professors whose current practice or teaching is substantially devoted to securities law and insider trading issues can bring in the right expertise. To find one, ask for recommendations from business professionals in the area.

Written firm policy. Develop a policy statement and have each partner and employee sign it to acknowledge their understanding of, and agreement to abide by, insider trading rules and the firm’s securities policy. This may reduce partnership liability if a partner or employee commits a violation. To develop a policy, find a law firm that prepared its own insider trading guidelines and hire it to adapt them to your accounting firm. Have legal counsel tailor a statement to your practice and investment needs. Ask the bar association or business professionals in the area for a recommendation.

The narrowest policy, of course, is to not buy or sell securities issued by a client. A slightly broader policy would prohibit buying or selling securities issued by a client designated on a firmwide “restricted” list as a client about whom the firm may have material nonpublic information. Another alternative: Permit firm personnel to trade clients’ securities only when they’re held indirectly through a mutual fund (the fund and manager should not be firm clients) or in a discretionary investment account, where someone unconnected to the firm (that is, free from access to its nonpublic information) independently decides what securities to buy or sell.

Committee to regulate securities transactions. To provide greater flexibility, the firm could permit personnel to buy or sell securities issued by a client only if the purchase or sale is approved in advance by a firm committee in charge of preventing insider trading. This committee would comprise several CPA firm partners trained in insider trading issues and having authority to monitor compliance with the independence rules and to oversee every security transaction.

To be effective, they would need a data system to keep them current on all firm clients, the staff working for each client and whether the types of engagements for that client were likely to result in the firm’s having inside information about it or another company (such as a target the client plans to acquire). To OK a trade, a committee member would check the data to ascertain whether the firm might have inside information. If there was no risk of unlawful insider trading, the member could approve the trade. If risk was present, the member could block the trade. A committee partner, of course, would not participate in any decision about a security he or she wished to buy or sell.

Again, to set up such a committee, retain a law firm that uses a comparable structure and can adapt it to the needs of the accounting firm at relatively little cost.

Many in the profession encouraged the SEC and AICPA to adopt new engagement team rules. Relaxing those rules clearly gave CPA firms more flexibility in maintaining independence. But scrutiny under the insider trading laws and the oversight of CPA firm partners and employees have tightened. Together these two trends increase the possibility of potential insider trading violations for CPA firms.

In this environment CPA firms now must take steps to effectively manage insider trading risks. They must adopt and actively implement a system to block unlawful insider trading by their partners and employees, keeping in mind that no matter how strong the system, a key factor for success will continue to be hiring smart, well-educated people who exercise good judgment.

Insider Trading Risk in Practice

CPA firms are subject to the three types of insider trading rules in the following ways:

Traditional rules. These place liability on fiduciaries and their “tippees.” Fiduciaries are persons whose professional activities put them in a relationship of trust and confidence with a corporation or its shareholders. They include directors, officers and outside advisers such as lawyers, investment bankers and accountants. Fiduciaries who receive confidential information in the course of their work with a company are technically “insiders” and violate trading rules if they

Trade in the securities of a company while possessing material nonpublic information about it.

Disclose material nonpublic information to others, knowing it is confidential and expecting to profit from the disclosure. (Their personal gain need not be substantial; even a thank-you gift from a friend may suffice.)

Tippees are people with no fiduciary obligation to the company to whom an insider discloses material nonpublic information. A tippee violates insider trading rules if

He or she trades in the securities of the company while in possession of such information.

The tippee knew or should have known that the insider violated a relationship of trust by disclosing the information.

The insider intended to benefit himself or herself or the tippee through the disclosure.

CPA risk. Under these traditional rules (and general partnership law), all of a firm’s partners and employees (including non-CPA staff) are fiduciaries for all clients of the firm. So even a partner or employee who’s not on the audit engagement team is a fiduciary for an audit client, and a partner or employee is a fiduciary for all nonaudit clients of the firm. In addition, general partnership law treats information known by any partner or employee as legally “known” by all partners and employees. Partners and employees who trade in a client’s securities may subject themselves and may subject the firm to insider trading liability if anyone else in the firm has material, nonpublic information about the client.

Misappropriation rules. These extend insider liability beyond fiduciaries and their tippees to others, who incur liability if

The insider gets information that belongs to another (usually the information source).

The insider breaches a duty of trust (assumed or overt) to the source to keep that information confidential. The breach occurs if the insider uses the information to buy or sell securities or passes it on to someone else who uses it.

Further, the SEC says that under the misappropriation rules a person may have a duty of trust or confidence when

He or she agrees to keep information in confidence.

The person disclosing the information and the recipient have a history, pattern or practice of exchanging confidences.

He or she gets material nonpublic information from his or her spouse, parent, child or sibling, unless the person getting the information can demonstrate that no duty of trust or confidence existed in relationship to that information.

In contrast, “innocent” eavesdroppers may be free of insider trading liability if they have no fiduciary duty to the relevant company and accidentally overhear material, nonpublic information about it. To be innocent, eavesdroppers have to be able to show that neither traditional nor misappropriation rules apply.

For instance, assume that at a Friday lunch, a couple sitting in a restaurant overhear two unknown persons discussing that two large brokerage houses are going to issue a “strong buy” recommendation for Megabucks Inc. The woman immediately calls her broker and buys a significant number of shares of Megabucks stock.

On Monday the stock increases five points and she sells. If she subsequently is accused of insider trading, she will not have violated the law if she can persuade a jury that neither traditional nor misappropriation rules apply. She would have to convince the jury that she had no relationship of trust or confidence with Megabucks and that she didn’t get the inside information from someone with whom she had a relationship of trust and confidence.

Although some defendants have avoided liability as innocent eavesdroppers, it is likely the government will prosecute, civilly or criminally, and the eavesdropper will incur considerable defense costs. A prudent recipient of information should not trade in a security without first getting expert legal advice for his or her specific circumstances.

CPA risk. Under misappropriation rules, a firm’s partners or employees who learn from a client material, nonpublic information about a nonclient company may subject the firm to liability by buying or selling that company’s securities.

Tender-offer rules. The Securities Exchange Act has stricter rules regarding tender offers. Once someone takes a “substantial step” to begin a tender offer for shares of a public company, the rules apply to two groups.
The first group includes traditional insiders (such as the offering company, the target company and their respective officers, directors, partners, employees, advisers and anyone acting on their behalf) plus each person who gets material information about the tender offer and knows or has reason to know the information is nonpublic. People in this group may pass on information about the tender offer to those who are planning, financing, preparing or executing it. They may not disclose material, nonpublic information about the offer if it’s reasonably foreseeable that doing so is likely to result in a violation of insider trading laws.

The second group includes anyone who gets material information about the tender offer directly or indirectly from the offering company, the target or any officer, director, partner, employee or other person (such as the offering company’s CPA) acting on its behalf. No one in this group may buy or sell any security of the target until a reasonable time after public disclosure of both the material information and the source of those data.

CPA risk. Under the tender offer rules, partners or employees who learn of a tender offer before it’s publicly announced may incur liability by buying or selling the target’s securities or simply by disclosing the information to someone not entitled to know.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.