Don’t Run the Risk

EXECUTIVE SUMMARY

DISCLOSURES OF FAULTY PRACTICES at public companies have led to restrictions on services a CPA may provide to audit clients. IN 2001 AUDITOR INDEPENDENCE RULES gave CPAs more freedom to buy and sell securities, increasing the risk that firms may violate laws against insider trading. THE SEC SAYS AN INDIVIDUAL with “material, nonpublic information” about a security or its issuer must either abstain from trading in the securities of the company or he or she must properly disclose what is known before buying or selling them. Violators are subject to stiff civil penalties. THE COURTS AND THE SEC APPLY three sets of rules to decide whether insider trading has taken place: traditional (information stemming from a relationship of trust with an entity or its shareholders), misappropriation (information disclosed in confidence) and tender offer (information about a company that’s in play). UNDER TRADITIONAL RULES, all partners and employees (including non-CPA staff) are fiduciaries for all clients of the firm regardless of whether they perform audit or nonaudit services. TO AVOID BREAKING THE LAW, a firm should solicit insider trading advice from experienced securities lawyers. Then it must identify risky situations, develop a written policy to manage them and be sure that all staff members understand its procedures.

SUSAN IVANCEVICH, CPA, PhD, is an assistant professor at the University of North Carolina at Wilmington. LUCIAN C. JONES, JD, and THOMAS KEAVENEY, CPA, are executives in residence at the University of North Carolina at Wilmington. Their e-mail addresses are, respectively, ivancevichs@uncw.edu , joneslc@uncw.edu and keaveneyt@uncw.edu .

ecent disclosures of faulty practices at Enron and WorldCom have put CPA conduct under a microscope. They have led, too, to the 2002 passage of the Sarbanes-Oxley Act, with its sweeping changes to the U.S. financial reporting system and restrictions on services a CPA may provide to audit clients. Nevertheless, changes in auditor independence rules in 2001 gave CPAs more freedom in managing their personal stock portfolios to buy and sell securities issued by their firm’s clients. The changes increased the risk that CPAs and their firms might inadvertently violate laws prohibiting insider trading unless they have careful procedures in place to avoid that possibility.

Partners and staff face tough decisions when managing the insider trading risk inherent in the freedom to buy and sell securities. It’s a responsibility that requires a meticulous response in this post-Enron, Sarbanes-Oxley Act era. Many large accounting firms now have internal legal task forces to consider insider trading issues, and all accounting firms need to be aware of new insider trading risks. Smaller CPA firms may not yet have safeguards against them in place, however. This article summarizes insider trading laws, presents four common scenarios to illustrate how insider trading risks may arise in accounting firms and recommends steps CPAs and their firms can take to manage those risks. (For more information on SEC Rule 2-01 revisions, see “ The Engagement Team Approach to Independence, ” JofA , Feb.01, page 57.)

WHAT THE RULES SAY
Rules under the Securities Exchange Act of 1934 make it unlawful for any person, in connection with the purchase or sale of a security (publicly traded or not), to engage in any action that deceives or would operate as a fraud upon any person.

To decide whether insider trading has taken place, the courts and the SEC apply three sets of rules: traditional, misappropriation and tender-offer rules (see “ Insider Trading Risk in Practice ,” at the end of this article).

FOUR INSIDER TRADING SCENARIOS
The scenarios below illustrate situations in which CPA firms are likely to face insider trading risks. In each situation traditional insider trading rules apply to information anyone in the firm gets from a firm client. If that information is about a tender offer, the tender offer rules could apply as well. If a firm partner or employee discloses the inside information to a confidant who is not a firm partner or employee, then the misappropriation rules may apply.

1. A partner of a CPA firm owns stock in a firm client. She does not participate in any attest engagements for this client, is not in a position to influence the client’s attest engagements or the professional staff performing those engagements and works in an office of the firm that performs none of the attest work for the client. At a recent meeting, this partner learns about certain nonpublic activities of the client that are not material in and of themselves. But the partner combines that information with other publicly available information about the client or the industry and concludes that the client’s stock price will decline. Can she sell the stock without violating insider trading rules?

Recommended action: The partner in this case may believe the information about the client was not material and that a sale of the stock would be lawful. But since the nonpublic information led the partner to sell, others might conclude the information is by definition material and that the sale is unlawful insider trading. To avoid liability risk, the partner should make no sale until after the information becomes public.

2. A partner in a CPA firm is responsible for attestation engagements for a client of the firm. He maintains his independence from the client. The partner learns the client has pending a significant acquisition of another company that will be announced to the public at the end of the week. What responsibilities under insider trading regulations does that partner have when disclosing the information to other partners? If informed, what responsibilities do the other partners have under the insider trading rules?

Recommended action: To minimize insider trading risks, the partner might decide not to share what seems to be material nonpublic information with anyone in the firm other than those individuals with a need to know who are also required to be independent of the client. This might include members of the audit team, reviewing partners and others directly involved. If the partner does share the information with others, they should be advised the partner believes the disclosure is of material nonpublic information that shouldn’t be communicated to others outside the firm or acted on (buying or selling stock of the client or the acquisition target) before the information becomes public. All recipients of the material nonpublic information, whether appropriately advised by the partner or not, should be aware of their potential liability under the insider trading rules if they buy or sell stock of the client or the target, or disclose the material nonpublic information outside the firm, before the information becomes public.

3. Several partners in a CPA firm serve clients in the same industry, both in attest and other capacities. Quarterly, they get together to share ideas and discuss industry conditions based on public information and insights gained in the course of serving their clients. These meetings are very helpful to the partners in designing audit strategy that adds value both to attest and to other services they provide. Some partners who participate in the meetings hold stock in clients they do not serve in an attest capacity. When holding these meetings, what “ground rules” should the partners observe in order not to violate the insider trading rules?

Recommended action: At the beginning of each meeting, all partners could disclose the names of the industry companies in which they have a financial interest. All partners attending could also, as a routine matter, acknowledge their understanding of the insider trading rules and their obligation to comply with them with respect to material nonpublic information shared at the meeting.

4. A manager, a senior and two staff members (including one who is not a CPA) are sitting in a “bull pen” area of their firm’s office when they overhear two employees discussing material nonpublic information about a firm client. None of the eavesdroppers is a member of this client’s engagement team. Under the new independence rules, none of the eavesdroppers is required to remain independent of this client. What rules apply regarding whether the eavesdroppers are “innocent” and can act on or share that material nonpublic information with others?

Recommended action: It is clear these eavesdroppers aren’t “innocent.” They are subject to the traditional rules (applicable to fiduciaries) and may not buy or sell stock of the client until after the material nonpublic information becomes public. Nor would it be prudent for them to disclose the information outside the firm, as this would violate the confidentiality requirement in the profession’s code of ethics and risk their personal and firm liability for being “tippers” of inside information.

MANAGING THE RISK
CPA firm staff members who buy or sell securities must adhere to high ethical standards in all cases, and to avoid breaking the law, partners and staff need to follow stringent safeguards. To help shape them, a firm first should solicit advice from lawyers experienced in insider trading matters. Next, it must analyze its business in order to

Identify types of situations where material, nonpublic information may be exchanged (such as staff meetings or by circulating written materials within the firm).

Take steps to manage the risk in those situations (remind administrative staff members that they cannot trade on or disclose material nonpublic information gleaned from memos they prepare or learned from anyone else in the firm).

Be sure all staff members grasp firm policies and procedures; have them take training in insider trading rules and have printed guidelines on the subject that they must read and confirm their understanding of in writing.

Include the following elements in a formal firmwide approach to insider trading risk management:

Firmwide education. To teach the staff about insider trading rules and keep the issue at the forefront, have an expert talk to the staff on insider trading issues at scheduled intervals, such as annually. Lawyers and law professors whose current practice or teaching is substantially devoted to securities law and insider trading issues can bring in the right expertise. To find one, ask for recommendations from business professionals in the area.

Written firm policy. Develop a policy statement and have each partner and employee sign it to acknowledge their understanding of, and agreement to abide by, insider trading rules and the firm’s securities policy. This may reduce partnership liability if a partner or employee commits a violation. To develop a policy, find a law firm that prepared its own insider trading guidelines and hire it to adapt them to your accounting firm. Have legal counsel tailor a statement to your practice and investment needs. Ask the bar association or business professionals in the area for a recommendation.

The narrowest policy, of course, is to not buy or sell securities issued by a client. A slightly broader policy would prohibit buying or selling securities issued by a client designated on a firmwide “restricted” list as a client about whom the firm may have material nonpublic information. Another alternative: Permit firm personnel to trade clients’ securities only when they’re held indirectly through a mutual fund (the fund and manager should not be firm clients) or in a discretionary investment account, where someone unconnected to the firm (that is, free from access to its nonpublic information) independently decides what securities to buy or sell.

Committee to regulate securities transactions. To provide greater flexibility, the firm could permit personnel to buy or sell securities issued by a client only if the purchase or sale is approved in advance by a firm committee in charge of preventing insider trading. This committee would comprise several CPA firm partners trained in insider trading issues and having authority to monitor compliance with the independence rules and to oversee every security transaction.

To be effective, they would need a data system to keep them current on all firm clients, the staff working for each client and whether the types of engagements for that client were likely to result in the firm’s having inside information about it or another company (such as a target the client plans to acquire). To OK a trade, a committee member would check the data to ascertain whether the firm might have inside information. If there was no risk of unlawful insider trading, the member could approve the trade. If risk was present, the member could block the trade. A committee partner, of course, would not participate in any decision about a security he or she wished to buy or sell.

Again, to set up such a committee, retain a law firm that uses a comparable structure and can adapt it to the needs of the accounting firm at relatively little cost.

A FINAL POINT
Many in the profession encouraged the SEC and AICPA to adopt new engagement team rules. Relaxing those rules clearly gave CPA firms more flexibility in maintaining independence. But scrutiny under the insider trading laws and the oversight of CPA firm partners and employees have tightened. Together these two trends increase the possibility of potential insider trading violations for CPA firms.

In this environment CPA firms now must take steps to effectively manage insider trading risks. They must adopt and actively implement a system to block unlawful insider trading by their partners and employees, keeping in mind that no matter how strong the system, a key factor for success will continue to be hiring smart, well-educated people who exercise good judgment.