On September 10, 2019, Corporate Counsel published the second article of a three-part series from Bass, Berry & Sims attorneys Michael Rivera and Abby Yi highlighting important policies and training guidelines related to insider trading. The first article, which may be viewed here, offers guidance on how to mitigate risks associated with remote working employees who may unintentionally share confidential information with others. The second article unpacks recommendations to comply with Securities and Exchange Commission (SEC) guidance to public companies stating that insider trading policies and procedures should address cybersecurity risks.

Cybersecurity has been a top priority for the SEC over the past several years. One area of focus for the SEC in the cybersecurity context has been the impact of cyber risks and incidents on public companies.  In response, in February 2018, the SEC issued its “Commission Statement and Guidance on Public Company Cybersecurity Disclosures.”  Among other issues, this SEC release addressed the application of the insider trading prohibitions in the cybersecurity context and expressed the SEC’s view that it is important for companies to have well designed policies and procedures to prevent trading on the basis of material non-public information, including information relating to cybersecurity risks and incidents.

“In light of the SEC’s purposeful effort to warn and guide public companies on insider trading risks in the cybersecurity context, we recommend that in-house counsel review their company’s policies and procedures and revise as needed to comport with the guidance.”

The full article, “Insider Trading Policies and Training: Time for a Refresher? Part 2,” was published by Corporate Counsel on September 10, 2019, and is available online. The first article in the series was published August 23, 2019, and is also available online here.