Companies need to control the number of employees with access to unpublished price sensitive information (UPSI) while junior employees privy to such confidential data should also be kept under the scanner, says financial services advisory KPMG.
The observation gains significance on the back of the ongoing probe by market regulator Sebi into circulation of such information through social media groups prior to financial results in the June quarter when financial details of various major corporates were circulated on Whatsapp groups before they were made public.
According to KPMG India partner for forensic services Sudesh Shetty, there is a need to “limiting the access of social media or instant messaging platforms during sensitive time period”.
“Monitoring of incorporated standard operating procedures around UPSI and its adherence is critical. It is not just the action on individual’s trade which should be looked upon. While ability to track and trace movement of UPSI should be a dedicated function within the secretarial and legal team,” Shetty told PTI.
Shetty also believes that companies should record such conversations, build control rooms for handling period-end activities, block access of instant messaging activities, controls printers, super-user and controlling administrative rights, among others.
“Technological controls, if configured right, allow an organisation to pick the bread crumbs/trail left behind by any. This helps in identifying perpetrators on the inside and or colluders on the outside who could be brought to the regulators for timely action,” Shetty said.
“Organisations need to periodically review the laid-down controls and test its effectiveness while they also need to control the number of employees having access to UPSI information,” Shetty said.
Such gaps, he said do not just exist at the corporate sector only but brokers, analysts, large fund houses, promoters, bankers and financial institutions also get privy to unpublished price sensitive information.
The Securities and Exchange Board recently directed HDFC BankBSE 0.57 % and Axis Bank to conduct internal enquiry into the issue and strengthen their existing systems to avoid any leakage of important and confidential data. Details of 12 other banks, including HDFC Bank, was leaked on social media.
Noting that Sebi’s laws to check insider trading activities “is appropriate” Shetty said, “but proper and effective implementation and enforcement of these rules are more important”.
“Evaluation of definition of insider (limiting to senior employees) by organisations appears to be a gap in practise. Many junior employees also get access to UPSI information,” he added.
As per a recent KPMG-Assocham white-paper titled ‘Insider Threat- Safeguarding UPSI’ technology has opened multiple ways in which perpetrators can get access to key financial information.
KPMG’s data theft related investigations have revealed that lack of data classification, malware attacks and phishing have made companies prone to data theft.