Broker-dealers are not doing enough to protect non-public information, according to industry regulatory groups.

The Financial Industry Regulatory Authority, Securities and Exchange Commission and the New York Stock Exchange examined 19 small and large firms as part of a case study on best and worst practices for managing the conflicts of interest at broker-dealers. In the 52-page report, examiners from the SEC concluded that a number of risks remained in the classification, reporting and handling of material non-public information that could be misused for unfair profit.

"The report illustrates the types of conflicts of interest that may arise between a broker-dealer's obligations to clients that provide confidential information for business purposes and the potential misuse of such information for insider trading or other improper ends," Carlo di Florio, director of the Office of Compliance Inspections and Examinations, said.

The study was reminiscent of a previous report, "Broker-Dealer Policies and Procedures Designed to Segment the Flow and Prevent the Misuse of Material Nonpublic Information" done by the SEC in 1990. Both reports examine firms' compliance with Exchange Act Section 15(g), which requires broker-dealers to "establish, maintain and enforce written policies and procedures reasonably designed, taking into consideration the nature of their business, to prevent its misuse in violation of the securities laws by the broker-dealer or associated persons."

While the regulatory staff concluded that the guidelines put forth in the 1990 study had generally been followed, they report identified four primary trouble spots for broker-dealers today. It did not refer to any of the firms surveyed by name.

In many cases, informal discussions between individuals from public and private sides of a firm took place and remained concerned that many of these risked sharing insider information. "A significant amount of interaction between groups that have [material non-public information] and external groups that have sales and trading responsibilities occurred on an informal [undocumented] basis."

According to the report, some of the risks arose because of the difficulties of categorizing which information constitutes material non-public information, which according to case law occurs when "there is a substantial likelihood that a reasonable shareholder would consider it important" or "would have been viewed by the reasonable investor as having significantly altered the 'total mix' of information available." In one instance, the study found that one broker-dealer considered all transactions within investment grade securities offerings and credit extensions immaterial.

"The staff believes that registered broker-dealers have a responsibility to make reasonable judgments regarding the materiality of such information," the report said. "The staff would strongly urge broker-dealers to exclude categorically transactions."

Another issue was that the reporting of sensitive information to the compliance department was often delayed, the examiners said. Broker-dealers were waiting until after deals and announcements had already taken place to document their non-public dealings because they were often too busy or were waiting to see whether the information was important enough to mandate monitoring.

"Some broker-dealers wait until the materiality assessment has been conducted. As a result, the processed delayed placement on a monitoring list even though the brokers already had possession of [material non-public information]," examiners said.

The report found that disclosure was also lax with regards to "above-the-wall" executives who had access to both public and material private information.

"The lack of documentation or other controls when [material non-public information] is disclosed to above-the-wall executives may, in certain circumstances, result in activities in violation of the securities laws," regulators said.

Moreover, technology had changed the way sensitive data is accessed and many physical "information barriers" were no longer sufficient. While keycards and separation by floor helped to prevent some cross-sharing between public and private groups (such as walking by a computer screen), examiners also encouraged broker-dealers to implement automated computer systems that would enable only certain employees to access data once they had been approved by compliance.

"Requests to download the information must be approved by a supervisor and forwarded to the appropriate support group," the report said. "Documents may not be downloaded or printed when accessing the network remotely."

The study was not entirely critical, however. Regulators applauded broker-dealers on some of the enhancements they had made to oversight over changes in the technology landscape: "The staff's review observed that broker-dealers were enhancing their controls in response to developments in business activities, technologies, and business structures," the report said.

Another best practice that examiners noted was that some broker-dealers were broadening the scope of their oversight to include other confidential information in credit swaps, loans, unit investment trusts, warrants, bond options, etc.

Many broker-dealers were also vigilant in monitoring who had access rights for key cards and computer networks as well as identifying which employees had accessed sensitive areas, according to staff.

Still, examiners said that monitoring information barriers would remain an on-going process for both parties.

"In order to comply with Section 15(g), broker-dealers should continually reassess both potential sources and uses of MNPI and whether reasonable controls are in place," the report concluded. "The staff identified certain areas in which practices were more informal, and the staff plans to continue to review such areas in future examinations."