Impact of Illicit Employee Activity at Financial Companies
Online communities focused on the stock market have brought a new force into the financial world. Professional investors employed by financial companies are dipping their toes into these communities. As a result, courts and lawmakers are determining if these professional investors and their employers are responsible for the consequences.
The GameStop Saga
In January 2021, amateur investors were alive with excitement as they piled money into Gamestop and other so-called meme stocks. The episode of financial frenzy brought worldwide attention to the hype, scams, and inequality. The early investors got rich, while the late-comers were left with losses. Hedge funds were caught in a short squeeze. The drama had all the makings of a Hollywood story, which is planned. The details surrounding the Robin Hood trading app and the narrative of the little guy versus big guy are beyond the scope of this blog.
The people driving this hype were active on Reddit’s WallStreetBets subreddit and in other social media venues. The people behind these mass-movements gained fame. Some of them also likely gained a fortune. For non-professional investors, this boom or bust will play out in the form of new gains or losses, and a tax at the end of the year.
If a professional investor is involved, the dynamics are much different. With professionals, regulatory agencies come into play. The FINRA (Financial Industry Regulatory Authority) regulates the activity of brokers. They are a non-profit self-regulating entity. The SEC (Securities and Exchange Commission) oversees FINRA and has similar regulations. They are a government entity. These organizations are looking into what happened.
This interest is illustrated in the case of Keith Gill, also known as Roaring Kitty. Gil was the leader of the pack of traders and a registered security broker. He is under fire along with his former employer MassMutual. A recent lawsuit was filed against him and MassMutual in Massachusetts. “Gill’s deceitful and manipulative conduct not only violated numerous industry regulations and rules, but also various securities laws by undermining the integrity of the market for GameStop shares,” the lawsuit said.
Employees in the financial industry have millions at their fingertips. Ensuring this power is used for the company employing the people is important. The FINRA is quite clear when it comes to activities that are allowed. The responsibility is for employees and employers. “Firms must have the ability to supervise the business-related content associated persons are communicating on these sites, including possible suitability determinations if recommendations are made.” The guidelines for social media usage amongst firms and individuals include:
All communications must be fair, balanced and complete and not omit material information.
False, misleading, promissory, exaggerated or unwarranted statements or claims are prohibited.
Communications may not predict or project performance (with certain exceptions).
If FINRA determines that the broker is making inappropriate posts while employed by a firm, both parties could be liable. The situation is a novel one, as the social media hyped trading activities have never been encountered before. In the end, it could be determined that both the company and the employee are liable. Professional brokers dipping their toes into the free-for-all of speculative investing is a trend that is going to continue.
Prevent Illicit Insider Activity
For financial services companies, explaining to your employees what activities are or are not allowed is the foundation. Your employees should undergo regular training protocols for social media and website usage. There should be an Acceptable Use Policy (AUP) in place that employees can reference.
Ensuring your employees are complying with regulations is important. There are additional steps organizations to ensure there is no unauthorized insider activity. Security Information and Event Management (SIEM) systems take in logs related to events and analyze them for threats. This process happens 24×7 either internally or with the assistance of a Managed Security Service Provider (MSSP) or part of a Managed Detection and Response (MDR) solution.
An employee’s behavior can also tarnish the company’s brand in the eyes of customers or shareholders. Insiders can also pose a cybersecurity risk if they fail to follow the policy. Whether intentional or not, employees can inflict great harm on the organization they work for.