The text message from the former Equifax CIO was a red flag: “Sounds bad. We may be the one breached.”

Federal prosecutors charged a former Equifax chief information officer (CIO) with insider trading, for selling nearly $1 million in company stock before the public disclosure of the Equifax data breach.

The former CIO of a U.S. business unit of Equifax, faces civil and criminal charges from the Securities and Exchange Commission and Department of Justice. The suit details a string of emails and text messages at the center of the charges.

The SEC lawsuit alleges that an email went out to several top executives at Equifax asking them to begin work immediately on an emergency project related to a “VERY large breach opportunity,” on August 25^th. The former CIO was one of the recipients. The former CIO sent a text message to one of his employees  “… Sounds bad. We may be the one breached. . . . Starting to put 2 and 2 together.” Later that evening, both men exchanged more texts and expressed that the breach situation was “crazy” stating that the company had “some crisis scenarios like this,” referencing Equifax’s Crisis Management Plan. Three days later, the former CIO exercised all of his available stock options. He made more than $1 million from the sale, avoiding more than $117,000 in losses. The SEC considers this activity securities fraud and illegal insider trading.

Takeaway

There are severe consequences for firms and individuals violating federal regulations.  The announcement marks the first criminal charge brought in one of the largest data breaches in history. The Equifax executive’s text messages are at the center of the federal charges because they mark the link between the action and the intent. This case reinforces the importance of capturing all electronic data. Insider trading and anti-money laundering cases rely on proof of both the bad actions and the intent behind the actions; reinforcing the value and importance of capturing and archiving all electronic data. It’s also critical to supervise your firm’s communications to prevent regulatory violations and reputational risk.  Monitoring electronic communications can be incredibly effective to find early indicators of any wrongdoing such as the sharing of non-public information

After the Equifax breach, the SEC released new guidance on stock trading when having non-public knowledge of security incidents. The SEC encourages companies to set up policies and procedures to prevent executives with knowledge of cybersecurity incidents from selling stock.

It is vital to your company’s security and reputation to archive all electronic communications data – including text messages. Partner with a comprehensive archiving vendor with email and mobile data content. Having a centralized archive to search for all your communication data is far more efficient and effective than separate solutions.

To help mitigate risk, firms should fully utilize their archiving platform and use the compliance tools to flag activities that may be illegal or may represent employees sharing confidential security incidents. For example, if employee conversations include risk phrases such as, “this is top secret,” “breach opportunity,” “crisis scenario,” or “sounds bad” the message will be flagged for review, indicating a potential violation. Communication surveillance must sufficiently incorporate search terms unique to market securities fraud or misconduct risks. Lexicon policies can help test and verify that your firm’s supervisory procedures are reasonably designed to achieve compliance with applicable regulations.

Supervision tools are essential for compliance and allow firms to conduct proper investigations into employee’s insider trading communications.  To learn more about how to set up powerful policies, and the benefits of supervision, visit our site or contact us.