Data Loss Prevention

Protect against MNPI breaches with information barriers and intelligent DLP

by Marcus White
Published on 23rd Nov 2022

An information barrier is the physical or electronic separation of people within a firm that prevents confidential information from passing between them. They help prevent conflicts of interest, ensure that firms maintain compliance with regulations, and are widely used in finance. 

This article will explain how information barriers protect investment firms from breaches of material non-public information (MNPI). 

‘Information barriers,’ ‘ethical walls,’ and ‘Chinese walls’ – what’s the difference?

Information barriers are sometimes known as ethical walls, with the terms used interchangeably. However, they were initially known as ‘Chinese walls,’ an expression derived as a metaphor from the Great Wall of China and which came into use following the U.S. stock market crash of 1929 when to limit the conflict of interest, the U.S. government understood that it was important to maintain separation between investment banks and brokerage firms. 

The term ‘Chinese wall’ is gradually being phased out in an attempt to foster diversity within the financial services sector. While some firms have yet to update their documentation to match this advice, the terms 'information barriers' and 'ethical walls' are now much more widely used. In 2021, the UK’s Financial Conduct Authority (FCA) officially scrapped the use of 'Chinese wall.’

What is material non-public information (MNPI)? 

MNPI is information that could potentially impact the price of securities but has not been made public. To classify as MNPI, it must be significant enough to change a company's share price. 

Some examples of MNPI include learning:

  • That a company's pending earnings release will be significantly weaker than expected
  • The CEO of a company will resign next month
  • About a company's pending acquisition of another business

Why MNPI is important, and how it relates to insider trading

Insider trading involves the trading of a company's stock or other securities by employees with MNPI about the company. It is legal for insiders to buy and sell their company’s stock shares if they file their transactions with the Securities and Exchange Commission (SEC). However, it is illegal when MNPI holders use the information in their possession to give themselves an unfair advantage – regardless of how the MNPI was obtained.

For instance, if someone gains MNPI from a colleague and then shares it with a family member who uses it to profit in the stock market, then all three people can be prosecuted for the offence. 

The risks of breaching regulations

Breaching regulations can result in hefty fines and, in some cases, even imprisonment. Below are two recent examples of regulation breaches:

  • 2021: the FCA charged an ex-Goldman Sachs employee and his brother for fraud and insider trading after allegedly profiting from information about deals Goldman worked on.
  • 2022: the SEC charged two Chinese tech executives fines of $556,580 and $200,254 for insider trading following an investigation that revealed share sales made ahead of poor earnings.

Protection against MNPI breaches

Employee training, surveillance, reviews, and trading restrictions are all key ways to protect against MNPI breaches.

However, while many MNPI breaches result from the intentional sharing of information, breaches can also occur due to the unintentional sharing of information due to weak information barriers. 

Examples of breached information barriers are confidential conversations being heard by colleagues within a shared office or – as is increasingly the case as working from home has become more popular after the COVID-19 pandemic – employees accidentally sending emails to the wrong person within an organization. 

How information barriers work on Wall Street

Following the dotcom crash, regulators realized that weak disclosure requirements meant that big-name analysts were privately selling personal holdings of the stocks they were promoting. To prevent this, Congress, the National Association of Securities Dealers (NASD), and the New York Stock Exchange (NYSE) banded together to create new and improved regulations for the industry.

These regulations meant that Wall Street firms were forced to separate their research and investment banking departments. This strengthened the separation between analysts and underwriters and reformed compensation practices, given that analysts were no longer provided with a financial incentive to provide favorable evaluations of underwriting clients.

How to enforce information barriers with intelligent DLP

Email is the most common way data is lost or misdirected. As a result, it’s also one of the most common ways that information barriers are breached. Many firms still rely on static, rules-based email data loss prevention (DLP) offered by Microsoft 365 and secure email gateways (SEGs) to prevent these breaches. However, this is not sufficient. 

In our 2021 Data Loss Prevention Report, in which we surveyed 500 IT leaders, we found that 100% of them were frustrated with their traditional email  DLP tools and that 42% believed over half of their email security incidents were going undetected. This is largely because these solutions rely on static rules, which have to be manually updated. Once they have been set, these rules often over-prompt people, resulting in ‘click fatigue,’ which can lead to users clicking past genuine risks out of frustration or IT teams having to relax their static rules to make them more workable over time but less secure.

Intelligent email DLP solutions such as Egress Prevent can scan emails to determine whether there is sensitive or identifiable data in the message content. It then interrogates the recipient and their domain to spot any potential breach or conflict of interest and determine whether they should access this information. If a risk is identified, a clear prompt explains the risk so that the user can avoid a potentially costly security risk.