Equifax Inc. is in a world of hurt after the cyber breach that compromised 143 million Americans’ personal and sensitive information. Adding a truckload of salt to the gaping wound is the fact that three Equifax executives sold shares shortly before the hack was revealed to the public in September.
Typically when I write about insider trading, I write about the very nuanced and difficult subject of tipper/tippee liability. I almost never write about direct trading of insiders in possession of material non-public information because it seems absurd that anyone would do this. It is so blatantly criminal to sell stock shortly before announcing terrible news that is certain to cause a company’s stock price to crater, who would do it? Enter Equifax.
According to reports, Equifax was first breached around mid-May 2017, and this continued through July 2017 when Equifax discovered the hack and stopped it on July 29. On August 1 and 2, three Equifax executives sold a total of approximately $1.8 million in shares. On September 7, Equifax broke the news of the breach to the public.
Addressing this questionable behavior, an Equifax spokesperson said in a statement that the executives “had no knowledge that an intrusion had occurred at the time” they sold the shares.
Is it possible that the three Equifax officers—the CFO who sold $946,374 worth of shares, the president of U.S. information solutions who sold $584,099 worth of shares and the president of workforce solutions who sold $250,458 worth of shares—didn’t know about the breach?
It’s a big organization, and we, the public, don’t really yet know who knew what and when.
Moreover, unlike some (but certainly not all) public companies, the Equifax corporate insider trading policy doesn’t appear to be on their website. Thus, we don’t know if the Equifax general counsel had to pre-clear these trades by insiders, and if so, when that pre-clearance would have been given.
Many Questions, Many Questioners
To avoid conviction, Equifax’s three officers are going to have to prove they weren’t privy to material non-public information at the time of sale. Just to say it out loud: it’s hard to prove a negative.
There’s also the question of corporate responsibility. The SEC has the ability to bring an enforcement action against an employer whose lax insider trading policies and procedures contributes to insider trading misconduct by individuals.
Finally, there are surely plaintiff attorneys who right now are planning to file suits against the directors of Equifax for breaching their fiduciary duty of care and oversight by not having adequate insider trading policies and procedures in place. (I’m not saying it’s a good case; I’m just saying it’s a potential case.)
The insider trading portion of this debacle provides a teachable moment for public companies.
Let’s say the three executives in question didn’t actually possess material non-public information at the time of their trades. The optics are still terrible, and massive legal bills will be incurred.
Imagine, instead, that these same sales were made pursuant to a legitimate Rule 10b5-1 trading plan. If properly executed and disclosed, there would have been no (or a least a much smaller) issue here.
As a reminder, a Rule 10b5-1 Trading Plan provides a safe harbor for trades by an insider when stock is sold pursuant to a plan to meets the rule’s requirements. As I wrote in an earlier article:
Rule 10b5-1 provides an affirmative defense against insider trading liability to anyone in possession of material, non-public information if, before becoming aware of the information, the person:
- Entered into a binding contract to purchase or sell securities;
- Provided instructions to another person to purchase or sell securities; or
- Adopted a written plan for trading securities.
Rule 10b5-1 trading plans, i.e., “written plans,” must specify the number of shares and price (or an algorithm specifying the same) for the sale. Typically, the seller will not exercise any control over the sale once the plan is put in place. The trading plan has to be adopted when the seller has no material non-public information.
To be sure, there are still risks associated with legal insider trading even with a Rule 10b5-1 Trading Plan in place—read more tips about that in an earlier article I wrote here. Even so, the default assumption is that when they’re properly implemented, 10b5-1 Trading Plans are an effective safe harbor for public company insiders.
In fact, a number of our clients here at Woodruff Sawyer mandate that all of their senior executives and independent directors sell only pursuant to 10b5-1 trading plans. Still, this is by no means the case with a majority of our clients (even though, often, the general counsel is strongly urging these plans).
In the Equifax case, the poorly timed sales of company stock by insiders is either very unfortunate or criminal. We won’t know for a while.
In any case, hopefully other companies will learn from this situation and decide to enforce the requirement that all sales of company securities by directors and officers will be made only pursuant to properly implemented Rule 10b5-1 trading plans.
Note: My colleague, Robin Fischer, has written a detailed piece on the technical details of the Equifax breach, what steps you should take now to protect yourself, and what proactive measures you can take in the future. Take a look at Robin’s Cyber Security Resources Center.