Across financial services, few secrets are as badly guarded as the so-called "restricted list." Content within these lists can include the names of public companies that are potential acquisition targets for an M&A team, and/or the names of issuers that may be part of an upcoming block trading strategy by a fund. I've seen firms restrict issuers across an entire sector (pharma, semiconductor, etc.) but only for the analysts/teams that cover them. Depending on the business model it could also be a list of clients and/or their holdings.
The use of such lists is in theory becoming a best-practice in other industries, including law firms, public accounting firms and others with routine access to material non-public information (MNPI) particularly when supporting M&A activities for others.
Often the entire list is off limits for everyone in the employee population regardless of role or location. In other situations a list in New York does not apply to the staff in London, for example, as a way to impose information barriers for each silo.
I've seen it labeled in various ways, including the Watch List, Grey List, Black List, and in at least one shop the Black List was so voluminous it was replaced by a much shorter list of non-restricted names known as the White List.
Despite the variation in nomenclature, the one common thread amongst these workflows is they generally fail to protect the information from misuse.
[Read more from WS&T Thought Leader Mitch Kraskin: Business Continuity 2.0: We're Gonna Need a Bigger Boat]
In a recent academic paper, two professors from NYU and a third from McGill reviewed 15 years of call option trading ahead of announced M&A activity. Over 25% of the deals saw significant increases in the frequency of highly leveraged bets ahead of the post deal announcement price spike, which of course lead to huge payoffs. The conclusion was that these results were statistically improbable without the use of MNPI.
Despite this, many firms still publish the entire restricted list as a convenience for employees. The logic is that employees would not only keep the MNPI confidential but would steer clear of trading in those public companies because doing so would violate the Code of Ethics and expose themselves to prosecution should a regulator deem it front-running or insider trading.
There are, of course, quite a few alternative strategies to consider that should help plug the areas prone to leaks. One of my favorites seems quite obvious: Do not publish the entire list for the entire firm to see. Only those with a legitimate "need to know" should be allowed access. Further, firms should compartmentalize the details with regards to things like size of the deal, direction (buyer vs. seller) as well as the timeline. From there it might be useful to occasionally add a "decoy" record or two and see what happens.
Additional steps should include putting systems in place with strong audit trails so you can track the access to the data across deal teams, trading desks as well as the back office staff. Role based permission and document tracking across your network can help further delineate who can see documents and how frequently they open, copy and share such data.
If you have also deployed compliance systems to track employee trading against such restrictions I'd recommend applying a watch list (where employees are not made aware of any trading conflicts) as opposed to a pure restricted list -- a far more conservative approach that will allow you to monitor activity with the least amount of leakage. Firms should also consider analyzing other data points that may yield warnings of risk behavior such as the emergence of frequent option trading.
Let's also not forget that the math of this world is not always calculated with simple binary logic. The very act of telling even one person the secret can lead to opportunities for abuse by those who are willing to gamble on the winners v losers spread in other ways. The obvious bet of going long on the shares of a company likely to rise (i.e., restricted) is only one way to gamble. If the rising tide lifts all boats in the harbor equally a directional bet may work without tripping the literal restriction by simply loading up on similar names, thus yielding parallel sector gains while avoiding detection.Mitchel Kraskin is co-founder and CEO of Compliance Science, Inc. ("CSI") which has developed several groundbreaking governance, risk management and compliance solutions. With over twenty five years of executive experience managing the creation and delivery of software-based ... View Full Bio