In Depth

Sometimes the temptation to make a quick buck is just too great. If you're an employee at a printer that produces sensitive company documents, the chances are that you're privy to financial information that could earn someone, or even you, a fortune on the stock market. But before you go rushing to your broker, here's a word of warning: if you get caught, you could spend up to seven years in prison.

While it’s certainly not rife within print, insider trading is a subject that has hit the headlines recently following a recent Financial Services Authority (FSA) investigation.

Eight people in London and the South East were arrested in July on the suspicion of trading stocks with inside knowledge. ‘City sources’ in The Times suggested that at least one printer was involved, with the suspicion being that the source of the leaks was a bank’s printing plant. For the time being at least, the names of those involved are being kept confidential.

Getting serious
The case’s slow progress is typical due to the problems in bringing a prosecution for crimes of this nature. However, four years ago the Serious Fraud Office hit the jackpot when Richard Spearman was sentenced to 30 months imprisonment and ordered to pay £169,000 for his part in an insider-dealing ring using information from an ex-employee of financial printer St Ives. He was one of four defendants who were charged with conspiracy to commit insider dealing; the crimes took place between 1997 and 2001.

But how can printers ensure that incidents like this never happen in their plants? Preventing staff from leaking sensitive data may be tricky, but it’s not something you can afford to ignore. While the law may not be able to prosecute an entire company, it doesn’t mean that the company won’t suffer in the long run.

“It could damage a print firm’s reputation in the market,” explains Richard Burger, solicitor in the professional risks group of city law firm Reynolds Porter Chamberlain, “and companies will not consider sending documents to a printer that has a reputation for leaks.”

Due to the turbulent market conditions, there has probably never been a greater temptation to lessen the risk of investing by trading off the back of some illicitly gathered inside knowledge. However, the FSA is working hard to nip insider dealing in the bud. Last year it conducted a ‘thermatic review’ and among its targets were print firms that produced secure documents for takeover bids. The city watchdog suspected that some form of insider trading may have taken place before around one-third of takeover announcements in 2004 alone.

“Combating insider dealing and market abuse – the civil offence of insider dealing – is a top priority for the FSA,” explains Burger. “In its efforts to tackle market misconduct, the FSA is casting its net even wider, to include unregulated firms and businesses.”

Principled approach
Since its review, the FSA has drawn up the Principles of Good Practice for the handling of sensitive information. They cover six core areas: policies and procedures; staff awareness and training; information controls; third parties; IT security; and personal account details.

“Many firms have made positive changes to strengthen their controls,” says Alexander Justham, FSA director of markets. “I would like to see more efforts to crack down on the length of insider and to see firms giving greater focus to the importance of leak enquiries.”

However, the FSA’s proposals are not without their flaws. “Adoption of the principles is entirely voluntary and should not be seen as FSA regulation through the back door,” adds Burger. “However, the regulated sector is under increasing scrutiny to play an active part in controlling data leaks. Regulated firms will expect other parties to a transaction, such as financial printers, to have robust procedures in place. The exchange of confidentiality letters will not be enough.”

If anything, print firms can enhance their reputation by having secure systems in place and doing that isn’t difficult. “It’s very much about common sense,” says Burger. “There are plenty of areas where you can counter the risk. Print firms do need to be more alert. If you get blamed for a leak then there will be plenty of companies that won’t work with you.”

Top tips include having a short written policy on inside information. It needs to define the term and ensure that staff know the penalties for crossing the line. Burger also advices that print firms should have strict physical control over documentation containing inside information.

“For example, clear desk policies, secure print rooms and on-site destruction of data will ensure that cleaning contractors don’t become privy to inside information,” he says.

One company that takes such policies very seriously is Ikon. The facilities management specialist looks after a raft of print rooms in the financial, legal and public sectors and with those kind of contracts comes great responsibility.

“Staff are well aware of what the data is and how it sometimes needs to be destroyed,” says Ikon UK business delivery manager Dave Adams.

For printers, third-party operators are also a major consideration. Burger warns that finishers and couriers also receive sensitive documents and it might be worth looking into exactly who should have access to certain documents. Robust passwords to restrict access to IT systems should also be in place. “Audit trails of access to price sensitive material will discourage curious eyes,” adds Burger.

Another idea is to track documents, according to Ikon’s Adams. “We can trace back to the point where an error occurs in a job; it could be just an insert going through incorrectly. It also means that we know exactly how many documents we are dealing with. We ensure every single one is despatched.”

Insider trading is a tricky area and combating it can never be an exact science; vetting every member of staff at a print firm is one solution it but at the end of the day leaks do, and will, continue to occur. But if a print firm can demonstrate to its customers that it takes this issue seriously then it’s likely to carry on winning and retaining business.

PRINT'S BIGGEST LEAKS

Print-related cases of insider dealing for personal gain are relatively rare, more common is the leaking of information to the wider public.

The Hutton Report – 2004
Before publication of the controversial report into the death of Dr David Kelly, a copy found its way to The Sun’s political editor, Trevor Kavanagh. Lord Hutton launched an inquiry into the source of the leak and fingers were pointed at the printers, in this case The Stationery Office. The firm denied the allegations and added that there was no evidence that its security measures had been breached.

McLaren/Ferrari spy scandal – 2007
F1 giant Ferrari publicly praised the alert actions of an anonymous worker who smelled a rat when he was asked to format a disk containing 780pp of information on the Italian team’s cars. The customer turned out to be the wife of McLaren’s former chief designer Mike Coulghan and so started the F1 spying scandal, costing the British team all of its constructor championship points in 2007.

Glastonbury – 2008
The organisers of the music festival blamed an unnamed printer for this leak. The line-up for the event was passed on to the NME, which published the acts including Kings of Leon, The Gossip and Jay-Z. Organiser Emily Eavis initially blamed a print firm mole for the leak. It didn’t prove to be the most accurate of moles; there were only details for three of the 10 stages, some of which were plain wrong.

FSA - PRINCIPLES OF GOOD PRACTICE

• Policies and procedure There need to be written procedures for the handling and control of sensitive information

• Staff awareness and training Employees need to be able to identify sensitive data and understand the importance of protecting it

• Information controls There should be limits on who has access to such information; this is likely to reduce leaks

• Third parties Companies should assess a third party’s suitability before passing over sensitive information

• IT security Secure passwords and robust systems should be in place to withstand hackers

• Personal account dealing policies Print firms may find this an administrative burden but the FSA points out that permission should be sought by individuals before trading in the securities of target companies