In the modern era of business, where information is currency, data management has emerged as a critical facet of corporate operations. A Netflix case involving insider trading charges against three former software engineers and their close associates provides a stark reminder of the importance of structured digital databases (SDD) in safeguarding sensitive corporate information.
The case, brought forth by the United States Securities and Exchange Commission (SEC), centres around allegations that these individuals illicitly profited from trading on confidential information pertaining to Netflix's subscriber growth. This information, which was non-public, revolved around one of Netflix's pivotal metrics, the growth of its subscriber base, which the company regularly disclosed in its quarterly earnings reports. The accused engineer repeatedly shared this sensitive data with his brother and close friend, both of whom leveraged it to make informed trades ahead of Netflix's earnings announcements.
Netflix's own internal policies during this period reflected a commitment to openness and transparency, exemplified by their statement: "We share documents internally broadly and systematically. Nearly every document is fully open for anyone to read and comment on, and everything is cross-linked. Memos on each title’s performance, on every strategy decision, on every competitor, and on every product feature test are open for all employees to read. There are some leaks, but the value of highly-informed employees is well worth it."
While Netflix's approach to transparency is commendable, it also underscores the need for organisations to strike a balance between openness and data security. This case highlights the critical role that structured digital databases (SDD) play in managing, protecting, and controlling access to sensitive information.
Structured Digital Databases provide a systematic and secure way to store, manage, and retrieve data within an organisation. In an age where data breaches and insider trading are real threats, SDDs offer a powerful solution to ensure that confidential information remains in the right hands and is accessible only to authorised personnel. They allow organisations to define access controls, implement encryption, and maintain an audit trail of who accesses what data and when.
What is Structured Digital Database (SDD) ?
The introduction of Structured Digital Database (SDD) was a significant development aimed at preventing insider trading in securities and enhancing the legal framework to adapt to evolving market dynamics. The Securities and Exchange Board of India (SEBI) implemented the concept of SDD through the SEBI (Prohibition of Insider Trading) (Amendment) Regulations, 2018, which came into effect on April 1, 2019.
The rationale behind introducing the SDD provision was to address situations where information transforms into unpublished price-sensitive information (UPSI) that could significantly impact a company's security prices upon disclosure. Under this framework, any sharing of such UPSI must be documented in the Database to ensure the integrity of information.
Key aspects of the SDD system include the principle that UPSI should only be accessible to individuals on a 'need to know' basis. Furthermore, the identity of any person accessing the SDD is required to be verified, establishing an audit trail to monitor and maintain the security of sensitive information. This proactive approach seeks to bolster market transparency and protect against insider trading, ultimately safeguarding the interests of investors and maintaining the integrity of the securities market
The Need for SDD
The Dr. T.K. Viswanathan Committee emphasised the importance of tracking the sharing of Unpublished Price Sensitive Information (UPSI) within and outside a company. External sharing with partners, lenders, advisors, and others must be recorded to establish a trail for potential investigations. However, the committee recognized that controlling internal sharing among employees and stakeholders is equally crucial.
The Securities and Exchange Board of India (SEBI) and Bombay Stock Exchange (BSE) guidelines mandate the maintenance of a Structured Digital Database (SDD) for tracking the flow of UPSI. This includes recording the names of recipients and sharing details promptly to ensure nothing is missed. While it might be argued that routine information exchanges like board notes and financial statements need not be recorded, the regulatory intent is to ensure an exceptional level of transparency. SEBI and BSE FAQs confirm that SDD should cover all UPSI sharing, both within and outside the company, emphasizing the need for comprehensive tracking.
For instance, when finalizing financial results, entries should be made for all personnel involved from the beginning of the process. Additionally, when sharing UPSI with auditors, details of the audit firm and specific individuals involved must be recorded, ensuring a thorough record of information flow.
In summary, the Dr. T.K. Viswanathan Committee stressed the importance of diligently maintaining SDD to trace the entire trajectory of UPSI sharing, both internally and externally, in compliance with SEBI and BSE regulations.
Key points while maintaining SDD:
Scope of SDD: SDD shall be maintained by intermediaries, fiduciaries, and entities, not only for existing listed companies but also for unlisted companies intending to go public.
Recording Trigger: Sharing of unpublished price-sensitive information (UPSI), whether internally or externally, is the trigger for recording it in the SDD.
Mandatory Recording: Regardless of whether UPSI is shared internally or externally, it must be recorded in the SDD.
Database Security: The Database cannot be outsourced and should have robust internal controls, including time stamping and audit trails, to prevent tampering.
Data Alteration: Entries made in the SDD cannot be altered or modified. If correction is needed, a separate entry with corrected details and reasons must be added, referencing the original entry.
Retention Period: The database should be maintained for a minimum of 8 years after the relevant transactions are completed. In case of investigations, the relevant information must be preserved until the proceedings conclude.
Information Sharing: Details of persons who shared UPSI and those with whom UPSI was shared, along with their PAN or other identifiers, should be digitally captured in the database.
Effective Date: The requirement for a digital database came into effect on April 01, 2019, or from the date of listing.
Comprehensive Data Capture: The SDD should capture information transmission of all UPSI, both within and outside the organisation, the nature of UPSI, and date/time of UPSI sharing.
Database Management: Database maintenance should not be outsourced. Companies may develop internal software or modules with the assistance of their IT teams.
Data Audit: Audit trails should be maintained to monitor database activities.
Data Integrity: Ensuring non-tampering and deletion of records is crucial. If records are deleted, the system/database must reflect which records were deleted or any changes made to the original entries.
Follow us on our socials to read more articles on Business, Finance & Law.
(Disclaimer: The views expressed in this article are strictly personal opinions of the author and do not necessarily reflect the views or opinions of the company or organisation they may be associated with. This article is intended for informational purposes only . It should not be construed as legal or professional advice and no legal or business decision should be based on its content. Readers are encouraged to seek professional guidance or consult relevant experts for specific legal or professional matters.)
For Corporate Governance Services & Advisory reach out to us at shaily.co@outlook.com
Comentários