CPAs practicing in mergers and acquisitions are familiar with the sensitive nature of their work and the potential for abuse of the information obtained. In addition to the conflict of interest created by trading on that information themselves, they must take extensive precautions to ensure that they do not allow that information to slip to friends, family members, or colleagues. Unfortunately, a CPA cannot be assured that others won’t use that information to make trades that could ensnare both the CPA and CPA firm in extensive criminal and civil litigation, regardless of intent. Accordingly, both formal and informal mechanisms must be established to keep potential inside information from those members of the CPA Firm who are not required to have it in their work.
Considering the speed at which data breaches are increasing, any CPA firm that handles corporate transactions should act to put into place similar policies and procedures to avoid identical risks. Although we have yet to see any CPA attempt to trade on data breach information, an executive member of a well-known cybersecurity team was recently charged with trading the company’s stock as soon as he discovered that a breach had occurred. Furthermore, interrelated companies may find out that other public entities have experienced a breach before the public. Any of these situations creates a risk, and whenever a firm is retained to investigate and handle a data breach, another potential inside trader is born.
CPA firms that handle data breach cybersecurity work should therefore be sure to create the necessary walls and restrictions on information that are often instituted by firms handling confidential corporate work. Matters relating to the assignment should be discussed behind closed doors, only necessary employees should be given access to any information related to the breach, and those staff should be continuously reminded that it should not be discussed in any way outside of the firm. While we have not yet seen any CPA firms accused of trading on inside data breach information, it is surely only a matter of time before we do. The best way to keep your firm from such a charge is to make sure steps are taken to minimize these risks through the appropriate confidentiality policies.
- Posted by Rickard Jorgensen
- Posted in Accountants' professional liability insurance, Client records, Client relations, Cyber Liability, Cyber resources, Cyber risk management, Data protection, Fraudulent Wire Transfers, policy coverage, risk management, security, Uncategorized
- Mar, 11, 2019
- No Comments.
- The Most Expensive Insurance Policy is Always the Cheapest One.
- Professional Liability for CPAs Understanding your coverage – Part II – the declarations page
- Professional Liability for CPAs – Understanding your coverage – Part I – the insurance application
- Gotcha! Three cyber policy traps to look out for (and a postcript to the CCH hack)
- Coverage for independent subcontractors via the CPAGold™ program.