Information Walls Safeguard Sensitive Information
Information walls are a concept that describes a virtual barrier intended to prevent the exchange of information between departments, teams, or individuals within the same organization to avoid potential conflicts of interest. The goal is to keep firms in compliance with federal regulations and prevent any ethical or legal issues. Using proprietaryinformation illegally - best exemplified by insider trading - can result in steep fines and substantial damage to the firm's reputation and market presence. These fines can total millions of dollars, sometimes in the billions of dollars. The stakes are high to keep sensitive information protected, but at the same time, to allow the needed flexibility for companies to conduct ongoing business activities efficiently.
Information walls are most often associated with the financial services sector. As an example, a financial services firm may rely on the information wall to separate the investment banking department from the trading desk. The motivation is to prevent sensitive information from leaking over to traders who could act upon it. If the firm is advising a client on a merger and acquisition deal (M&A), these discussions are highly confidential, because of the potential for insider trading on this information.
In a similar situation, the investment banking department needs to be walled off from the research desk. If the firm is vying for business with a corporate client, research analysts may be pressured to provide a favorable rating for the company to help win the deal. In this case, investors would be buying the company's stock believing that the analysts' advice is unbiased, while the firm, their clients, and individuals aware of this situation could sell the very same securities on insider information for hefty but illegal gains.
Information walls are also intended to help avoid a potential conflict of interest in other categories of financial firms, e.g., hedge funds. As part of conducting ongoing business activities, a fund may come into possession of sensitive information related to companies in which they are considering investing or those that happen to be their advisory clients. As a result, the fund employees in possession of the insider information would need to be precluded from disclosing it or related ideas to other departments.
The concept of information walls exists in other professions. For example, if a legal firm is representing both sides in an ongoing legal case, a temporary wall may be placed between the two legal teams to prevent a possible conflict of interest.
Impact of US Regulations
Information walls initially gained public attention when Congress reacting to the stock market crash of 1929 – partially attributed to trading on insider information – passed the 1933 Glass-Steagall Act (GSA). This legislature called for a separation of commercial and investment banking activities - in other words, splitting investment banks, brokerage firms, and retail banks. GSA demanded the separation between the investment banking and research departments while permitting companies to participate in both activities, creating the need for information walls.
Information walls returned to public attention in the '90s when Congress passed the Gramm-Leach-Bliley Act (GLBA) of 1999 in an attempt to modernize the financial industry. The legislature repealed much of the Glass-Steagall Act, permitting banks, insurance and financial services companies to act as combined entities. The law allowed the creation of financial giants, such as Citigroup, and created the need to erect robust information barriers between the departments.
The need for information walls was strengthened in 2002 by the passage of the Sarbanes-Oxley Act (SOX), which mandated that companies enforce stricter safeguards against insider trading.
Challenges of Enforcement
Establishing and maintaining information walls is necessary to safeguard against the misuse of sensitive information. In a fast-paced world of finance, it can be genuinely challenging to ensure that the walls provide the required protection. With the data spread across the enterprise, mobile end-points, or multiple clouds and growing at unprecedented rates, it can be difficult to identify what data is sensitive and needs to be protected. It is especially true in this case where much of the data is unstructured, and public and sensitive information can be easily commingled. As the means and channels of collaboration and communication rapidly grow, sharing confidential data is easier than ever, and putting up barriers to prevent it is a growing challenge.
While information walls need to be robust, they also must be dynamic and flexible enough to accommodate rapidly changing organizational structures of today. With high employee turnover and individuals frequently switching teams and changing roles, the information walls are required to handle these changes without delay. User access to sensitive information must be permitted on a need-to-know basis and enforced in real-time. It takes less than a few quick minutes to upload the most sensitive data files to a Box or Dropbox folder and share them across the globe by a disgruntled or merely a careless user.
Effective Information Walls are a Must
In the era of rapidly moving and fast-changing business conditions, information walls need to be constructed and maintained to be compliant with the regulatory requirements and to avoid potential illegal or unethical consequences. At the same time, the walls need to allow organizations to conduct ongoing business activities without hindering them. Rapidly growing volume and variety of data combined with unprecedented ease of sharing it, bring new challenges to erecting robust and sustainable information walls. It is critical to address these formidable challenges, as the stakes of failure are high.