1. Introduction

The containment of confidential information is an issue for all Dealers, not just those engaged in corporate finance or investment banking activities. Dealers that are not involved in corporate finance or investment banking should identify the various means by which they, or their personnel, may come into possession of material non-public information that could be used for insider trading, such as through trading by issuers, research or relationships between personnel and corporate insiders.

Dealers must establish procedures to bring the receipt of such information to the attention of management and deal with it appropriately, using these guidelines. Dealers must implement, maintain and enforce robust policies and procedures to safeguard inside information.

1. Information Barriers (Firewalls)

Information Barriers are physical and procedural means of restricting access to confidential information to those needing to know it and of recording who gets access to it and when.

1. Assign a qualified senior officer, or a sub-committee of the Board of Directors (BOD), accountable to the Audit Committee of the BOD to
   • oversee the design, implementation, documentation and maintenance of the Dealer’s overall containment program, and
   • provide for full documentation of the same,
     
     including programs for periodic reviews and timely updates, continuous improvement and ongoing staff education.
2. Set out a clearly worded definition of “confidential information” as it pertains to the Dealer’s dealings with issuers and the dealings of employees with same.
3. Establish a reliable, Dealer-wide program for disseminating that definition to all staff and to provide consistent answers to questions for clarification.
4. Establish a similar program to inform employees of the relevant policies and procedures that govern their handling of confidential information. 
5. Obtain clear, formal employee undertakings to abide by those policies and procedures.
6. Establish effective physical barriers limiting access to documents containing confidential information to those authorized to use them.
7. Establish effective technological barriers limiting access to electronic documents and records containing confidential information to those authorized to use them.
8. Establish effective procedural deterrents supportive of, and complementary to, those barriers.
9. Determine in advance the processes by which outside individuals may be brought over the (fire)wall.
10. Provide for keeping records on who is brought over the wall and when, or who has access to confidential information, including both internal personnel and outside consultants or advisers.
11. Establish a regular program for testing all deterrents and to review results.
12. If outside parties are involved in the implementation of and/or testing processes, ensure these are bound by solid confidentiality restrictions.
13.  In Introducing/Carrying Broker arrangements, ensure clear, non-conflicting agreements are in place regarding respective responsibilities for information containment and leakage detection. Arrange mutually to revisit these at least annually.

1. Grey (or “Watch”) Lists

A Grey list is a highly confidential and limited-circulation list of issuers on which the Dealer and its staff have confidential information. The list is distributed to qualified staff to monitor any trading activity that suggests the information is being misused or has leaked.

1. Dealers must establish policies and procedures regarding
   • the purpose of a grey (or “watch”) list
   • the kinds of events that should see a security, or family of securities, added to or removed from the list
   • the process for having issuers added to or removed from the list
   • the information to be contained on the list, including dates and times of all additions and deletions
   • the person(s) charged with maintaining the list
   • the limited distribution of the list
   • the safe storage of the list and its data
   • and the means by which the list will be applied to the Dealer’s continuous self-supervision activities.
2. Train all persons likely to come in contact with confidential information on Grey List procedures.
3. Ensure the preparation of the list includes access to Corporate Finance or Research Department meetings (or timely receipt of the minutes)
4. Instill a discipline of capturing insider account identities from all know-your-client forms and making the data readily available to all supervisory staff. Include all accounts over which Insiders wield authority.
5. Ensure Grey List trading reviews cover:
   • all accounts at the Dealer, including inventory or proprietary accounts
   • related instruments or those that are derivatives of Grey List securities
   • employee-and associate /related accounts outside the Dealer
   • accounts of Insiders of the Issuer
6. Establish clear actions to be taken in the event that questionable trading is detected.
7. Provide in advance an adjudication process for possible exceptions.
8. Provide in advance procedures for managing research on Grey list issuers.
9. Include a review of the effectiveness of the Grey List among the Dealer other containment practice review efforts.

1. Restricted Lists

The Restricted List is a list of issuers with whom the Dealer has a current, publicly disclosed involvement requiring restrictions on the Dealer’s trading or advising activities.

1. Establish policies and procedures regarding:
   • the kinds of events that should see a security, or family of securities, added to or removed from the Restricted List,
   • the process for having issuers added to or removed from the Restricted List,
   • the information to be contained on the Restricted List, including dates and time of all additions and deletions,
   • the person(s) charged with maintaining the Restricted List,
   • the distribution of the Restricted list,
   • the archiving of the Restricted list, and
   • the means by which the list will be applied to the Dealer’s continuous self-supervision activities.
2. Ensure all updates to the List are duly authorized, duly recorded, and disseminated to all affected on a reliable and timely basis.
3. Train all persons involved in taking orders and handling trades on the restrictions on trading of issuers on the Restricted List. If there are various categories of restriction, ensure these are clearly explained to affected employees and their supervisors.
4. Ensure Restricted List reviews cover
   • all accounts at the Dealer, including inventory or proprietary accounts,
   • related instruments or those that are derivatives of Restricted List securities, and
   • employee and associate/related accounts outside the Dealer.
5. Establish clear actions to be taken in the event that questionable trading is detected.
6. Provide in advance an adjudication process for possible exceptions.
7. Provide in advance procedures for managing Research reports, sales literature and investment recommendations on Restricted List issuers.
8. Include a review of the effectiveness of the Restricted List among the Dealer’s other containment practices review efforts.

1. Applicable rules

IIROC Rules this Guidance Note relates to:

• section 3508, and
• Rule 3900.

1. Previous guidance note

This Guidance Note replaces MR0377 – Guidelines for Confidential Information Containment.

1. Related documents

This Guidance Note was published under Notice 21-0190 - IIROC Rules, Form 1 and Guidance.

1. Appendices