As of 1 April 2012, related warehouse companies are required to engage an independent practitioner to assure that the information barriers they have instituted are compliant with the London Metal Exchange’s rules and requirements. This new requirement is designed to further strengthen the effectiveness of procedures relating to information barriers, and to provide relevant warehouse companies with relatively clear guidance as to how they can develop effective information barriers.
On 1 April 2012, the London Metal Exchange’s (LME) new requirement in relation to information barriers between warehouse companies and trading companies came into effect.
In 1998, the LME introduced provisions and procedures in order to establish and enforce information barriers between an LME member and its related warehouse company. The rationale for introducing these requirements was to prevent the misuse of confidential and price-sensitive information so that members and customers could trade on equal terms.
On 21 July 2011, the LME issued a consultation on proposed amendments to the existing requirements for information barriers. In addition, the LME set out a new requirement for related warehouse companies to engage a third party to verify the effectiveness of such information barriers. On 17 November 2011, the LME issued a notice which modified the existing requirements and set out the new requirement.
New Requirement
As of 1 April 2012, related warehouse companies are required to engage an independent practitioner to assure that the information barriers they have instituted are compliant with the LME’s rules and requirements. Importantly, the LME has expanded the definition of related warehouse company. To be caught by the new requirement, a warehouse company must have a “close connection” with a trading company. A close connection is defined as any company which holds 20 per cent or more of the shares or voting rights in both the warehouse company and trading company.
Practitioner
If a warehouse company is a related warehouse company, it must engage a practitioner to assure that the information barriers employed are compliant with the LME’s rules. For these purposes, a “practitioner” is a firm of professional accountants in public practice, and the LME must agree with their appointment.
Assurance Report and Criteria
The practitioner must produce an annual report which includes details of the control objectives and associated controls that have been tested on the basis of assessment criteria. The assessment criteria are as follows:
-
“Need to know” policy is communicated to relevant personnel.
-
Confidential information is kept in a secure place.
-
Confidential information held in a computer system is accessible only by authorised personnel using a password which is changed at regular intervals.
-
All personnel from the relevant warehouse company are physically separated from the personnel of the trading company.
-
The relevant warehouse company has procedures to prevent the transmission of confidential information to directors.
-
An up-to-date record of personnel on either side of the information barrier is maintained.
-
All relevant employees are given training in relation to the “need to know” policy and the information barrier procedures.
-
Relevant employees sign an acknowledgement that they understand and will adhere to the confidentiality procedures.
-
The relevant warehouse company has internal sanctions for breach of the confidentiality procedures.
-
The relevant warehouse company has procedures to vet employees.
-
A senior employee is appointed to ensure that information barrier procedures are effective and are followed.
-
Physical access to production data centres and systems are restricted to authorised personnel, and the data centre is protected from environmental hazards.
-
Logical access to programs and data stores is limited to authorised personnel.
-
Any change management process implemented to application and data stores containing confidential information must not affect the access controls to the data centre.
To a large extent, the assessment criteria mirror the procedures that related warehouse companies should already have in place.
Once the report has been completed, it must be addressed to the related warehouse company and the LME. The report must not be disclosed to any third party save to professional advisers and, if required, courts or regulatory authorities.
Standard and Remedial Action
A relevant warehouse company must obtain “reasonable” assurance from the practitioner as to the effectiveness of its information barriers. There is no detail as to what “reasonable” means, although the practitioner must provide any assurance in accordance with the International Standard on Assurance Engagement 3000: Assurance Engagements other than Audits or Reviews of Historical Information, issued by the Auditing and Assurance Standards Board.
If a relevant warehouse company receives a report containing qualifications or exceptions, it must produce a remedial plan which sets out the actions to be taken in order to strengthen the information barriers. This plan must be submitted to the LME, and the relevant warehouse company must regularly report to the LME any remedial actions taken. The LME reserves the right to ask the relevant warehouse company to commission an additional report six months after the original report.
Enforcement
Serious breaches of the new requirement may be regarded as acts of misconduct, which can ultimately lead to disciplinary action and the imposition of severe penalties. The LME has not provided any detail as to the level of misconduct that might lead to such penalties. However, the LME understands that more remedial actions may be required after the first report. Consequently, the LME states that it will work with relevant warehouse companies to remedy any issues which arise, and will provide timescales in which actions must be taken. The LME warns that if relevant warehouse companies fail to achieve the requisite level of assurance within the timescales provided, it will rely upon the full range of enforcement and disciplinary procedures available to it.
Conclusion
The new requirement is designed to further strengthen the effectiveness of procedures relating to information barriers, and aims to provide relevant warehouse companies with relatively clear guidance as to how they can develop effective information barriers. The assessment criteria which are to be employed when a report is produced are not wholly new. In many ways, they build upon the requirements contained in the information procedures relevant warehouse companies should already have in place. However, the new requirement does mark a significant shift from “self regulation” to greater third party oversight.
*Adam Parmenter, a trainee solicitor at the London office, has contributed to this article.