Institutional Shareholder Services Inc. To Pay $300K Over Employee Data Breaches
Rockville, Md.-based proxy adviser Institutional Shareholder Services Inc. agreed May 23 to pay $300,000 to resolve Securities and Exchange Commission charges that it failed to safeguard confidential information about clients participating “in a number of significant proxy contests” (In re Institutional Shareholder Services Inc., SEC, Admin. Proc. File No. 3-15331, 5/23/13).
In a release, the SEC said ISS also agreed without admitting or denying wrongdoing to engage an independent compliance consultant, and to cease and desist from future violations.
Proxy advisory firms are hired by institutional investors to advise them on, and sometime cast, their proxy votes. Corporate issuers have raised significant concerns about the firms, including the fact that two of them–ISS and Glass Lewis & Co. LLC–together control about 97 percent of the proxy advisory services market.
SEC Commissioner Daniel Gallagher recently called for a closer look at the current proxy advisory regime and the appropriate role that proxy advisers should play in today’s corporate governance world.
Meanwhile, the commission said its investigation revealed that an ISS employee “provided a proxy solicitor with material, nonpublic information revealing how more than 100 ISS institutional shareholder advisory clients were voting their proxy ballots.” In return, the SEC alleged, the solicitor gave the ISS expensive concert tickets and other personal items.
“The breach was made possible in part because ISS lacked sufficient controls over employee access to confidential client vote information, as this employee gathered the data by logging into the ISS voting website from home or work and using his personal e-mail account to communicate details to the proxy solicitor,” the agency alleged. The employee, who was not identified in the SEC order, “no longer works at ISS.”
“Proxy advisers must tailor their controls based on the risks of their particular business in order to protect the integrity of the proxy voting process,” Julie M. Riewe, deputy chief of the Enforcement Division’s Asset Management Unit, said in the release. “The internal controls at ISS did not adequately address the potential misuse of confidential proxy voting information by firm employees.”
The alleged misconduct occurred between 2007 and 2012.