(1) | A credit rating agency must adopt procedures and mechanisms to comply with section 7(f)(ii) of the Act to protect the confidential nature of information shared with it by issuers under the terms of a confidentiality agreement or otherwise under a mutual understanding that the information is shared confidentially. |
(2) | Unless otherwise permitted by the confidentiality agreement and consistent with applicable laws or regulations, a credit rating agency or an employee of the agency may not disclose confidential information— |
(ii) | through research conferences; |
(iii) | to future employers; and |
(iv) | in conversations with investors, other issuers, or other persons. |
(3) | A credit rating agency may use confidential information only for purposes related to its rating activities or otherwise in accordance with any confidentiality agreements with the issuer. |
(4) | A credit rating agency must take all reasonable measures to protect all property and records belonging to or in possession of the credit rating agency from fraud, theft or misuse. |
(5) | A credit rating agency must prohibit its employees from engaging in transactions in securities or financial instruments when such employees have access to confidential information concerning the issuer of such security or financial instrument. |
(6) | In preservation of confidential information, a credit rating agency employee must familiarise him or herself with the internal securities and financial instruments trading policies maintained by his or her employer, and the credit rating agency must periodically ensure that its employees certify their compliance as required by its policies. |
(7) | A credit rating agency employee may not use or share confidential information for the purpose of trading securities, or for any other purpose except for the conduct of the agency's business. |
(8) | A credit rating agency must ensure that it has adopted policies to mitigate against the risk of an employee— |
(a) | selectively disclosing any non-public information about credit ratings or possible future rating actions of the credit rating agency, except to the issuer or its designated agents; |
(b) | sharing confidential information entrusted to the credit rating agency with employees of affiliated entities; and |
(c) sharing confidential information within the credit rating agency, except if required for the performance of his or her duties.