Insider trading is often treated as an abstract Wall Street problem, even though it often shows up in modern fintech businesses through product launches, token listings, partnerships, and internal decision-making that can move markets.
However, insider trading risk is not always caused by bad intent. In fintech, it can be a consequence of non-public information moving faster than internal controls, especially in fast-growing companies operating across jurisdictions, asset classes, and distributed teams.
This article explains how regulators define insider trading, how enforcement actually works, where fintechs tend to get exposed, and which myths create false comfort.
What Is Insider Trading?
Insider trading is defined as buying or selling securities while in possession of material non-public information, when there is a duty to keep that information confidential. The duty can come from an employment relationship, a board role, a contractual obligation, or access granted through trust or confidence.
Insider trading is about someone acting on information that the rest of the market doesn't have access to yet. Regulators care less about job titles and more about whether that information influenced a trading decision, even indirectly.
Importantly, insider trading is not limited to traditional corporate insiders. It can apply to founders, engineers, compliance staff, vendors, consultants, and anyone else who gains access to sensitive information through their role.
Legal vs. Illegal Insider Trading
Not all insider trading is illegal. Many executives, employees, and founders trade securities of companies they are connected to, and those transactions can be lawful when done correctly.
The same trade can look compliant or problematic depending on what information the person had access to at the time, how that information was handled internally, and whether controls were in place to manage it.
Learn more about employee compliance →
Why Insider Trading Matters for Fintechs
For fintechs, insider trading risks show up wherever product decisions, partnerships, capital activity, or token-related actions can affect market behavior, even before a company is publicly listed.
Fintech teams often sit closer to market-moving information than they realize. A pending bank partnership, a delayed product launch, a change in transaction fees, or a token listing decision can all influence trading activity. When that information circulates internally without clear controls, insider trading risk follows.
Regulators understand how fintechs work, and enforcement reflects this: businesses are expected to identify where sensitive information exists, who can access it, and how trading and communications are monitored.
How Regulators Define and Enforce Insider Trading
Multiple regulators handle insider trading enforcement, which is based on principles that focus on access to material non-public information and how it is used:
SEC, DOJ, FINRA, and More
In the US, insider trading enforcement is shared across several bodies, each with a distinct role.
The SEC brings civil enforcement actions and focuses on market integrity, disclosure, failures, and misuse of material non-public information.
The DOJ pursues criminal cases where intent and severity justify prosecution.
FINRA and securities exchanges monitor trading activity, review member firm controls, and refer suspicious behavior to regulators.
These agencies rely heavily on data. Trade surveillance, communications review, whistleblower tips, and pattern analysis all play a role.
For fintech firms operating regulated trading platforms or advisory businesses, this means internal controls are often reviewed after the fact, once trading activity has already drawn attention.
EU MAR and MiFID II
In the EU, insider trading falls under the Market Abuse Regulation, commonly referred to as MAR. MAR prohibits insider dealing, unlawful disclosure of inside information, and market manipulation across EU financial markets.
Under MAR, inside information is broadly defined and applies to issuers, intermediaries, and individuals. Companies need to maintain insider lists, manage disclosure timing, and monitor employee trading.
Learn more about employee trade monitoring →
MiFID II complements MAR by imposing conduct, governance, and transaction reporting obligations on investment firms.
For fintechs operating in or serving the clients/customers in the EU, the combination creates expectations around both prevention and detection of insider trading activity.
UK MAR and FCA
The UK retained a version of MAR after Brexit, often referred to as UK MAR. The framework is similar to the EU approach, but the Financial Conduct Authority handles enforcement.
The FCA places strong emphasis on firms’ systems and controls, not just individual misconduct. Firms are expected to identify insider trading risk, monitor trading and communications, and submit suspicious transaction and order reports when concerns arise.
For fintechs, this often means the FCA evaluates whether controls match the firm’s actual operating model, not whether a policy exists on paper.
MiCA for Crypto Markets
MiCA extends market abuse concepts into crypto-asset markets across the EU. It introduces explicit prohibitions on insider trading and unlawful disclosure of inside information related to crypto assets.
This matters for crypto platforms, token issuers, and fintechs offering crypto-related services. Information about token listings, delistings, governance actions, or protocol changes can fall within scope, even when assets are not classified as traditional securities.
MiCA signals a clear regulatory direction. Crypto businesses are expected to manage insider trading risk using controls that reflect how their markets function, including how information is created, shared, and acted upon.
What Counts as Material Non-Public Information (MNPI)
Material non-public information (MNPI) is information that has not been made public and would likely matter to a reasonable investor when making a trading decision. Information is considered material if it could influence price, demand, or market perception once disclosed.
The definition is intentionally broad. Regulators do not publish fixed lists of what qualifies as MNPI. Instead, they look at context, timing, and potential market impact. In insider trading cases, materiality is often evaluated after the fact, based on how the market reacted once the information became public.
6 Types of Insider Trading You Should Know
Insider trading is not a single pattern of misconduct. Regulators recognize several forms, each tied to how material non-public information is obtained and used, rather than the asset class or company structure involved.
1. Classical Insider Trading
Classical insider trading occurs when a corporate insider trades securities of their own company while aware of MNPI. This is the most familiar form and typically involves executives, founders, or employees trading ahead of earnings, acquisitions, or major announcements.
The key issue is the breach of a duty owed to the company’s shareholders.
In fintechs preparing for fundraising, exits, or public markets, this risk can appear well before a company is publicly listed.
2. Misappropriation
Misappropriation involves trading on material non-public information obtained through a position of trust or confidence. The focus is on misuse of information, not corporate affiliation, meaning that it can occur even when the person trading has no direct relationship with the issuer whose securities are involved.
This form of insider trading commonly arises with consultants, vendors, lawyers, engineers, and service providers who gain access to sensitive business information as part of their work. In fintech, that access often comes through shared systems, analytics tools, infrastructure providers, or project-based engagements.
In complex fintech ecosystems, access alone can create regulatory exposure. If confidential information is shared or used for trading, regulators will look at how that information was obtained, what controls existed, and whether the duty of confidentiality was understood and respected.
3. Tipping and Tippee Liability
Tipping occurs when someone with MNPI shares it with another person who then trades based on it. The tippee (defined as a person who received the tip) can also be liable if they knew or should have known the information was confidential.
This risk usually comes through informal conversations, internal chats, or offhand comments. Regulators focus on whether a benefit was exchanged and whether the tip led to trading, not whether the tipper traded themselves.
4. Shadow Trading
Shadow trading refers to using MNPI about one company to trade securities of a related company, such as a competitor, supplier, or partner. Regulators view this as an extension of traditional insider trading principles.
For fintechs, this can involve trading public companies linked to private deals, integrations, or market shifts that have not yet been disclosed.
5. Trading Based on Alternative Data
Using alternative data becomes problematic when the information is not genuinely public or is derived from privileged access. This includes data extracted from restricted platforms, internal reporting tools, or confidential operational systems.
From a regulatory perspective, the issue is not how the data is labeled. It is whether the information gives the user an unfair informational advantage over the market.
6. Crypto-Specific Forms of Insider Trading
In crypto markets, insider trading frequently relates to information about token listings, delistings, governance proposals, or protocol changes. Teams operating exchanges, protocols, and token projects often know about these developments well before they are announced publicly.
Regulators are increasingly applying traditional market abuse concepts to these scenarios. Non-public information that affects token price, liquidity, or market access can create insider trading exposure, even when the underlying asset is not classified as a security.
For crypto-focused fintechs, this shifts the compliance focus away from asset labels and toward information management. How decisions are documented, who has early access, and how trading activity is monitored all factor into how regulators evaluate insider trading risk in crypto markets.
—
Across all six types, the common thread is simple. If someone has material non-public information and uses it, or shares it, to influence trading, regulators will look closely at how that happened and whether controls were in place.
Insider Trading Laws and Penalties
Insider trading laws are designed to protect market integrity by addressing how material non-public information is used, not just who uses it. Penalties can be severe and often extend beyond financial consequences, especially when regulators believe controls were weak or ignored.
Exchange Act, Rule 10b-5, and Rule 10b5-1
In the US, insider trading enforcement is mainly based on the Securities Exchange Act of 1934 and Rule 10b-5, which prohibit fraudulent or deceptive conduct in connection with securities trading.
Rule 10b5-1 clarifies that trading while aware of MNPI can trigger liability, even without intent to misuse the information, and sets the framework for pre-arranged trading plans, often used by executives and founders.
These plans are not safe harbors by default and are closely reviewed for timing, structure, and good-faith adoption.
Reg FD and Selective Disclosure
Regulation Fair Disclosure, known as Reg FD, limits how issuers share material non-public information with analysts, investors, and other market participants. When information is disclosed privately instead of broadly, it can trigger both disclosure and insider trading concerns.
For fintechs involved in fundraising or partner discussions, casual updates can carry more weight than expected. Routine conversations can cross regulatory lines when they reveal information the market has not seen.
MAR/UK MAR Penalties and Reporting
EU MAR and UK MAR give regulators broad authority to impose fines, restrict trading activity, and pursue enforcement based on control failures. The presence of insider trading is not the only trigger.
Regulators place a heavy weight on governance. Breakdowns in escalation, documentation, or monitoring can draw scrutiny on their own, even when an insider trading violation is not ultimately established.
MiCA Implications for Crypto Assets
MiCA brings market abuse standards into EU crypto markets, including prohibitions on insider trading and unlawful disclosure. Token issuers, platforms, and individuals may all face penalties where inside information is misused.
For crypto-focused fintechs, this reflects a broader shift. Regulatory focus is moving toward how information is controlled, rather than how assets are labeled.
Common Myths About Insider Trading
Insider trading is often misunderstood, even by experienced founders and compliance teams. These misconceptions can create false comfort and real regulatory risk in the fintech environment:
“It’s only illegal when insiders trade their own company’s stock.”
Insider trading is not limited to trading your employer’s securities. Regulators focus on whether someone traded while in possession of MNPI and owed a duty of confidentiality.
Trading competitors, partners, suppliers, or economically linked companies can still raise insider trading concerns. The source and use of the information matter more than the ticker symbol.
“Crypto isn’t covered.”
Crypto markets are not outside the scope of insider trading rules. In the EU, MiCA explicitly applies market abuse standards to crypto assets, and other jurisdictions are moving in the same direction.
Information about token listings, delistings, governance actions, or protocol changes can qualify as MNPI. Asset labels do not shield firms from information-based enforcement.
“A 10b5-1 plan protects everything.”
Pre-arranged trading plans can help manage risk, but they are not automatic defenses. Regulators closely review when plans are adopted, how they are modified, and whether they were entered into in good faith.
If a plan is adopted while someone has MNPI, or adjusted opportunistically, it can increase scrutiny rather than reduce it.
“If there’s no profit, there’s no violation.”
Insider trading liability does not depend on whether a trade was profitable. The act of trading while aware of MNPI, or sharing it with someone who trades, is often enough to trigger enforcement.
Losses, break-even trades, or small gains do not change the underlying analysis. Regulators focus on conduct, not outcomes.
“Rumors are safe to trade on.”
Not all rumors are public information. If a so-called rumor originates from a selective disclosure, private conversation, or confidential source, it can still be treated as MNPI.
Trading on information that sounds informal does not reduce risk. What matters is whether the information was public and broadly available at the time it was used.
How to Mitigate the Risk of Insider Trading in Your Company
Reducing insider trading risk is less about adding complexity and more about aligning controls with how your business actually operates.
Best practices for mitigating insider trading risks include:
Building or Updating an Insider Trading Policy: Reducing insider trading risk is less about adding complexity and more about aligning controls with how your business operates. For fintechs, effective mitigation starts with understanding where sensitive information exists and how it moves, meaning that policies need to reflect real workflows, systems, and decision-making processes.
Mapping MNPI Across the Business: Most insider trading issues arise because firms do not know where MNPI is created or stored. Mapping MNPI consists of identifying which teams generate sensitive information, when it becomes material, and who can access it.
Access Controls and Insider Lists: Access must be limited to those with a business need. Insider lists, permissioning, and role-based access help mitigate unnecessary exposure.
Blackout Periods and Personal Trading Rules: Clear rules around personal trading help separate access to information from market activity. Blackout periods tied to key events and pre-clearance requirements reduce ambiguity.
Education: Training should be based on an effective employee compliance program that is role-specific and practical. Employees need to understand what MNPI looks like in their day-to-day work, not just in abstract terms.
See how Regly’s employee compliance module can help you mitigate insider trading risks →
Surveillance and Detection
Insider trading risk does not end with policies and training. For this reason, regulators expect firms to implement employee trade monitoring and respond when patterns suggest potential misuse of material non-public information.
What Regulators and Exchanges Monitor
Regulators and exchanges rely on both market activity and internal firm data when reviewing potential insider trading, and analyze trades placed before announcements, changes in position size, and coordinated activity across related accounts.
Trading behavior is only part of the picture. Who had access to information, when they had it, and how it was discussed internally often shapes how enforcement decisions are made.
Trade Surveillance Expectations for Fintech Businesses
What’s expected from fintech when it comes to surveillance largely depends on the nature of their services.
Businesses that are involved in trading or advisory functions typically monitor personal trading, event-driven activity, and internal restrictions tied to sensitive information.
Regulators look for controls that match reality. Systems built around actual user behavior and information access are viewed more favorably.
Learn more about outside brokerage accounts in our guide →
Crypto-Market Surveillance and Wallet Attribution
In crypto markets, the focus of the surveillance is mainly on price movements around listings, delistings, governance actions, and protocol changes.
Blockchain transparency allows regulators and platforms to analyze transaction patterns even when identities are not immediately visible.
Wallet attribution, clustering analysis, and behavioral signals play a growing role. The absence of names does not eliminate traceability, and firms are expected to take reasonable steps to monitor activity connected to insiders.
Using Technology to Detect Unusual Patterns
Technology plays a practical role in insider trading detection when it’s applied with clear objectives. Automated alerts, data correlation, and workflow tools help surface issues that manual review might miss.
The goal is not constant escalation, but timely visibility. Effective detection allows teams to review, document, and respond before issues become enforcement matters, rather than after regulators have already raised questions.
Regly’s risk scoring module helps fintechs detect and analyze patterns →
Famous Insider Trading Cases
Well-known insider trading cases show how regulators evaluate real-world behavior when non-public information and trading intersect.
The examples below highlight how access, timing, and internal controls influence enforcement across both traditional markets and crypto platforms:
Coinbase Insider Trading Case (Crypto Listing Tips)
One of the most significant insider trading cases in the fintech/crypto space involved a former Coinbase product manager who illegally tipped off his brother and a friend about confidential information on which crypto assets would soon be listed for trading on Coinbase.
As new listings often cause price spikes, the trio purchased those tokens in advance and sold them later for profit, reportedly making around $1.5 million.
The former Coinbase product manager pleaded guilty and was sentenced to two years in prison, marking the first major US insider-trading prosecution tied to a cryptocurrency exchange’s internal information.
OpenSea NFT Insider Trading Case
In what was considered the first insider trading case involving NFTs, prosecutors charged a product manager at the NFT marketplace OpenSea with using confidential information about which NFTs would be featured on the platform’s homepage.
He, allegedly, bought those NFTs before the promotion and sold them after the price increases, earning roughly $57,000.
However, in mid-2025, a US appeals court overturned his conviction, raising complex questions about how traditional fraud statutes apply to digital assets that aren’t clearly defined as securities.
Biotechnology Company Insider Trading Case
In the early 2000s, a high-profile insider trading investigation involved the sale of shares in a biotechnology company shortly before regulators declined to review a key drug application, triggering a sharp drop in the stock price.
Although the individual involved was not convicted of insider trading, prosecutors demonstrated that the trade was influenced by material non-public information received indirectly through an intermediary who was aware of internal selling activity.
The case became a widely cited example of how trading based on MNPI, and efforts to conceal the source of that information, can create significant legal exposure even when insider trading charges are not ultimately sustained.
—
Insider trading risk is not defined by intent, asset class, or company size. It is defined by how material non-public information is created, shared, and acted upon inside an organization.
For fintechs, that reality shows up in product decisions, partnerships, token activity, and everyday internal communication.
Regulators apply the same core principles across traditional markets and crypto platforms. When information moves faster than controls, enforcement risk follows.
Companies that understand where sensitive information exists and how it flows are better positioned to manage that risk in practice.
Ready to Get Started?
Schedule a demo today and find out how Regly can help your business.