MNPI never leaves the building.
HarmCheck Restricted List is the last line of defense against MNPI leaks, insider trading exposure, and conflict-of-interest violations. Here’s what happens when it works exactly as designed.
MNPI risk lives in the seconds before send.
Investment banks live with a structural conflict: bankers working on confidential transactions sit a few floors away from research analysts publishing public commentary, traders executing client orders, and salespeople pitching ideas. The information barrier between them is both a regulatory requirement and an operational nightmare.
Periodic training and quarterly attestations are not enough. The risk surfaces in the moment a single analyst, in good faith, drafts a paragraph that touches a name they didn’t know was on the restricted list. By the time legal sees the email, it has already left the building.
- 94 active restricted names spanning M&A, IPO, and confidential mandates
- 1,200+ analysts, traders, and salespeople with daily client communication
- Single MNPI breach historically equals 7-figure regulatory exposure plus reputational damage
Restricted List intercepts at the keystroke level.
The bank deployed Restricted List directly into Outlook, drawing from the company-managed restricted list as deal teams added and removed names.
When an analyst began drafting external research that referenced a restricted issuer, the system intercepted the draft before send, displayed an explanation tying back to the firm’s information barrier policy, and routed the message to compliance for review. The analyst was never blamed — the system simply prevented the breach from ever happening.
Breach prevented. Audit trail created. Regulator never called.
In the twelve months since deploying Restricted List, the bank has intercepted 387 communications referencing restricted names — every one of them caught before the message left the firm. None resulted in MNPI disclosure. None triggered a regulatory matter. None became a headline.
Equally important, every interception generated a complete audit record: which name was triggered, which policy was applied, which compliance officer reviewed the message, and what the disposition was. When the firm’s annual examination came around, the controls demonstrated themselves.
- 387 interceptions in the first 12 months — zero leaks
- Sub-200ms response time, invisible to the user until the policy fires
- Real-time sync with the firm’s authoritative restricted-name source
- Complete audit log delivered into compliance’s case management system
“We went from training-and-hope to a system that prevents the breach. The first time it caught one, we knew the entire investment paid for itself.”
More case studies
What if Citi used HarmCheck before the Lindsey lawsuit?
A 2023 federal complaint alleges years of threats, sexual harassment, and retaliation inside the Equities division. Every category named in the filing is exactly what Active Listening was built to catch — at the moment of draft, before send.
Fair housing case: 246,000 documents reviewed in six days.
In a fair housing suit against a city council accused of blocking a housing development, discovery produced three years of communications. Rapid Deploy ran the corpus at 20,000+ pages per hour — surfacing coded NIMBY language and pretext patterns with sentence-level citations.
See HarmCheck in your environment.
Every case study starts with a conversation. Tell us what you’re trying to protect, and we’ll show you exactly how HarmCheck would have caught it.
Request a Demo