The husband of a former BP merger and acquisitions manager has admitted making nearly $1.8m by using information he gleaned from eavesdropping on his wife’s phone calls while she worked remotely.
Tyler Loudon of Houston, Texas, pleaded guilty to securities fraud last Thursday, admitting to buying 46,450 shares of stock in the truck stop and travel center company TravelCenters of America after he heard his wife discuss her employer’s proposed acquisition of it, according to a complaint filed in the Southern District of Texas (SDT).
Alamdar S Hamdani, the US attorney for the SDT, said Loudon had pleaded guilty to securities fraud in the Justice Department’s criminal action. Loudon also reached a partial judgment with the SEC, which has filed civil charges against him.
Loudon’s sentencing has been set for May 17, and he faces up to five years in prison and a fine of up to $250,000.
Illegal share purchases
Loudon and his wife (who was not named in the court documents) were working remotely together in a small Airbnb during a trip to Rome in December 2022 as she handled BP’s possible acquisition of TravelCenters.
On February 16, 2023, TravelCenters of America announced that it had agreed to be acquired by BP, sending its stock prices soaring by 70.8%. At that point, Loudon immediately sold all of his stock, which he had bought without his wife’s knowledge, according to court documents.
Loudon’s wife told her supervisor, and she was placed on administrative leave and later had her employment terminated.
Loudon began buying TravelCenters of America stock in December 2022. Over the next seven weeks, he sold approximately $2.16m in positions from his individual brokerage account and Roth IRA to purchase more of the company’s stock, saying nothing to his wife, prosecutors said.
The SEC’s complaint said that Loudon’s wife had started to work on BP’s proposed acquisition of TravelCenters of America in early 2022. She and Loudon, who is employed at a publicly traded company, often worked in home offices within 20 feet of each other.
After the merger was announced publicly, the Financial Industry Regulatory Authority requested from BP a list of people who were “in the know” about the TravelCenters acquisition before it happened, the complaint said.
Around that time, Loudon’s wife mentioned to Loudon that BP’s lawyers were asking for personal information from a colleague. After she told Loudon that she thought other employees would come under similar scrutiny, he told her about his stock purchases.
Loudon’s wife told her supervisor, and she was placed on administrative leave and later had her employment terminated. She filed to divorce Loudon in June, according to the SEC complaint.
In addition to the fine, the SEC has asked the court to ban him from acting as an officer or director of any US-listed company.
GRIP comment
When working in an office, employers can exercise control by overseeing employees, maintaining physical control over documents, domains, files, and electronic devices, and ensuring that employees use its secure network. Also, meetings with employees or clients are generally conducted in the privacy of the employer’s office.
Some of that control is lost with remote-working arrangements – even if certain tracking can be conducted by monitoring computer and work-issued phone use. This means employers need to update their work-from-home policies and procedures to prevent all confidentiality concerns, even those that are uncomfortable to bring up.
“Be careful what you talk about in front of your spouse and other family members,” is not exactly the conversation compliance officers yearn to have with employees. But it has to happen. And that communication has to be blunt and repeated.
Training is essential and must include a description of the disposal procedure for confidential or sensitive business information (for example, are employees allowed to shred or dispose of documents at home?) and exactly how they must shut down and secure their remote workstations at the end of the day.
There must be a well-understood method for reporting missing devices, lost confidential information, and for admitting that confidential details were shared or might have been overheard.
Nothing changes the fact, though, that spousal conversations and interactions are unique, and the potential for misuse of data can be significantly underappreciated.
The message to employees is like the cybersecurity resilience one: It is everyone’s duty at the organization to protect the security of the business’s information so it does not suffer from any adverse consequences from the divulgence of trade secrets.
And everyone is charged with having a secure means for employee communication on work-related matters, especially anything that could be considered material, nonpublic information.
Legal counsel should assist with reviewing policies, practices, and procedures to ensure they are timely, provide adequate protection, and don’t illegally infringe on privacy laws.
And consider using this this case as an example in your training, memos, alerts, and so on. It has multiple negative endings and should resonate.