A recent enforcement action should serve as a reminder to companies to review their insider-trading compliance programs.

A recent settled administrative proceeding against Merrill Lynch should serve as a reminder to all companies to review their programs and make sure they’re tailored specifically to their business, says Tom Gorman, a partner in the law firm Porter Wright Morris & Arthur and a formerly an attorney at the Securities and Exchange Commission.

As Gorman notes in his blog, the SEC settled an administrative proceeding this month involving Merrill Lynch based on the firm’s failure to have adequate procedures regarding its “squawk box” to prevent day traders from overhearing and using material non-public information regarding unexecuted institutional orders.

That case, along with a 2008 report of an investigation issued last year regarding the Retirement System of Alabama, suggest that “the prudent approach for issuers is to carefully review the adequacy of their procedures for handling inside information,” says Gorman. Those procedures should be carefully tailored to the specific business of the company.

Insider trading is “a huge enforcement priority for the SEC and the Department of Justice,” says Gorman. Moreover, current market conditions mean “we could have the makings for people with that kind of information being tempted to trade,” he says.

Part of the problem, Gorman tells Compliance Week, is that companies “tend to put in a program and forget about it, or they buy an off-the-shelf program that’s not tailored to their specific business or to the kinds of things the government is looking at.”

Gorman says companies should look carefully at the material non-public information they have, and how they control it and limit its use to make sure people don’t abuse it. In addition, they need to revisit their insider-trading compliance program periodically to make sure it’s kept up with how their business has changed.

For example Gorman notes that the SEC has been focusing on 10b5-1 plans in recent years, and enforcement officials have suggested that they might look to bring cases in that area. “Companies that have those plans for executives should take a careful look and make sure they’re put together right,” he says.

As part of its settlement offer, Merrill agreed to cease and desist from committing any violation of Section 15(f) of the Exchange Act and Section 204A of the Advisers Act, and to implement a series of procedures to restrict and maintain the confidentiality of client information transmitted over the squawk box. Merrill was also censured and ordered to pay a civil penalty of $7 million.

In the case of the Retirement System of Alabama, which didn’t have an insider-trading compliance program, Gorman says “putting a good program in place helped them settle the case.” The SEC last year resolved that insider-trading investigation by issuing a report, rather than bringing an enforcement action, in view of the fact that the Retirement System adopted extensive procedures governing the use of material non-public information.