The Compliance Question Most Firms Miss Before Using an Expert Network

Most research directors and strategy consultants ask the right questions about an expert network before they engage one.

Turnaround time, network depth, screener quality, cost — these come up early and get answered. The compliance question tends to surface only after something has already gone wrong.

By that point, the conversation has shifted from research methodology to legal exposure, and the agency is answering questions it is not positioned to answer confidently.

That matters more now than it did five years ago.

The SEC brought 784 enforcement actions in fiscal year 2023, including multiple insider trading and MNPI cases, and has publicly stated that advisers are expected to design controls specifically around MNPI risk, not rely on broad policies written for other purposes.

The SEC’s Division of Examinations has issued a dedicated risk alert identifying deficiencies in how investment advisers handle MNPI, with expert networks specifically named as a category where firms routinely fail to log and monitor calls.

More recently, enforcement commentary confirms the SEC is using Section 204A to penalise firms solely for inadequate MNPI procedures, even without proven insider trading.

For research directors, compliance in expert networks is part of the research infrastructure, not a procedural footnote. For insights partners and VPs, the methodology you sign off on is auditable, and the standards regulators and clients are applying have become specific.

Getting compliance architecture right before fieldwork begins is the infrastructure that lets the findings hold up when the client’s legal or compliance function decides to examine how the research was conducted.

Why Compliance Matters in Expert Network Research

Legal and Reputational Risks in Expert Interviews

An expert interview is a legally consequential event in a way that a panel survey typically is not. The respondent is a named professional with an employment history, current employer obligations, and potential access to information that is not public.

The agency commissioning the interview is operating under a duty of care to its client, and in many cases that client is subject to regulatory scrutiny of its own.

SEC guidance under Rule 204A, CFA Institute standards on expert network use in investment research, and GDPR obligations around personal data all create a compliance surface that extends well beyond the conversation itself.

Regulators have moved from general warnings to concrete exam expectations. SEC exam staff now explicitly require firms to log and monitor expert network engagements as part of tailored MNPI controls.

CFA Institute guidance treats the avoidance of MNPI in expert conversations as a professional obligation for investment analysts.

When agencies present findings to Fortune 500 boards, private equity principals, or regulated industry clients, how the research was sourced and governed is part of the professional credibility of the work.

NDAs and Confidentiality Safeguards

Ensuring Discussions Stay Within Legal Boundaries

A well-structured expert engagement begins with a non-disclosure agreement that runs in both directions. The expert agrees not to disclose confidential information belonging to their current or former employers.

The client agrees to use the expert’s contributions only within the defined scope of the engagement.

CFA Institute teaching materials note that expert network intermediaries commonly require both experts and clients to sign agreements around the handling of MNPI.

SEC exam staff expect advisers to log and review expert calls as part of their MNPI controls.

At Nexus, the NDA defines the legal perimeter of the conversation before the discussion guide is opened. That gives the moderator, whether Nexus-supplied or the client’s own trained facilitator, a documented basis for redirecting the discussion if an expert begins sharing information that falls outside the agreed scope.

AI goes through each transcript to see if there is a compliance issue post expert calls. There is a human moderator listening to each call of the client to ensure the conversation remains compliant. 

Clients may also supply their own NDAs, which Nexus maps directly into the expert workflow before any call is scheduled.

For research directors designing IDIs on sensitive commercial topics, including competitive intelligence, pricing strategy, or product development, the NDA is the instrument that keeps the conversation productive without creating liability.

Preventing the Sharing of Material Non-Public Information

Material non-public information (MNPI) is the compliance boundary that investment-adjacent research crosses most frequently, and that strategy and MR practitioners underestimate most consistently.

MNPI covers any information about a company that has not been made public and that would likely affect a reasonable investor’s decision if it were disclosed.

An expert who is a current employee of a publicly listed company, or who recently left one, may have access to revenue projections, product roadmap specifics, or partnership details that fall into this category, often without recognising that they do.

Adviser guidance is specific on this point: experts who are current employees or directors of public companies may possess earnings data, roadmap information, or strategic plans that must not be shared.

Firms are expected to log and monitor all such expert interactions. SEC enforcement commentary and exam letters describe expert network consultants as MNPI sources requiring tailored policies, with generalised insider-trading language explicitly regarded as insufficient.

At Nexus, experts complete a structured compliance briefing on MNPI boundaries before any engagement begins.

A Nexus compliance team monitors calls with the ability to intervene when restricted subject matter arises, because the downstream liability for crossing that line falls on everyone in the chain: the network, the agency, and the client.

Conflict-of-Interest Screening

Employment History Checks

Conflict-of-interest screening is the process of verifying, before any engagement begins, that the expert’s professional history does not create a conflict with the client’s interests or the research objectives.

This means cross-referencing the expert’s stated employment history against the client’s competitive landscape, supply chain relationships, current transactions, and any active litigation.

Regulators increasingly expect firms to evidence that they have identified and managed conflicts where individuals have overlapping roles with issuers or transaction parties, a standard that maps directly onto expert network use in M&A and commercial due diligence.

Conflicts are rarely obvious. A former employee of a competitor acquired two years ago, a board advisor to a company in the target market, or a consultant currently retained by a firm with a direct interest in the research outcome all represent conflict scenarios that a surface-level screener check will miss.

Preventing Same-Company Exposure

Same-company exposure arises when an expert has a current or very recent relationship with the client’s own organisation, a client of the client, or any party to an active transaction the research is informing.

This matters most in M&A and commercial due diligence contexts. An expert who has recently advised the target company or a competing bidder creates a structural information asymmetry that contaminates the intelligence gathered.

Expert networks managing this risk properly screen against known employment history and direct organisational relationships. They rely on written expert attestations for confidential non-compete obligations, since private employer contracts are not publicly accessible.

Nexus screens experts against these criteria before every engagement.

MNPI and conflicts often intersect where individuals hold multiple roles or advisory relationships with issuers that clients are evaluating, and the SEC has specifically flagged this intersection as an area where advisers’ controls are consistently weak.

The documentation of that screening process is what goes into the client diligence file, and it is what a PE legal team will look for first.

Anti-Corruption and Insider Trading Controls

Compliance Oversight on Every Call

Calls conducted through a compliance-forward expert network operate with structured oversight in place.

A defined set of subject areas, typically including forward-looking financial projections, unannounced transactions, regulatory decisions pending disclosure, and specific client-sensitive commercial data, are monitored throughout the discussion.

At Nexus, a dedicated compliance team monitors calls and is positioned to intervene when MNPI or conflict exposure appears.

For agencies running research that will inform strategic or investment decisions, this oversight layer demonstrates to the client that the intelligence-gathering process operated within a documented compliance framework.

Expert Compliance Training and Legal Safeguards

Before any engagement, experts recruited through Nexus complete a compliance briefing covering MNPI boundaries, employer confidentiality obligations, and anti-corruption considerations under frameworks including the FCPA and the UK Bribery Act.

The UK Bribery Act 2010 guidance stresses that organisations must have adequate procedures to prevent associated persons from committing bribery. It also emphasises that reasonable and proportionate payments, including expert fees, must be clearly documented as such.

Expert fees and engagement terms that are poorly documented create unnecessary exposure under that standard.

Practical MNPI programmes for advisers call for, at minimum, annual MNPI training, logging and monitoring of expert network engagements, incident documentation, and vendor risk assessments, all of which expert networks should be able to evidence for clients.

At Nexus, training is calibrated to the type of engagement. The compliance risk profile of a MedTech KOL interview differs from that of a commercial due diligence call with a former executive at a publicly listed company, and the briefing content reflects that difference.

Agencies that ask their expert network provider about the content and documentation of this training before engaging are asking the right question.

Data Privacy and GDPR Considerations

Protecting Personal Data During Expert Recruitment

Expert recruitment involves the collection, storage, and processing of personal data: names, professional histories, contact details, employment records, and in some cases financial information related to engagement fees.

Under GDPR, this processing requires a lawful basis, a defined retention period, and documented consent specific to the purpose for which the data is being used.

Expert-network specific GDPR commentary is direct: networks are data controllers for expert recruitment and must define legal bases, inform experts of purposes, and respect retention limits.

For many organisations sourcing professionals, “legitimate interests” is the appropriate lawful basis, but this must be documented and explained to participants, with their rights clearly communicated.

The nature and purpose of expert engagement is meaningfully different from panel participation, and the consent architecture governing it needs to reflect that distinction.

For MR agencies operating in European markets, or running studies involving European experts, the data processing chain from initial contact through final transcript retention needs a documented compliance architecture.

Managing Cross-Border Regulatory Complexity

Multi-country research involving experts across different jurisdictions creates compounding regulatory requirements.

GDPR applies to EU residents’ personal data regardless of where the processing organisation is located, and UK GDPR adds a parallel framework following post-Brexit divergence.

Studies involving US-based experts at publicly listed companies bring SEC and FINRA considerations into the picture, and advisers with global operations must meet both SEC rules and foreign regimes such as FCA Market Abuse Regulation.

Research directors running global IDI programmes need to know that their expert network provider has mapped these jurisdictional requirements and built them into the engagement workflow before fieldwork has already begun.

Audit Trails and Documentation

Recording Expert Calls and Transcripts

Whether an expert call is recorded depends on the consent architecture of the engagement and the jurisdictional rules that apply to both the moderator and the expert.

In most cases, recording with documented dual consent produces a transcript that serves both analytical and compliance purposes.

The analyst uses it to extract findings, and the compliance record uses it to demonstrate that the conversation remained within its agreed scope.

MNPI compliance frameworks now treat expert network engagements as auditable events.

Guidance for advisers recommends logging every expert call, keeping detailed notes or transcripts, documenting the MNPI briefing, and recording any escalations or incident reviews, because examiners may request all of this.

At Nexus, all calls are logged and transcripts are archived securely, accessible to clients and available for regulatory review.

For research informing regulated decisions, including investment committee presentations, regulatory submissions, or M&A recommendations, the transcript is part of the evidentiary record.

Maintaining Compliance Records for Audits

A complete compliance record for an expert engagement includes the signed NDA, the conflict-of-interest screening documentation, the MNPI briefing acknowledgement, the consent to record, the engagement scope definition, the call transcript or summary, and the fee documentation.

When a PE principal’s legal team reviews a diligence file, when a regulated client’s compliance function audits its research vendors, or when an agency needs to demonstrate to its own insurer that fieldwork was conducted within professional standards, this documentation chain is what the review examines.

Recent enforcement and exam reports make it clear that advisers are judged on whether they can show that expert calls were sourced through a network with documented MNPI, conflicts, and data-protection controls.

Expert networks that produce this chain as a standard output of every engagement are making the research defensible after the fact, which is when defensibility matters most.

The Brief You Send Before You Brief the Expert

Compliance architecture in expert network research does not get built during fieldwork.

It gets built in the selection of the network, the design of the engagement structure, and the questions an agency asks before the first call is scheduled.

SEC exam priorities and enforcement trends confirm that expert network use is a live regulatory focus, and the standard of oversight expected of advisers and their research vendors has become explicit.

Research directors who treat compliance as an afterthought tend to discover its importance at the worst possible moment.

That moment is when a client asks how the respondent’s credentials were verified, whether the expert had any conflicts, or whether the conversation stayed within legal boundaries.

The firms that ask those questions of their expert network provider before engaging are the ones who can answer them confidently when the client does.