[00:00:00] Speaker A: Foreign.
[00:00:12] Speaker B: Hi everyone and welcome to this live episode of the Cast Reacts. I'm your host, Bill Coffin. And once again it is my pleasure to introduce my partner in rapid ENC reporting at the sphere, Chief Strategy Officer Erica Salmon Byrne. Erica, we're back.
[00:00:28] Speaker A: We are back, Bill. Our fourth prediction market episode of 2026. Ish. At least the third of 2026. So it's the gift that keeps on giving.
[00:00:40] Speaker B: Well, it is. And before we get started, are you willing to lay a bet on how many more prediction market episodes we're going to do in 2026?
[00:00:46] Speaker A: I would not, Bill, because that would be a violation of our insider trading policy. Because I would, I would have access to that information. So no, I will.
[00:00:56] Speaker B: And thus we come full circle back to the whole reason why we're doing today's episode, which is a great. Well, great for us because it's quite, quite interesting. Not so great for everybody else involved, but really interesting news story that broke today that we're gonna be talking about. And it comes back to something that happened actually late last year. Way back in December, somebody made nearly $1 million on polymarket after winning 22 of 23 bets on what topics would rank on Google's annual list of the most searched terms.
It turns out that someone is alleged to be Google information security engineer Michelle Spagnolo. Apologies if I got the name wrong, but Michelle Spagnolo who had access to company data that tracked user searches according to a complaint filed by the Consumer Finance Trading Commission which said that Spagnuolo quote misappropriated confidential and valuable non public information from his employer and used that information to place a series of Google related bets on polymarket, a prediction market platform, end quote. Spagnolo now faces charges of of commodities fraud, wire fraud and money laundering. Now to those of you who are new to prediction markets like Polymarket, they work like a hybrid between investment markets and prop betting, right? So called investors buy shares in a yes or no or a or B outcome of a projected uncertainty such as will Avengers Doomsday make more than $100 million on its opening weekend? Or who will be the 2028 U.S. democratic nominee? Or will Arsenal or will Paris St. Germain win the UEFA Champions League? And so on. That last one is a stupid question because we all know it's going to be Arsenal anyway.
Prediction markets though have been around for a while, but they have exploded into multi billion dollar betting volume in recent years.
Polymarket does not forbid insider information except where doing so would create financial market manipulation and or violate applicable Laws. In fact, its CEO has specifically stated that the platform, quote, creates a financial incentive for people to go and divulge, end quote, new information, which creates an environment where insider trading is a feature and not a bug. Final note, before we get started on the conversation, Here is a 2022 settlement with the Commodity Futures Trading Commission, which regulates prediction markets, prohibited U.S. users from placing bets on polymarket. But since the platform runs on cryptocurrency and anyone with a VPN can still access the site, that prohibition is not going to stop determined users. So, Erica, with that background out of the way, are you ready to get into the details of today's. Today's conversation?
[00:03:27] Speaker A: Yes, let's get into it, Bill, because there's a lot to talk about.
[00:03:31] Speaker B: Well, first question I have for you is what are we to make of the coordinated government efforts on this one with regards to how seriously they're taking the misuse of inside information in prediction markets? It looks like the doj, the CFTC, and FBI all got involved in this 1.
[00:03:45] Speaker A: The DOJ, the CFTC, and the FBI did all get involved in this one. The complaint, Bill, where you and I are going to be pulling some of the facts today is this is specifically the CFTC complaint, but we are also dealing with a criminal DOJ indictment here. So the CFTC is going after civil penalties, disgorgement, things along those lines. DOJ is pursuing this case criminally and specifically cited the good work of the FBI being involved in this. And the other thing I would note here is to that trifecta of cooperating government agencies, I would also add the legions of Poly Market users who are looking for things like this because part of what started this whole process, and I think, you know, if you look at some of the news reporting, part of what led to the FBI's involvement in the first place was the number of users who raised an eyebrow at just how successful this one particular Polymarket account was. Alpha Raccoon was Mr. Spagnolo's handle on Polymarket. Alpha Raccoon had a almost perfect hit rate on the contracts that it participated in.
And that caused people to be a little suspicious, kind of. Bill, for. For those of you who remember the weather episode that Bill and I did where we talked about the Paris weather stations, right? In that case, it was the Paris weather nerds that noticed that the temper at Charles de Gaulle were a little funky and they raised their hand and said, something's not right here. So we do have an element of self policing that is happening with the prediction markets as well, that led to some of these charges. So I think it's an interesting collaboration between the users on the system who are trying to maintain fairness as well as these government agencies that are looking specifically, specifically rather at the misuse of confidential information.
[00:05:35] Speaker B: Indeed. Now, my second question is the CFTC complaint and let me just stop for a second here. Just in the interest in mutual, you know, accountability and transparency, I think actually, I think actually in my haste as you jumped in this thing, I said Consumer Finance Trading Commission initially. So I apologize for that mistake. That was completely wrong. I don't know where that came from, but I just want to call it out. And you know, anyway, we just said the nerds will save us. I don't want the nerds coming for me for getting it wrong. I'm on progress.
[00:06:00] Speaker A: Yes, our apologies to the good folks at the CFTC.
[00:06:03] Speaker B: Exactly. You deserve it.
Yes, yeah, 100%. But anyway, the CFTC complaint specifically calls out the steps that Google took to manage their inside information risk here, including marking things properly, training employees, getting certifications, et cetera. So, Erica, what can other companies take away from how Google approach this and what should companies take away from how regulatory enforcement agencies appear to be treating the degree to which companies are trying to manage this novel risk proactively?
[00:06:32] Speaker A: Yeah. So, Bill, what we see in the CFTC complaint is a, is a particular citation to a couple of steps that Google took to, to basically demonstrate. The CFTC is looking to demonstrate in the course of its complaint that Alpha Raccoon knew exactly what he was doing and really, you know, goes to sort of more of a mens rea situation in terms of what the CFTC is, is looking to, to prove.
And so they specifically cited to the fact that Google did a very good job of its information controls. So the, the, the material on search results which he had accessed was very clearly marked in red. Google confidential. Right. It's not a situation where somebody could have been like, well, I just didn't know that this incredibly important company information was incredibly important company information.
They had done training on confidential company information that, that, that he had taken several, several times in a row. They had required certifications as to their confidential information. So the kind of very standard documentation controls that we have seen are the kinds of things that were specifically cited by the CFTC in the complaint that Google had done to the, the thing that I would layer on and the thing that, if I were a ethics and compliance professional listening to you and I particular circumstance that I would be asking myself is what have I done the Analysis to understand what is my version of this kind of information.
So it's one thing to have the right documentation controls, it's one thing to have the right systems access permissions in place.
But that's just step one. So much like, and this is a case that you and I have not reacted to yet, Bill, but the insider trading case with the, the law firms where you had people who were logging into deal systems and one of the factors that was particularly called out was the lack of a review of those logs to say, hey, is anybody else looking at these things that shouldn't be looking at them? Right? The, the, the, those particular documents in that case it looks like were accessed in read only state and the systems were set so that read only access was not tracked. So nobody really knew that the wrong people were looking at things. So the next step past the confidential information controls that Google had in place that I would highlight Bill, would be how are you thinking about reviewing for really critical pieces of information where there would be a temptation to potentially act inappropriately. How are you looking at who's looking at that stuff and asking yourself does this person have a business need to know?
And that really goes to the next question, Bill, which is, you know, another thing that is the topic of much discussion right now and that is how do I monitor for this risk, right? How do I think about this as a company risk? Because yes, Google was a victim here, but it's still Google's name in the headlines. And so from a reputational perspective, right? What, what can we take away from this particular scenario? That's kind of what Efficast reacts is known for after all, right.
So one of the things that I would flag for anybody that's listening into you and I is how do I think about my version of this kind of information. So in this particular case, what, what was being bought and sold were contracts on the, Google's year in releases. So everybody every year really interested in what is, you know, what is the year in search, what does it look like, what were people looking for, what were people searching for all of those kinds of things.
What's your version as a company of year end and what are the contracts that might be trading on these platforms that you could potentially monitor to think about what it means, you know, what, what might be happening and, and who might be accessing, potentially accessing information.
Because if you don't do that then there's information out there that you are going to get caught flat footed by. So take advantage of the fact that the platforms make it really easy to track and trend. I can, you know, I can pull Kylie and Polymarket up today and take a look at what's tracking and trending and then ask yourself, okay, if this particular issue is tracking and trending, how should I be thinking about who might be accessing that information internally? Are there long shot contracts that I should be thinking strategically about? Are there, is there a pattern of behavior that I should be thinking about? Because the other thing I'll call out for you, Bill, is Kelsey in particular has a really well done website on insider information on their platforms with reporting information.
So if, if there's something happening with a particular contract related to my company, wouldn't I much rather be able to get out in front of that myself than to have somebody go to Kalshi and say, hey, I, I think my buddy four cubicles down accessed the HR information so that they could bet on the how many employees will X company have by the end of Q2? Because that's a contract that people are, you know, buying and selling on right now is how many people will work for fill in the name of large company. And so how do you, as an ethics and compliance professional get out in front of this risk with monitoring that is easier and easier and will eventually become the expectation of the regulators?
[00:12:06] Speaker B: Yeah, for sure, for sure. You know, Erica, I've been thinking about this a lot. Well, I've been thinking about this a lot in general, but this particular case and in recent days and looking at the, looking at prediction markets through the fraud triangle and looking at you've got the rationalization piece, you've got the pressure piece, you've got the opportunity piece. And the thing that always worries me is that like the very nature of the way prediction markets are set up, Polymarket in particular, really, it's just a broadside against that rationalization part of the triangle. Right there's. So, you know, it's really quite awful. But you know, what you just mentioned was, you know, on the opportunity piece, if you're an organization, you're proactively monitoring for this sort of thing and you can see the kinds of risks that may pop up or if you're aware of a bet involving your organization that arrives, that strikes me also as a communications opportunity within your organization to talk to and actually kind of address that rationalization piece as well. Not just from a purely compliance space, but from an ethical space and from a culture space as well. And I think organizations have an opportunity there to shore that up because the prediction markets absolutely will not do that. For you?
[00:13:14] Speaker A: Yeah, yeah. No, Bill, I think it's a really good point. And, you know, it's kind of like, and this is maybe not the most elegant example, but I'm going to use it anyway. The impact on an employee who, who is tempted to round their cab receipts of a T and E audit back in the day. So, you know, if I know you're watching polymarket, if I know you're watching Kelshi, because you've told me, hey, we've gone back and we've looked at the last six quarters and we've noticed there's a trend where people are taking bets at the end of each contract, at the end of each quarter on how many employees are going to be working at the company at the end of the quarter.
Just a reminder, personnel information is confidential company information. And if we see that people internally are buying and selling based on insider information, we will take appropriate action.
That is going to be enough to deter some of this behavior.
And in the event it does happen, it will be the kind of thing that gets cited as a good corporate practice when it comes to some of this, some of this regulatory activity that we're seeing.
[00:14:22] Speaker B: Indeed. Indeed. Well, it is always exciting to get on camera with you to do it at. The cast reacts. As I was saying before we got on camera today, I'm not happy for the chaos of the world that brings us together, but it's a good opportunity. Yes.
[00:14:34] Speaker A: We have an actual live LinkedIn live question that just came in via our live stream, so I'm going to stop and take it for a quick Christmas in May.
[00:14:44] Speaker B: What is it?
[00:14:46] Speaker A: So here's where should ownership see sit for prediction, market risk? Does it sit with compliance? Does it sit with legal? Does it sit with infosec? Does it sit with human resources or all of the above?
[00:14:59] Speaker B: Yeah.
[00:14:59] Speaker A: So this is a really good question and I don't know that we 100% know the answer to this question yet. So I'm going to. I'm going to separate it into two, two pieces, because I think we're going to see practices shake out over time. On the one hand, there's the policy piece, and the policy piece very clearly sits with ethics and compliance, potentially with assistance from Legal, even though this isn't really insider trading. So it probably more belongs in your confidential information policy or maybe in conflicts of interest, certainly in your code of conduct.
[00:15:28] Speaker B: Right.
[00:15:29] Speaker A: That's where this lives. That is the typical purview of the ethics and compliance team. So that's the sort of policy position, piece of IT comms on this is going to rest there. Training on this is going to rest there. The more interesting piece is going to be the monitoring piece. And the monitoring piece, I think is going to need to be a partnership. There's going to be, you know, if you are an organization that has a strong external communications team that is already engaging in monitoring of what's happening around the company, around the company's name, reputation, brand, what are consumers saying, what are stakeholders saying? Go to them and see if they're already looking at the prediction market data and if they're not, would it be easiest for them to do it for you? So, you know, you might very well internally have a very good partner on this already.
Similarly, on the, on the systems access piece, they are clearly, you're going to have to talk to information security, your IT team, some of those folks, to try and figure out, you know, if I've identified a risk, you know, what is our version of your. In review? Right. What is our version of your Spotify wrapped? What is our version of the Emmys or who's going to win the voice or any of these other things that are being, you know, are being traded on polymarket.
You know, that's, that's, that's one of the things to definitely look into is what, once you've identified that risk piece to then say, okay, who's, who's going to be able to help me monitor the markets and then who's going to be able to help me monitor employee activity to think about where my, where I might be seeing some of this risk? What are the systems someone might access if they were going to engage on this risk? And can I proactively communicate with those groups that are most likely to present me with this risk in, in the event that, you know, once I've done that analysis.
[00:17:08] Speaker B: Yeah, yeah, great answer about ownership. And, and I'll just, I'll just say, you know, from the, to, to quote you back to yourself, when you're talking about AI risk, you know, it's a time, you know, some time ago was you're speaking to the ENC community and said, relax, you've got this right. Like, one thing this community is really good at is, is rapid evolution to deal with a novel risk. You know, and I think in this particular case, you know, you know, apart from the controls aspect of it all, I think there's a significant cultural, you know, you know, quotient to this, to this whole thing from a risk perspective. And I think that, you know, this is a place where ENC teams are uniquely qualified to really lead the charge and to go, you know what, before the contagion of permissibility, you know, kind of infect your organization around this, ENC has got a really great opportunity to step in front of and going this actually a lot of this is really not okay and here's the reason why it's not okay.
And in so doing present the function as a vital piece of day to day life and the lived experience in the organization. So I think this is actually an exciting opportunity for enc, even as my heart breaks a little bit every single time I see prediction markets make the news again.
But we all know it's going to happen once again. So I'm sure you'll have a return to talk about this in a month or two. But until then, Erica, thank you so much for joining us on the program and thank you very much for being so generous with your thought leadership on this issue.
[00:18:26] Speaker A: Oh Bill, it's 100% my pleasure. And to echo what you just said to the E and C folks out there listening to listening in to us, you've got this. You know how to risk assess, you know how to communicate, you know how to monitor. And that's what you're going to have to do. So it's a just a as I said in one of my LinkedIn comments earlier today on this topic, you know, everything old is new again. This is just a different way of doing something that we've seen people doing before.
So don't panic.
[00:18:54] Speaker B: Well, for plenty of free ethics and compliance resources, especially around inside information and conflicts of interest, please visit the Ethisphere resource
[email protected] resources and if you enjoy the Ethicast Reacts format, and let's be honest, who doesn't? Then please be sure to head over to Ethisphere's YouTube page at YouTube.com ethisphere and check out the Ethicast Reacts playlist, which includes episodes on how the misuse of insider information in prediction markets has already created serious integrity issues within professional sports and, surprise, surprise, the highest levels of the US Government.
In the meantime, don't forget to subscribe to The Ethicast on YouTube, Apple Podcasts and Spotify for new episodes each week. And if you'd like to appear on the show as a guest to share your ethics and compliance success story, best practice or innovation, then please drop us a
[email protected] at thecast or hit up either myself or Erica on LinkedIn where we both spend an unhealthy amount of time.
That's all for now. But until next time, remember, strong ethics is good business.
