EX-11.1 5 exhibit_11-1.htm EXHIBI 11.1
Exhibit 11.1


INSIDER TRADING PREVENTION POLICY

As a publicly traded company, it is critical to our success that everyone read and follow CyberArk’s Insider Trading Prevention Policy. Insider trading is against the law, and all CyberArk persons have an obligation to refrain from trading in CyberArk’s and other public companies’ Securities when in possession of Material, Non-Public Information. This Policy covers your responsibilities and the preventive mechanisms that CyberArk, including any company within the CyberArk Software Ltd. group (CyberArk or we), has set in place to support them, such as Quarterly and Designated Blackout Periods, and ensuring that our Associates also comply with this Policy.
 
Keeping Informed 
 
Questions? Contact our
Chief Legal Officer &
Compliance Officer or
our Corporate Secretary
As with all our actions,
we strive for Continous
Improvement and revisit
this Policy periodically
Substantive updates and
changes to this Policy
will be communicated
via email
All documents
mentioned in this Policy
are available on the
Legal Portal

Overview
 
Doing What’s Best for CyberArk includes promoting the trust that our customers, investors and the public have placed in us as a public company traded on the Nasdaq Stock Market. Insider trading is illegal and can result in severe penalties for both the individuals engaging in the activity and the companies at which they work.

CyberArk has adopted this Insider Trading Prevention Policy (the Policy) to prevent insider trading, which is prohibited under U.S. federal securities laws. Generally, insider trading occurs when someone has access to Material Non-Public Information and uses that information to trade Securities to their own (or others’) advantage.
 
This Policy covers the following:
 
You are responsible for complying with insider trading laws at all times
 
The Policy applies not only to you, but to your Associates (such as family members)
 
You are prohibited from trading in CyberArk’s Securities while you have Material Non-Public Information about CyberArk, providing that information to others or making trade recommendations to others
 
You are prohibited from trading in Securities of any other company about which you have Material Non-Public Information that you obtained in connection with your employment by or service to CyberArk, providing that information to others or making trade recommendations to others
 
CyberArk Legal Portal — Insider Trading Prevention
You are prohibited from trading in CyberArk Securities during Quarterly Blackout Periods or Designated Blackout Periods
 
You must adhere to other restrictions on your trades in CyberArk Securities
 
Because the consequences of non-compliance are so severe, this Policy is designed to prevent even the appearance of improper conduct. Accusations of impropriety, even if unfounded, can damage CyberArk’s reputation, give rise to enforcement actions and lawsuits, result in lost business opportunities and negatively impact our value. All CyberArk persons must review this Policy carefully and comply with it. Non-compliance is grounds for disciplinary action, including and up to immediate termination.
 
Consequences of Insider Trading
 
You or your Associates could face:
 
Criminal penalties of up to $5 million
 
Imprisonment for up to 20 years
 
Civil fines or damages for up to three times the profit gained, or the loss avoided
 
Debarment from serving as a director or officer of a public company

You can be held personally liable for insider trading regardless of the size of the transaction and even if you have lost money. Anyone scrutinizing your transaction, including enforcement authorities, will do so after the fact with the benefit of hindsight.

Scope 

This Policy applies globally to all of the following:
CyberArk directors, officers, employees (including part-time or temporary employees), contractors or consultants who devote all or substantially all of their time to CyberArk and other part-time or temporary personnel (CyberArk persons or you). Directors and officers of CyberArk should be particularly careful before engaging in any transaction.
 
All of your Associates. An Associate is anyone who resides in your household (whether or not they are related to you) and any family member whose Securities transactions you control, direct or influence (whether or not they reside in your household). An Associate is also any entity that you may control, including a corporation, partnership or trust, unless the Compliance Officer or Corporate Secretary has reviewed that entity’s insider trading policies and procedures and confirmed in advance in writing that they are satisfactory.
 
2
Any other individual or entity, other than CyberArk persons, that the Compliance Officer has determined is subject to this Policy and who has been notified of such in writing.

For the purposes of this Policy, the Compliance Officer is CyberArk’s Chief Legal Officer & Compliance Officer (if the Chief Legal Officer is unavailable or personally involved in the transaction at issue, the Compliance Officer will be the Chief Financial Officer).

All directors and officers of CyberArk and their Associates, and any other individual designated by the Compliance Officer in writing, are subject to additional insider trading prevention measures detailed in this Policy’s Addendum for Directors, Officers and Certain Designated Employees.

Ownership
 
Compliance Is a Team Sport
CyberArk’s Board of Directors, specifically its Audit Committee, oversees CyberArk’s compliance program and receives periodic updates. The Board of Directors has adopted this Policy.
Management is responsible for setting the “tone from the top,” which includes setting a personal example, ensuring the compliance program has adequate resources and championing its success.
The Compliance Officer and Corporate Secretary are responsible for the day to-
day management of this Policy, including issuing internal guidelines and periodic updates.
Each of us is personally responsible for conducting ourselves in a way that aligns with CyberArk’s values, adheres to our written policies, and follows applicable laws. This includes speaking up when we have questions or concerns.

Prohibition on Trading When You Possess Material Non-Public Information
 
What Is Insider Trading?
 
Insider trading occurs when someone has access to Material Non-Public Information obtained through their employment or other professional involvement with a company and uses that information to trade Securities to their own advantage or in a manner that violates a duty owed to the source of the information.
 
If you have knowledge of Material Non-Public Information about a company that you obtained in connection with your employment by or service to CyberArk, you are prohibited under this Policy—and the law—from:
 
Purchasing, selling, gifting or otherwise transferring that company’s Securities
 
3
Advising others to trade or to refrain from trading in that company’s Securities (tipping)
 
Disclosing the Material Non-Public Information to any other person for the purpose of enabling such person to trade or to refrain from trading in that company’s Securities
 
Even if you were planning to buy or sell Securities before you became aware of Material Non-Public Information, or if you might suffer a significant financial loss by not trading – you must still not trade the Securities at that time.
 
Tipping: Providing Material Non-Public Information to another person who may trade or advising others to trade, on the basis of that information is known as “tipping” and is illegal. Anyone who “tips” or receives a “tip” can be held criminally and civilly liable under insider trading laws.

The best way to avoid “tipping” is to always maintain your duty of confidentiality to CyberArk, as required in our Code of Conduct and, if applicable, your agreement with CyberArk. As a reminder, any confidential information that you learn during your service at CyberArk, including Material Non-Public Information, should be protected and handled according to CyberArk’s policies and procedures.
 
What Is Non-Public Information?
 
Non-Public Information is information that has not been publicly disclosed.
 
Public disclosure of the information must occur in one or more of the following ways:
 
In a filing with the SEC, such as CyberArk’s current reports on Form 6-K or annual report on Form 20-F
 
In a press release issued by CyberArk
 
In a conference call open to the public with advance notice provided
 
Through some other broad release into the marketplace such as a report in a widely read website or on a widely available television program
 
Public disclosure does not occur when there is a limited announcement of information, such as an internal company communication, or an unauthorized announcement, such as an employee making an unauthorized comment on a social media platform.

One Day Rule. This Policy requires you to wait one full trading day after the disclosure of Material Non-Public Information about CyberArk before trading in CyberArk Securities in order to allow the securities markets an opportunity to digest the news.

4

What Is Material Information?
 
Information about a company is considered to be Material Information if a reasonable investor would consider it important when making a decision to buy, hold or sell that company’s Securities.
 
Examples of information that is commonly regarded as Material Information include:
 
Financial forecasts or earnings estimates, whether or not consistent with the consensus expectations of the investment community
Significant changes to previously filed financial statements
Unanticipated and significant changes in the level of sales, earnings or expenses
Significant borrowing or financing developments, including equity or debt offerings, tender offers or disposition transactions, impending bankruptcy, the existence of severe liquidity problems or credit rating changes

Examples of information that could be regarded as Material Information, depending on their potential impact or expected likelihood, include:
 
Significant mergers and acquisitions,
Important business developments, such as significant contract awards or cancellations, or loss of a significant supplier
A significant cybersecurity, data security or privacy incident
Key management or control changes
Important product developments, such as launch of a new line of business, or a product failure
Significant litigation or regulatory rulings or the launch of a material government investigation or enforcement action

These are only examples, and as you can see, the context matters in certain circumstances, as insider trading is an area that often requires specialized judgment.
 
Better Be Safe Than Sorry
 
You should consider any information that is likely to affect the price of a company’s stock or Securities, whether positive or negative, to be Material Information. Reach out to the Compliance Officer or Corporate Secretary for guidance on information you suspect to be material before you trade.

What Are Securities?
 
Securities are tradable financial assets and include:
 
A public company’s stock
 
5
A company’s traded bonds, notes, debentures, options, warrants and other convertible securities
 
Any derivative instrument of the above, meaning a financial asset that derives its value from the price of a company’s securities, whether or not issued by that company, including puts, calls or swaps
 
Note that this Policy does not apply the purchase, sale or holding of an interest in any publicly traded mutual fund.
 
Remember: All provisions of this Policy apply to CyberArk Securities.
 
The provisions generally prohibiting insider trading also apply to Securities of any other company, worldwide, about which you learn Material Non-Public Information in the course of performing your duties at CyberArk (for example, a customer data breach).
 
Prohibition on Trading in CyberArk Securities During Blackout Periods
 
What Are Blackout Periods?
 
A Blackout Period is a period of time during which you and your Associates are strictly prohibited from trading in CyberArk Securities, regardless of whether you personally possess Material Non-Public Information.
 
Blackout periods are frequently used by publicly traded companies as a means to reduce the risk of personnel violating insider trading laws. For example, imposing a blackout period is advisable during the time before the end of a quarter through the public release of a company’s financial results because many company insiders are in possession of Material Non-Public Information about the actual financial results.
 
Quarterly Blackout Periods
 
You and your Associates are prohibited from trading in any CyberArk Securities during our Quarterly Blackout Periods:
 
Quarter
Start Date and Time
(Eastern Time Zone)
End Date
(Eastern Time Zone)
Q1
March 20 at 12:01 a.m.
11:59 p.m. on the first full trading day following CyberArk’s release of quarterly financial results, which are furnished with the SEC on Form 6-K (according to CyberArk’s One Day Rule above).
Q2
June 20 at 12:01 a.m.
Q3
September 20 at 12:01 a.m.
Q4
December 20 at 12:01 a.m.

You will receive a reminder email prior to the start of each Quarterly Blackout Period (typically from CyberArk’s Corporate Secretary). Quarterly Blackout Period dates are also posted on the Equity Portal.
6
 
It is your responsibility to check to make sure that you are not subject to a Quarterly Blackout Period prior to trading in CyberArk Securities.

Designated Blackout Periods
 
Throughout the course of your work with CyberArk, you may be involved in or have knowledge of Material Non-Public Information that is highly sensitive, such as an upcoming acquisition or the launch of an innovative new product. During these events, the Compliance Officer may inform you that you are subject to a Designated Blackout Period. Like the Quarterly Blackout Periods, during this time period, you and your Associates are prohibited from trading in CyberArk Securities until the Designated Blackout Period has expired or you receive further written notice from the Compliance Officer. The existence of a Designated Blackout Period will not be announced to CyberArk as a whole and should not be communicated to any other person, except that, if necessary, you may tell your Associates that they must not trade in CyberArk Securities.
 
Remember: Even if you are not subject to any Blackout Period, you and your Associates are prohibited from trading CyberArk Securities whenever you believe you have Material Non-Public Information. If you are not sure whether the information you have is Material Non-Public Information, contact the Compliance Officer as soon as possible for guidance.

Application of This Policy to Specific Transactions in CyberArk Securities
 
Equity Incentive Plans
 
The Policy does not apply to:
 
The grant of equity awards under CyberArk’s equity incentive plans, or Equity Plans
 
The cash exercise of share options granted under the Equity Plans
 
The delivery of shares to any entity administrating the Equity Plans on behalf of CyberArk (for example, upon exercise of share options or vesting of restricted stock units)
 
The sale or forfeit of Equity Plan participants’ CyberArk Securities by CyberArk (or a broker/administrator acting on CyberArk’s behalf) to satisfy tax withholding obligations in a consistent manner (meaning, a CyberArk initiated “sell-to-cover” practice where relevant)
 
All other transactions in CyberArk ordinary shares that were obtained from an Equity Plan are subject to the restrictions in this Policy.
7
 
Employee Share Purchase Plan
 
This Policy does not apply to:
 
Entering into the Employee Share Purchase Plan, or the ESPP, and making elections under the ESPP
 
Making modifications to ESPP elections consistent with the terms of the ESPP
 
CyberArk’s purchase and/or delivery of ordinary shares to the participants in the ESPP at the end of the purchase period
 
Terminating participation in the ESPP consistent with the terms of the ESPP
 
The sale or forfeit of ESPP participants’ CyberArk Securities by CyberArk (or a broker/administrator acting on CyberArk’s behalf) to satisfy tax withholding obligations in a consistent manner (meaning, a CyberArk initiated “sell-to-cover” practice where relevant)
 
All other transactions in CyberArk shares that were obtained from the ESPP are subject to the restrictions in this Policy.
 
Gifts
 
This Policy does not apply to gift transactions for family or estate planning purposes, where CyberArk Securities are gifted to your associates.
 
Limitations on Post-Termination Transactions
 
If your employment or engagement with CyberArk ends during a Blackout Period (Quarterly or Designated), you and your Associates continue to be subject to the Blackout Period restrictions until it ends. Similarly, if your employment or engagement ends while you are aware of Material Non-Public Information, the prohibitions and restrictions in this Policy continue to apply to you and your Associates until that information becomes public or non-material.
 
Prohibition on Certain Transactions in CyberArk Securities
 
CyberArk considers it improper and inappropriate for you or your Associates to engage in certain transactions in CyberArk Securities. Among the reasons we prohibit the transactions listed below is that the trade could be inadvertently executed during a Blackout Period, or when you hold Material Non-Public Information, or that individuals who engage in these types of transactions may create a conflict of interest between the individual and CyberArk or its other shareholders.
 
The following types of transactions in CyberArk Securities are prohibited under this Policy:
 
Hedging transactions, including, but not limited to, short sales, puts, calls, collars, prepaid variable forward contracts and exchange funds
 
Transactions in derivatives of CyberArk Securities (such as puts, calls or other traded options)
 
8
Entering into, or maintaining, a standing order to sell or purchase CyberArk Securities at a specified price is prohibited during a Blackout Period. All standing orders must be cancelled as soon as a Blackout Period begins or is imposed on you
 
Holding CyberArk Securities in a margin account or pledging CyberArk Securities as collateral
 
Any other transactions that are speculative or short-term in nature, create an actual or perceived conflict of interest or bet against CyberArk’s future performance or short-term prospects, or could lead to a sale of CyberArk Securities while in possession of Material Non-Public Information
 
Interpretation and Enforcement
 
The Compliance Officer shall have the authority to interpret or update this Policy and all related policies and procedures (subject to the Board approving material revisions of the Policy). In particular, such interpretations or updates of the Policy as authorized by the Compliance Officer may include departures from the terms of this Policy to the extent consistent with the general purpose of this Policy and applicable securities laws.
 
Under certain, limited circumstances, an exception to this Policy may be granted by the Compliance Officer. If you wish to seek an exception, you must submit a request for prior written approval to the Compliance Officer detailing the circumstances and reasoning for your request. The Compliance Office has full discretion whether to grant an exception – any decision made by the Compliance Officer pursuant to this Policy shall be considered final, and the basis for a particular decision may not necessarily be disclosed by the Compliance Officer. Approval, if granted, must be in writing and in advance of the transaction’s execution.
 
This Policy is designed to help you comply with insider trading laws, but you are ultimately responsible for following applicable laws and regulations. The implementation and enforcement of this Policy, including any approved written exceptions, do not constitute legal advice and do not insulate anyone from penalties for violating insider trading laws.
 
Questions? Just Ask! 

Any questions about this Policy and its requirements should be directed to CyberArk’s Compliance Officer and Corporate Secretary (Donna.Rahav@CyberArk.com and Meital.Koren@CyberArk.com).

Document Management
Document Type
Global Policy
Name
Insider Trading Prevention Policy
Owner – Department, Function
Legal, Compliance Officer
Last Reviewed/Updated
November 5, 2024
 
9