Sarbanes-Oxley goes private
March 01, 2005
The chorus of public company grousing in reaction to the increasingly burdensome and expensive financial reporting and corporate governance requirements under Sarbanes-Oxley may soon extend to many private companies. This because certain important provisions of Sarbanes-Oxley actually do apply to private companies. Moreover, many private companies have been, and will increasingly become, subjected to tremendous pressure by institutional investors, underwriters, acquirors, banks and the courts to become more transparent and accountable, and less conflicted. The adequacy or appropriateness of any measures to achieve these goals will undoubtedly be judged by Sarbanes-Oxley’s actual requirements or certainly by its standards.
On July 30, 2002, President Bush signed into law the Sarbanes-Oxley Act of 2002 (“SOX” or the “Act”). The Act contains sweeping provisions intended to restore public confidence in the honesty and integrity of the public securities markets. These provisions include management assessment and auditor attestation of internal controls, restrictions on non-audit services by auditors, auditor rotation requirements, auditor cooling off periods, disclosure of audit committee financial experts, enhanced periodic review of filed documents by the Securities and Exchange Commission (the “SEC”) current reporting of certain material events and a prohibition on loans to officers and directors. The new financial reporting, disclosure and corporate governance requirements imposed by the Act and by related corporate governance initiatives from the SEC generally apply to public companies only, i.e., companies that have a class of securities registered with the SEC under the Securities Exchange Act of 1934. What has been commonly overlooked, however, is that certain of the Act’s key provisions are not limited to public companies, but rather are equally applicable to privately held companies.
SOX Provisions Applicable to Private Companies
The Act provides for criminal penalties for anyone who intentionally destroys, alters, conceals or falsifies documents or records with the intent to impede or otherwise influence a federal agency investigation or bankruptcy proceeding. The penalty for violation of this provision includes a fine, imprisonment of up to 20 years or both.
The Act also makes it a crime punishable by a fine and up to 10 years in prison knowingly to retaliate against any person who provides a law enforcement officer with truthful information relating to the commission or possible commission of any federal offense.
The Act also significantly increases the monetary penalties and prison sentences associated with convictions of fraudulent violations of ERISA reporting and disclosures obligations, and increases the maximum prison sentence for mail and wire fraud from 5 to 20 years.
The Act makes state and federal liabilities for violations of securities laws non-dischargeable in bankruptcy. This would apply to liabilities of private companies for failure to register securities and for anti-fraud violations.
The Act extends the statute of limitations for investors to file private actions against companies (including private companies) for securities fraud to two years after discovery of the alleged fraud and five years after the occurrence of the alleged violation.
Finally, Department of Labor rules promulgated under the Act require administrators of 401(k) plans to give employees at least 30 days’ advance written or electronic notice of any suspension of trading or access to funds in an individual’s account for more than three business days.
All of the foregoing provisions of the Act apply to all companies, public or private. In addition to being subject to these provisions, many private companies are beginning to be pressured by various sources to comply at least in part with many of the Act’s other requirements in order to become more transparent and accountable.
Companies Seeking Funding
Private companies looking to raise money from institutional investors will increasingly be affected by the Act and feel pressure to adopt voluntarily some of its concepts. (Companies seeking to raise money in the public equity markets will need to become SOX-compliant.) The desire of investment-seeking companies to make themselves more attractive candidates for investment will motivate them to adopt transparency and governance enhancing measures similar to those required under the Act. In addition, such companies should anticipate that institutional investors will increasingly demand additional information in the course of their due diligence investigations and insist on specific corporate governance covenants. Many venture capital firm managers serve on boards of directors of public companies and accordingly are being exposed to the new public company corporate governance culture. These investors also want to ensure that their portfolio companies develop a good corporate governance infrastructure and will be able to survive as a public company in the new corporate governance regime. These investors are also selfishly motivated by a desire to protect themselves and their portfolio companies from potential liability. Companies seeking private equity funding could also expect institutional investors to inquire about what if any internal controls are in place and whether the company has a code of ethics for management.
Owners of private companies, whether or not they are venture backed, may seek an acquisition of their company as a means to cash out their ownership interests. Aspiring acquisition targets will also feel pressure to adopt certain SOX-style corporate governance measures. The reasons are twofold. First, when a company is acquired, the acquiror typically inherits the liabilities of the acquired company, particularly when the deal is structured as a purchase of the company’s outstanding stock or as an acquisition by merger. Second, the acquired company’s financial information is typically consolidated with the financial results of the acquiring company. For these reasons, acquirors will be increasingly interested in whether or not a target company has good internal controls over financial reporting and sound corporate governance practices generally.
Many companies will be pressured into adopting meaningful corporate governance measures and becoming more transparent even if they are not seeking a liquidity event. Insurance companies will become increasingly concerned about corporate governance practices among their insured companies, particularly when writing policies for directors and officers liability insurance. Banks and other financial institutions will demand more transparency and have the leverage to impose stricter financial and other corporate governance covenants on their borrowers. Customers and joint venture partners who are themselves public companies may begin insisting that their partners operate in the same heightened corporate governance regime. Auditors will undoubtedly begin applying to their private company audits some of the enhanced procedures that they are now being forced to apply to their public company audits. Finally, courts will increasingly look to provisions of the Act, including those dealing with director independence and conflicts, as the standard by which directors’ conduct should be judged.
What private companies should do now
Private companies pressured to adopt better internal controls and corporate governance mechanisms and become more transparent, including companies seeking to raise private equity, companies looking to be acquired, companies contemplating going public, companies seeking bank financing and companies looking to secure adequate insurance, need to determine which SOX-type corporate governance mechanisms they should adopt. Best practices in this area are currently evolving, and will undoubtedly include most of the following recommended practices:
— Establishment of procedures allowing employees anonymously to report suspected fraud or other wrong-doing by management. The procedures should provide for the independent handling of any matters that are so submitted.
— Inclusion in the Board of Directors of at least two directors who are truly independent, i.e., individuals who are neither members of management nor tied in any meaningful financial, social or familial respect to senior management. These independent directors would assume the functions of audit and compensation committees.
— Ensuring that the company’s auditor is truly independent of management, and that the independent audit firm does not provide any non-audit services to the company.
— Adoption of policies to vet any conflicts of interest. Any transactions between the company and any of its officers or directors should be pre-approved by independent directors. This would include any loans to officers or directors.
— Establishment of a policy providing that no officer or director or anyone acting under their direction may mislead, coerce, manipulate or fraudulently influence an external auditor preparing an audit report for the purpose of rendering it materially misleading.
Many privately-held companies who believed they were spared from the heavy corporate governance and financial reporting burdens imposed by SOX on public companies may soon feel the pressure to assume voluntarily some of those burdens. Lawyers counseling private companies looking to raise capital or to be acquired would be well-advised to prepare their clients sufficiently in advance of liquidity events to adopt SOX-style measures to improve their transparency and corporate governance. The same advice would apply as well to any private company with a large shareholder base. The greater the separation between ownership and management, the greater the likelihood that the interests of these groups will diverge. Under these circumstances, managers will not always act in the best interests of their shareholders, unless a good infrastructure of transparency and accountability exists.
Mr. Kapen is a partner in the Corporate Department of Farrell Fritz, P.C. in Uniondale.
Reprinted with permission from Nassau Lawyer May 2005.
View the PDF