Foley Equipped
Insights

Private Company Compliance: Investigations, Regulations, and Litigation

We recently co-hosted an NACD “Private Company Compliance” webinar on the issues that directors of private companies should care about. In this episode, we focused on the increasing importance of supervising the implementation of a compliance function in the private company context.

Foley & Lardner’s Silicon Valley–based corporate partner Louis Lehot moderated the digital discussion in conversation with panelists:

  • Scott Kupor from Andreessen Horowitz (managing partner at Andreessen Horowitz; lecturer at Stanford University Graduate School of Business; board director at Cedar, Headway, Pearl Health, Ultima Genomics, Foursquare, Labster, Journera, SnapLogic, MIO Partners Inc., The Global Impact Investing Network, Silicon Valley Community Foundation, St. Jude Children’s Research Hospital, and Gensys Works)
  • Jeff Thomas from Nasdaq (executive vice president of corporate platforms, Nasdaq Inc.)
  • Claudia Fan Munce from NEA (board chair of the National Venture Capital Association Northern California and the Global Corporate Venturing Institute, advisor to the American Advancement of Science Lemelson Fellowship, board director at Best Buy, and advisory board member of other global venture capital organizations, including LAVCA: The Association for Private Capital Investment in Latin America, Women in Leadership in Private Equity in China, Canadian Innovation Exchange, Savannah Fund in Africa)
  • Tom Carlucci from Foley & Lardner (partner at Foley & Lardner)

NACD organizers created the private company director series in collaboration with Foley & Lardner to foster greater educational programming for directors of private companies.

Providing the backdrop and context for this series episode was the number of shifting and changing factors related to compliance in early-stage companies. Over the last decade, we have seen:

  • the “Silicon Valley Initiative” launched by former Securities and Exchange Commission (SEC) chair Mary Jo White in 2016 and the enforcement division moving into the private company sphere;
  • high-profile compliance and governance failures at Theranos, FTX,and IRL;
  • more aggressive SEC enforcement with over 760 enforcement actions in 2022, including hundreds of stand-alone, follow-on, and individual actions running the gamut from failures of conduct to “first-of-their-kind” to cases charging trading securities law violations; and
  • money ordered in SEC actions comprised over $6 billion, almost doubling the prior year’s amount.

More broadly, and beyond just compliance, we have seen dramatic changes in the venture capital industry over the past year, including the Silicon Valley venture market in free fall (absent a big Q4, deals are on track to be down by over 50 percent year over year). The initial public offering (IPO) window is slammed shut, and there are very few exits. In the fourth quarter of 2023, we see an increasing percentage of down-rounds, stock-for-stock mergers, asset sales, and other financings by other means after 2022 of extension rounds, convertible notes, and simple agreement for future equity (SAFE) rounds.

We are also seeing layoffs, shutdowns, and bankruptcies. When companies go down, go under, or crash, we then often learn that compliance was never present in the company. We have seen a fraudulent scheme to propel valuation to over $1 billion by falsely inflating key financial metrics and controlling internal sales records. In another case, we have seen an alleged scheme to defraud investors and lenders by making material misrepresentations, including impersonation of a business partner. We see disputes boiling over in the boardroom, demands from investors and employees to investigate potential wrongdoing and breaches of fiduciary duties related to down-rounds and sales, and allegations of waste of corporate assets, unjust enrichment, and fraud. In a recently concluded criminal case in New York, a local Silicon Valley product was convicted of one of the most audacious frauds in history. Panelists shared that venture capital, venture debt firms, and bank lenders are establishing internal functions to monitor the status of investigations at portfolio companies as the numbers of active government and internal investigations, even in the private company context, are proliferating.

Tom Carlucci noted that the potential to win huge payouts under government-funded whistleblower programs was an important factor in the increase in investigations and government enforcement actions. Previously, companies would not expect that employees and other parties not participating in a transaction would be potential whistleblowers, potentially with vast sums of money to be gained, and yet familiarity with these programs is driving more employees to see them as lucrative and call the government. According to Carlucci, well-designed compliance programs deter failures and ensure that the consequences are isolated to the wrong-doer and don’t bring down the whole company.

Scott Kupor noted that legal and regulatory challenges are one of the most significant causes of a startup’s failure, cited more frequently than poorly performing products or underperforming teams. Kupor shared examples of companies that had succeeded by designing compliance in the beginning and startups that had failed for lack of the same. Kupor encouraged directors to view a strong compliance culture as a competitive advantage in the business. He also cited Rob Chesnut’s seminal book, Intentional Integrity, as required reading. Other panelists cited Kupor’s book, Secrets of Sand Hill Road.

Jeff Thomas shared the thinking behind Nasdaq’s rules requiring listed companies to have a code of business conduct, and panelists discussed how companies don’t need to wait until the alter of an IPO to adopt one. Setting forth a process by which employees, customers, and suppliers can report instances of potential issues can help affected companies address problems early and isolate problems with wrongdoers rather than enable a culture of wrongdoing.

Panelists then discussed the role of the board of directors in compliance. Hailing back to our last webinar on raising, selling, or folding in the private company context, panelists recalled that the greatest role of a director in a private company is supporting the CEO and the company outside the boardroom, including customer, channel, and partner introductions; fundraising introductions; and recruiting and talent management. Panelists agreed that the whole board owns compliance and that directors can start by asking questions, especially when they do not understand.

Most private companies will follow a compliance implementation playbook from 18 to 24 months before a planned IPO. Still, with market windows unpredictable, panelists asked: Why wait until it’s too late?

Some pro tips shared by panelists:

  • Start small, but start now.
  • Add a compliance item to the standard board agenda.
  • Reserve five to 15 minutes at each board meeting for one discrete compliance topic.
  • Ask questions.
  • One size does not fit all.
  • Benchmark to what your competitors, suppliers, and customers are doing.
  • Engage with counsel and auditors, and stay informed.
  • Make sure counsel is in the boardroom.

Please watch the video below for a wide-ranging discussion on these topics.

Disclaimer

AUTHOR(S):

Louis Lehot
Thomas Carlucci

POSTED:

Subscribe to our newsletter
Subscribe

© 2025 Foley & Lardner LLP
Attorney Advertisement
Images of people may not be Foley personnel.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome.