Private Company Compliance: Investigations, Regulations, and Litigation

Author(s): Louis Lehot Thomas F. Carlucci

Louis Lehot
5 min readNov 17, 2023

Foley recently co-hosted an NACD “Private Company Compliance” webinar on the issues that directors of private companies should care about. In this episode, we focused on the increasing importance of supervising the implementation of a compliance function in the private company context.

Foley & Lardner’s Silicon Valley-based corporate partner Louis Lehot moderated the digital discussion in conversation with panelists:

  • Scott Kupor from Andreessen Horowitz (managing partner at Andreessen Horowitz; lecturer at Stanford University Graduate School of Business; board director at Cedar, Headway, Pearl Health, Ultima Genomics, Foursquare, Labster, Journera, SnapLogic, MIO Partners Inc., The Global Impact Investing Network, Silicon Valley Community Foundation, St. Jude Children’s Research Hospital, and Gensys Works)
  • Jeff Thomas from Nasdaq (executive vice president of corporate platforms, Nasdaq Inc.)
  • Claudia Fan Munce from NEA (board chair of the National Venture Capital Association Northern California and the Global Corporate Venturing Institute, advisor to the American Advancement of Science Lemelson Fellowship, board director at Best Buy, and advisory board member of other global venture capital organizations, including LAVCA: The Association for Private Capital Investment in Latin America, Women in Leadership in Private Equity in China, Canadian Innovation Exchange, Savannah Fund in Africa)
  • Tom Carlucci from Foley & Lardner (partner at Foley & Lardner)

NACD organizers created the private company director series in collaboration with Foley & Lardner to foster greater educational programming for directors of private companies.

Providing the backdrop and context for this series episode was the number of shifting and changing factors related to compliance in early-stage companies. Over the last decade, we have seen:

  • the “Silicon Valley Initiative” launched by former Securities and Exchange Commission (SEC) chair Mary Jo White in 2016 and the enforcement division moving into the private company sphere;
  • high-profile compliance and governance failures at Theranos, FTX,and IRL;
  • more aggressive SEC enforcement with over 760 enforcement actions in 2022, including hundreds of stand-alone, follow-on, and individual actions running the gamut from failures of conduct to “first-of-their-kind” to cases charging trading securities law violations; and
  • money ordered in SEC actions comprised over $6 billion, almost doubling the prior year’s amount.

More broadly, and beyond just compliance, we have seen dramatic changes in the venture capital industry over the past year, including the Silicon Valley venture market in free fall (absent a big Q4, deals are on track to be down by over 50 percent year over year). The initial public offering (IPO) window is slammed shut, and there are very few exits. In the fourth quarter of 2023, we see an increasing percentage of down-rounds, stock-for-stock mergers, asset sales, and other financings by other means after 2022 of extension rounds, convertible notes, and simple agreement for future equity (SAFE) rounds.

We are also seeing layoffs, shutdowns, and bankruptcies. When companies go down, go under, or crash, we then often learn that compliance was never present in the company. We have seen a fraudulent scheme to propel valuation to over $1 billion by falsely inflating key financial metrics and controlling internal sales records. In another case, we have seen an alleged scheme to defraud investors and lenders by making material misrepresentations, including impersonation of a business partner. We see disputes boiling over in the boardroom, demands from investors and employees to investigate potential wrongdoing and breaches of fiduciary duties related to down-rounds and sales, and allegations of waste of corporate assets, unjust enrichment, and fraud. In a recently concluded criminal case in New York, a local Silicon Valley product was convicted of one of the most audacious frauds in history. Panelists shared that venture capital, venture debt firms, and bank lenders are establishing internal functions to monitor the status of investigations at portfolio companies as the numbers of active government and internal investigations, even in the private company context, are proliferating.

Tom Carlucci noted that the potential to win huge payouts under government-funded whistleblower programs was an important factor in the increase in investigations and government enforcement actions. Previously, companies would not expect that employees and other parties not participating in a transaction would be potential whistleblowers, potentially with vast sums of money to be gained, and yet familiarity with these programs is driving more employees to see them as lucrative and call the government. According to Carlucci, well-designed compliance programs deter failures and ensure that the consequences are isolated to the wrong-doer and don’t bring down the whole company.

Scott Kupor noted that legal and regulatory challenges are one of the most significant causes of a startup’s failure, cited more frequently than poorly performing products or underperforming teams. Kupor shared examples of companies that had succeeded by designing compliance in the beginning and startups that had failed for lack of the same. Kupor encouraged directors to view a strong compliance culture as a competitive advantage in the business. He also cited Rob Chesnut’s seminal book, Intentional Integrity, as required reading. Other panelists cited Kupor’s book, Secrets of Sand Hill Road.

Jeff Thomas shared the thinking behind Nasdaq’s rules requiring listed companies to have a code of business conduct, and panelists discussed how companies don’t need to wait until the alter of an IPO to adopt one. Setting forth a process by which employees, customers, and suppliers can report instances of potential issues can help affected companies address problems early and isolate problems with wrongdoers rather than enable a culture of wrongdoing.

Panelists then discussed the role of the board of directors in compliance. Hailing back to our last webinar on raising, selling, or folding in the private company context, panelists recalled that the greatest role of a director in a private company is supporting the CEO and the company outside the boardroom, including customer, channel, and partner introductions; fundraising introductions; and recruiting and talent management. Panelists agreed that the whole board owns compliance and that directors can start by asking questions, especially when they do not understand.

Most private companies will follow a compliance implementation playbook from 18 to 24 months before a planned IPO. Still, with market windows unpredictable, panelists asked: Why wait until it’s too late?

Some pro tips shared by panelists:

  • Start small, but start now.
  • Add a compliance item to the
  • Add a compliance item to the standard board agenda.
  • Reserve five to 15 minutes at each board meeting for one discrete compliance topic.
  • Ask questions.
  • One size does not fit all.
  • Benchmark to what your competitors, suppliers, and customers are doing.
  • Engage with counsel and auditors, and stay informed.
  • Make sure counsel is in the boardroom.



Louis Lehot

Louis Lehot is a partner and business lawyer with Foley & Lardner LLP, based in the firm’s Silicon Valley office. Follow on Twitter @lehotlouis