Unicorn Blood: Why Private Company Governance and Controls Matter

“Corporate governance doesn’t matter until it’s the only thing that matters” is a phrase I find myself repeating whenever the latest corporate scandal breaks. This applies to private companies, too. Indeed, the bigger a private venture-backed company gets, the more important strong corporate governance and effective internal controls become. In this week’s D&O Notebook, my colleague Walker Newell, previously with the SEC’s Enforcement Division in San Francisco, explains why private companies continue to face government enforcement risks. He also provides some strategies for mitigating these risks to prevent sloppy corporate governance from becoming an overhang on your rapidly-growing business. –Priya

There is a strong supernatural strand in the American consciousness. Twelve percent of United States adults believed that the world would end in 2012. Twenty-one percent believe in witches. A whopping thirty-six percent believe in ghosts.

Here at the D&O Notebook, we respect all belief systems, including those based on oracle bones, power crystals, and the positions of the stars. Personally, I have seen no concrete evidence that witches or ghosts are real – but Congress seems very excited about UFOs these days, so who knows? 


Regardless of our deeply-held convictions about Bigfoot, we can all agree on one thing: Unicorns are real, and they have been multiplying. In 2013, when Aileen Lee coined the term, fewer than 50 domestic privately-held companies started in the preceding 10 years had a valuation greater than $1 billion. Today, there are more than 1,200 unicorns worldwide

In the Harry Potter books, it is a terrible crime to spill the blood of a unicorn. Securities regulators don’t see it this way. As we have reminded you in the past, the DOJ and SEC are happy to sue venture-backed private companies and/or their executives for securities fraud – even when the only harm is to sophisticated investors (i.e., wealthy individuals and large institutions). 

Regulators like to stay relevant. As private capital markets continue to grow in size and systemic importance, government lawyers will continue to hunt for unicorns (and smaller privately-held companies, too). A securities enforcement buzzsaw can stop your promising emerging business in its tracks, create personal financial headwinds for founders and board members, and even send you to jail.

For public companies, the best prophylactics against pesky securities regulators are a strong tone-at-the-top, an experienced legal and finance team, effective internal controls, and a robust compliance program.

The same is generally true for private companies. This is much easier said than done, however, especially for earlier-stage companies in hyper-growth mode. 

The trick is to walk [grow quickly] and chew gum [comply with the securities laws] at the same time. Also, if you want to go public in the future, it’s best to avoid trying to develop effective controls from scratch during the frenetic ramp to an IPO. Your future self will be grateful for the foundational controls that you put in place today.

Where should you start? I suggest (1) refining how you talk to investors about your company, and (2) focusing on having the right people in the right seats (finance, legal, and board) at critical junctures.

Talking About the Company: Take (Omni)Care & The Non-GAAP Trap

As anyone who has attended an earnings call knows, public company communications with investors are highly scripted. Private company communications with VC investors? In my experience, not so much. 

There are very good reasons for this. Unlike pension fund investors in public companies, it’s very rare for investment managers to sue privately-held companies in their portfolios. It’s also rare – but markedly less rare – for the SEC to investigate potential securities fraud by unicorns. Still, as they grow, venture-backed companies should get into the habit of carefully crafting their investor-facing communications. 

There are three main ways that you can get sideways with the SEC (and possibly the DOJ) as a privately-held company: 

  1. Steal investor funds meant for corporate purposes and spend the money on fancy things for yourself.
  2. Make false or misleading statements about your business or product.  
  3. Make false or misleading statements about the company's financial metrics

Number 1: Stealing

Number 1 is easy. Don’t do this! Also, the overlap between the executives engaged in theft and the executives reading this article is exactly zero.   

Number 2: Misleading Statements About the Business or Product

Number 2 is interesting because many entrepreneurs genuinely believe that they will permanently transform large industries and achieve wild success--and most are dead wrong. About 75 percent of venture-backed start-ups fail. If it were illegal to believe that you will change the business world and then run your start-up into the ground, there would be many founders in jail and many fewer smart young people clamoring to start new enterprises. Fortunately, this is not the law. 

Let’s look at a case study. Imagine you have an aggressive roadmap that you genuinely and honestly believe to be achievable. Assuming you don’t have information showing it is impossible for you to achieve your roadmap, it should be okay to tell investors that you believe you will in the future disrupt industries and achieve wild success if you execute successfully on your aggressive roadmap, which roadmap could be impeded by a variety of risks and uncertainties

Let’s unpack what I did here: 

  • First, the statement is an opinion. Based on a lovely Supreme Court case called Omnicare, it is very difficult for the SEC or investors to sue you for securities fraud based on opinion statements. You might still be liable if you were actively lying and didn’t actually believe that you could meet your roadmap, or if you knew about very bad facts showing that it was impossible to meet your roadmap. But generally speaking, it is very hard to base a securities fraud case on genuine statements of opinion.
  • Second, the statement is about the future and it is qualified (“if,” “risks and uncertainties”). Unlike public companies, privately-held companies can’t take advantage of the safe harbor for forward-looking statements under the Private Securities Litigation Reform Act. Even so, it’s hard for the SEC to show that qualified statements about the future are false or misleading, especially when they are also statements of belief. Under a moldy old judicial theory called the “bespeaks caution” doctrine, the courts are unlikely to find that forward-looking statements accompanied by meaningful disclaimers are “false or misleading.”

The big takeaway here:  

Don’t fake it until you make it. Be honest with your investors about what you have actually built today and what you still haven’t built but want to build; your optimistic (but actually achievable) future plans and how you intend to achieve them; and the kinds of risks that might prevent you from doing so. 

Develop good investor relations and communications hygiene at an early stage. Your seed investors won’t be parsing your words to see if you made a forward-looking opinion statement. But as you continue to grow, bring on more investors, and start to think about liquidity events, your risk will gradually increase. With great power comes great responsibility: You need to be sure your statements to investors and the public will stand up to real scrutiny. 

Number 3: Misleading Statements About Financial Metrics and KPIs

The best bulwark against accounting errors is a strong technical accountant who really understands your business. We’ve already established that you need a strong and stage-appropriate CFO or finance leader. It may be that in your company’s early stages, the business is very simple and it does not make sense to devote a lot of resources to the accounting function. Keep an eye on this assumption as you grow and add new products, revenue streams, and business practices that may add accounting complexity. You don’t want your non-technical capital markets-focused CFO handling tricky judgment calls on how to account for multimillion dollar transactions.

Non-GAAP metrics and KPIs are an important tool for growth companies. Generally speaking, you can calculate and tell investors about any non-GAAP metrics that are relevant to your business and you can define them however you want as long as they are accurate and not misleading. This allows for transparency, flexibility, and creativity in presenting your business to investors. It can also create securities enforcement risk if you get cute or sloppy. 

The SEC has created a variety of requirements for public companies who choose to present non-GAAP metrics to investors. While these requirements do not apply to non-reporting companies, they provide helpful guidance in thinking about what not to do when disclosing non-GAAP metrics as a private company. 

Here are some of the key areas you should be thinking about:

  • Do your investors know what your non-GAAP metrics mean and how they are calculated?
  • Have they ever asked you about your methodology? Have you answered those questions fully and accurately? Does your methodology differ from the way that other companies calculate similar metrics?
  • Have you clearly explained that non-GAAP financial metrics are, in fact, non-GAAP? If, for example, you want to report revenue-related metrics in a way that does not comply with GAAP revenue accounting, do your investors understand that this is what you are doing?
  • Do you apply a consistent methodology to calculate each of your non-GAAP metrics?  For example, if you are reporting daily active users, have you always used the same criteria to define a daily active user? If you have made changes to your methodology over time, have you explained this to your investors? 

Personnel Is Policy: Who Is Thinking About Oversight and Risk?

Under the federal securities laws, CEOs and CFOs of public companies must attest to the accuracy of audited financial statements. Of course, before a CFO can attest, that CFO must exist. In the land of unicorns, many of the most prominent securities fraud cases have involved private companies that, despite eye-popping valuations, lacked CFOs. 

In general, I think most private company operators and investors understand the importance of a strong leader in the finance function. However, this is not something that you can simply set and forget at Series A. When you have $10 million in revenue, your finance leader will need to spend a lot of time on raising capital, strategy, and cash management. When you are 12 months away from a potential IPO with $100 million in revenue, your CFO will need to be laser-focused on building the teams, policies, procedures, and controls needed to be ready for public company scrutiny. 

At each stage in your corporate lifecycle, your finance leader should be thinking carefully–in conjunction with your legal team (see below) – about risk mitigation. This includes the risk posed by securities regulators. 

The same is true when it comes to your legal team. Commercial lawyers and transactional lawyers can make great GCs–and they may also need support to effectively mitigate regulatory and compliance risks. For many companies, it doesn’t make sense to hire an experienced corporate securities lawyer (whether in the GC function or otherwise) until the immediate ramp to IPO. But your earlier stage GC or GC-equivalent lawyer should still be thinking carefully (see above) about how you calculate your KPIs, how you talk with investors, and corresponding securities law risks. 

Last but not least, let’s talk about the board. Independent directors are increasingly common on private company boards. That’s good for securities enforcement risk mitigation. Independent directors can help to drive better governance and enhanced accountability. Effective oversight can mean the difference between identifying an issue and addressing it early, internally, and quietly, and having a messy public scandal on your hands years later. 

The Flight of the Unicorns: Entering the Public Markets

In recent years, commentators have been quite verklempt about the declining number of publicly-traded companies. As we have discussed, it is certainly true that private capital markets have grown – and will probably continue to grow – in importance. Nevertheless, for many companies, the opportunities for liquidity and growth offered by the public markets will remain attractive.

While government securities enforcement risk is real, it remains quite low for most privately-held companies. To keep the risk low as you scale your business, make sure that the right people are focused on simultaneously scaling up your policies, procedures, and controls. This becomes especially important when you are a year or so away from a potential IPO. 




Table of Contents