As the director or officer of a private company, you may assume your position is relatively low risk compared to the executive management at a public company, which is subject to heavy securities regulation.
Despite the fact that private firms are spared from some of the costly securities lawsuits that plague public companies, the directors and officers of private companies face an agglomeration of their own unique risks and challenges. In many cases, these risks have even more fallout for private companies. A directors and officers liability (D&O) lawsuit can take a substantial amount of time and capital to defend, which can cripple or bankrupt a company.
To protect your private company from a costly lawsuit, understanding the areas where your business faces the most risk is the first step. Use this list as a starting point to identify the potential liabilities in your company so you can create or tailor a risk management program to attack these issues.
What D&O Claims Do Private Companies Face?
Private businesses of all sizes and in all industries are susceptible to D&O lawsuits. Plaintiffs include regulatory agencies, shareholders, employees, and customers and clients. One of the most financially damaging claims to a private company is an employment practices liability lawsuit.
Shareholders are especially a prime plaintiff for D&O lawsuits, as they often have a higher personal stake due to the typically limited number of investors in the company. Some types of lawsuits include the following:
- Merger objection lawsuits, filed by displeased shareholders when the company is or is about to be acquired
- Majority shareholders buyout the minority shareholders and then go public as soon as they own all the stock
- Freeze-out mergers, in which minority shareholders are forced to sell their stock for less than fair market value
- Breach of fiduciary duty, including self-dealing and conflicts of interest
- General business mismanagement and bankruptcy lawsuits
Clients and customers can claim that the company failed to deliver services, failed to disclose information, or disclosed materially false or misleading information. Even competitors bring lawsuits, accusing directors and officers of slander and defamation, which degrades the value of competing products or services.
Risk #1: Complying With Regulations
Although shareholder lawsuits and employment claims make up the bulk of D&O liability, regulatory litigation is a growing trend.
Recognizing the regulations that apply to private companies is a critical responsibility of executive management. Just because a corporation is not publicly traded does not mean it is exempt from complying with provisions in legislation, including the Dodd-Frank Act, the Foreign Corrupt Practices Act (FCPA) and the Sarbanes-Oxley (SOX) Act. It is generally advisable to work with an attorney to ensure your firm is complying with securities regulation.
- The Dodd-Frank Act—To protect the economy, consumers, investors and businesses, the Dodd-Frank Act was enacted to improve accountability and transparency in the financial system. The Act streamlines the regulatory process by increasing the oversight of those financial companies regarded as a risk, with the goal of ending taxpayer-bailout of those companies.
- The FCPA—This legislation focuses on both the accounting transparency requirements under the Securities Exchange Act of 1934 and the bribery of foreign officials. Alarmingly, your company could be violating FCPA without even knowing it, which usually occurs in emerging and fast-growing markets where private companies are increasingly venturing. Small and mid-size private businesses that are entering foreign markets for the first time and don’t have an in-house legal team to advise them should especially pay attention to the particulars of this Act.
- The SOX Act—Prompted by the major corporate scandals of publicly traded companies such as Enron and Tyco in the early 2000s, the SOX Act was created to protect investors in those companies by increasing the truthfulness in corporate disclosures. For private companies contemplating going public, understanding regulatory risks under the SOX Act should be key in your decision-making process. In some cases, you may want to consult an expert to ensure you understand the complexity of the provisions and regulatory requirements.
- Even if a private company does not plan to go public, it must adhere to two provisions in the Act: “Whistleblower Protection” and “Document Destruction.” Under the Whistleblower Protection provision, directors and officers must not retaliate against those who report suspected illegal activities in the organization. Under the Document Destruction provision, directors, officers and employees cannot destroy documents that are intended for use in official proceedings. Each state has specific regulations for how long documents must be kept.
Risk #2: Going Public
As a private business grows, at some point, it may consider becoming a publicly held company. Going public is the process of selling shares that used to be privately held to new investors for the first time. While going public can increase a company’s capital, it brings a stack of risks:
- Increased executive management responsibilities
- Increased director and officer personal liability for violation of securities laws
- Lack of confidentiality about the company’s affairs
- Expensive transactional costs
- Pressure for short-term profits and for the company to perform up to expectation
The following list highlights three ways for a firm to go public, including each option’s unique risks:
- Initial public offering (IPO)—Although it’s expensive, an IPO is the most common way for a company to go public. In addition to costing between 10 to 15 percent of the money raised by a company to go public, the process can also be time consuming, taking between six and 24 months. IPOs rely on market conditions; when the market conditions are poor, sometimes IPOs have to be withdrawn. Directors and officers face the risk of lawsuits, especially if the company doesn’t perform up to expectations.
- Reverse merger—Going public through a reverse merger usually involves less money and less time than an IPO. A reverse merger occurs when a private company merges with a public company—referred to as a “shell”—that has no assets or liabilities; it’s simply an organizational structure that the private company can use. If the public company is already SEC-registered, this saves the private company time in registering with state and federal regulators.
- Reverse mergers aren’t infallible, though. Many companies either fail or struggle following a reverse merger, and there can be unforeseen liabilities with the shell company. Thoroughly investigating the shell company and its principles before merging is crucial. Also, beware of the price for the shell company; sometimes inexperienced buyers are unaware of market prices and wind up paying a lot more than the shell company is worth.
- Spin-off—Going public through a spin-off occurs when a public company sponsors a private company by distributing free stock of the private company to its shareholders. This action creates an opportunity for the new shareholders to then purchase additional stock on the open market. Similar to reverse mergers, spin-offs can also be risky when management miscalculates and one or more of the companies do not perform as well as expected. Whatever method a company chooses to go public, each brings risks that should be managed to avoid disasters that could impede growth and success.
Risk #3: Occupational Fraud
Since the 2008 financial crisis, reports of fraud at private companies has markedly increased. According to the Association of Certified Fraud Examiners (ACFE), 39% of private companies reported fraud in their company. Fraud can occur at all levels of the company, from senior management to frontline employees.
To mitigate the risk of occupational fraud, conduct background checks of all employees, including directors and officers, and educate employees with fraud training. Rotating employees among different positions may also help mitigate the risk of complicated fraud schemes that develop when someone has filled a certain role for a long period of time.
Minimize the Risk of a Lawsuit
Risk management is just as important for private companies, if not more so, due to fewer resources available to handle unexpected claims. Private company executives need to focus on anticipating change and subsequently managing the new risks that come with that change.
Most mid-size private firms lack a chief risk officer. Nonetheless, a private company should have a sound corporate governance program in place to identify, manage and monitor risks at all levels.
D&O Insurance
D&O insurance should be a part of every company’s risk management strategy, whether it’s a private, public or family-owned business. Because the cost of defending a lawsuit may exceed the net worth of most private companies, D&O insurance covers the risk of directors’ and officers’ personal assets that could be seized to cover the cost of their own defense, even if they are found innocent.
When purchasing D&O insurance, there are some things private companies especially should be aware of:
- Contractual liability exclusions—This exclusion is especially pertinent to private companies that have broad entity coverage under a D&O policy. Since contractual obligations are not liabilities imposed by law but rather an obligation that is voluntarily undertaken, many D&O policies have an exclusion that prevents insurers from having to cover contract-related claims, especially breaches of contract that arise when the company enters into a contract with another party. This is usually one of the most contested provisions in a private company’s D&O policy.
- Duty to indemnify versus duty to defend—Does your company have indemnification for executive management? With the duty to defend, the insurer selects the defense counsel and controls the defense. The duty to defend can be found in most D&O policies.
