Sarbanes-Oxley: What It Means for Private Companies and ESOPs


Author(s) ,

The Journal of Employee Ownership Law and Finance

The passage of the Sarbanes-Oxley Act will have an effect on certain private companies and ESOPs.  ESOP sponsors, administrators, trustees, and lenders need to be aware of the Act's requirements--the failure to abide by them can result in severe penalties.  Apart from the specific legal requirements, the Act has also led the way for private companies to consider and adopt special provisions on corporate governance and to establish best practices.

By now the media has been saturated with articles about the Sarbanes-Oxley Act (the "Act") and its effects on public companies. While the Act was adopted in response to accounting and corporate governance scandals at Enron, Worldcom, Tyco, and other large public companies, its ramifications may extend to certain types of private companies as well.

Privately held companies with an employee stock ownership plan (ESOP) may be uniquely affected by the Act. Certainly, they need to consider the effect of the Act on matters of corporate governance in the same manner as any other private company that does not have an ESOP shareholder. The presence of the ESOP, however, means that there is a trustee, acting for the ESOP, who has an especially keen interest in ensuring that the private company practices good corporate governance. In addition, the Act has implications for the ESOP itself as an employee benefit plan.

Companies That May Be Affected by the Act

Private companies falling into the categories noted below should be on the lookout for increased corporate governance requirements:

  • Private companies preparing for an IPO. Many provisions of the Act apply as soon as a company files a registration statement under the Securities Act of 1933 (the "1933 Act"), even if the registration statement is subsequently withdrawn. Advance planning for companies contemplating such a filing is critical. Underwriters expect that well-run private companies have anticipated the Act and implemented steps to ensure compliance before the registration statement is filed with the Securities and Exchange Commission (SEC ).
  • Private companies with registered debt securities. As interest rates remain at historically low levels, more and more private companies are taking advantage of registered debt as a part of their capital structures. These companies are subject to many of the provisions of the Act.
  • Private companies that may be targets of an acquisition by public companies in the future. Public companies must be mindful of the impact an acquisition of a private company may have on the public companies' continued compliance with the Act.
  • Private companies with large outside shareholder bases or with institutional investors. While not technically public, these companies have shareholder constituencies that may come to expect (or even demand) the standard of corporate governance prescribed by the Act.
  • Private companies with an ESOP as a shareholder. If a private company is primarily or wholly owned by an ESOP, the trustee, as the largest or sole shareholder, may have reason to require higher standards of corporate governance based on the Act. Although the ESOP trustee has basically the same standing and obligations as other shareholders, the trustee arguably can and should use the ESOP's shareholder rights to affirmatively assure proper corporate governance; certainly, the Department of Labor has informally taken this position. If the trustee, for example, fails to take action as a shareholder when it becomes aware that the company is not complying with proper standards of corporate governance, then as a matter of prudence, the trustee will likely have to take action as a shareholder to address the matter or face potential liability under ERISA. The trustee's insistence on compliance with the standards of corporate governance set forth in the Act may help establish that the trustee has acted prudently.
  • Private companies having to deal with venture capital investors, lenders, and insurers. An increasing number of venture capital funds, private equity investors, and commercial banks are requiring covenants in financing agreements relating to corporate governance matters. If the private company has a leveraged ESOP, the ESOP lender may seek such covenants.

Provisions That Apply to Private Companies

While most of the provisions of the Act apply by their terms only to public companies, some of the provisions also directly apply to private companies.

  • Criminal liability for document destruction. The Act provides for fines and/or imprisonment for up to 20 years for knowingly altering, destroying, concealing, or falsifying any record, document, or tangible object with intent to impede, obstruct, or influence the investigation or administration of any matter within the jurisdiction of any department or agency of the United States of any bankruptcy case under Title 11 of the United States Code. All private companies should either adopt or update their document retention policies now.
  • Increased penalties for securities fraud. The statute of limitations for federal securities fraud litigation has been extended to five years. In addition, debts incurred in violation of federal or state securities laws (or any common law fraud) are non-dischargeable in bankruptcy.
  • Increased liability for white-collar crimes. Any attempt to commit, or conspiracy to commit, an offense under white-collar crime or consumer protection laws is now punishable to the same extent as the underlying crime. Penalties for mail and wire fraud increased from 5 to 20 years. Penalties for certain ERISA violations are increased as well.
  • Liability for retaliation against whistleblowers. The act provides for a fine and/or imprisonment for up to 10 years for knowingly retaliating against any person, including interfering with employment of the person, for providing law enforcement any truthful information relating to any federal offense.

The following provisions apply specifically to retirement plans (although not ordinarily an ESOP):

  • Notice of benefit plan blackout periods. Plan administrators of plans with individually directed accounts must notify participants in writing at least 30 days in advance of any blackout period under the plan. A blackout period is generally any period exceeding three consecutive days when plan participants are precluded from directing their account assets. This should not apply to an ESOP unless it is a KSOP or has separate provisions for individually directed accounts.
  • Restrictions on loans to executive officers and directors. All public companies are prohibited from extending or maintaining credit in the form of a personal loan to any executive officer or director. As with the blackout periods, restrictions on loans, including plan loans, should not apply to an ESOP unless it is also a KSOP or otherwise has a feature that permits loans to participants. However, if plan loans are provided, the company should consider finding ways to compensate officers and directors that do not involve plan loans. In cases where loans are in place, it is critical to have a mechanism to extinguish those loans before the company goes public and files a registration statement under the 1933 Act.

Provisions That Private Companies May Wish to Adopt

In addition to the provisions summarized above that are directly applicable to private as well as public companies, there are many provisions in the Act that apply by their terms only to public companies but that establish good practices of corporate governance that private companies may wish to adopt, in full or in part:

  • Board of director independence. Major stock exchanges require at least a majority of independent directors on the board of public companies listed on those exchanges. Any private company considering going public will need to make arrangements for a majority of independent directors. Other private companies should also review their board composition to ensure that there is sufficient outside participation to permit the board to be viewed with integrity. Finding qualified independent directors can be time-consuming, so the process needs to be started well in advance.
  • Independent audit committees. Public companies are required to have an independent audit committee, with increasingly stringent requirements for independence. Private companies should consider establishing audit committees consisting solely of independent directors. Venture capital investors may wish to note that NASDAQ has proposed a rule that a director would not be independent for purposes of serving on the audit committee if he or she owns or controls 20% or more of the company's stock. Visitation rights, rather than or in addition to board participation, should be included in venture capital financing agreements.
  • Audit committee charter. An audit committee should have a written charter that specifies its role and responsibilities. Private companies should consider documenting what functions are delegated to the audit committee and what rights the committee possesses. In the absence of an audit committee, private company boards are advised to have a corporate compliance plan for the entire board that includes many of the provisions typically included in an audit committee charter.

Provisions That May Become "Best Practices"

The Act also contains provisions that may eventually become "best practices" that private companies may wish to adopt or emulate in order to be perceived as well-governed corporate institutions:

  • Code of ethics. The Act requires that public companies disclose whether they have adopted codes of corporate ethics and if not, why not. The obvious intent is to make such codes an accepted practice in corporate America . If these codes become commonplace, private companies should not ignore them. A corporation's defense to civil or criminal litigation is likely to be strengthened by the presence of a strong code of ethics that is diligently enforced.
  • Relationships with auditors. Historically company auditors have provided a variety of non-audit services to the companies whose financial statements they audited. The Act prohibits auditors of public companies from providing various types of non-audit services (such as bookkeeping, financial information system design, appraisal, valuation, or legal services) for their clients and requires other services to be preapproved by the audit committee. Private companies should review the types of non-audit services being provided to the company by their auditors and consider whether it might be more appropriate for those services to be provided by a third party in order to avoid any appearance of impropriety connected with the auditor auditing transactions that it assisted in structuring.
  • Other board committees. Exchange listing rules are requiring public companies to have separate committees on their boards, such as nominating, corporate governance and compensation committees. Private companies, especially those with larger boards, should consider whether some of the functions currently performed by the entire board would be better performed by a separate committee, composed of more independent members. Alternatively, they may wish to adopt board policies requiring certain types of decisions to be made only by the independent members of the board.

While the Sarbanes-Oxley Act principally applies to publicly traded companies, its contents provide useful guidelines for good corporate practices that are equally applicable to many private companies and that may well affect private companies that maintain an ESOP. We recommend that private companies, especially those falling into the categories listed earlier in this article, consider undertaking a Sarbanes-Oxley Act audit to consider which of the Act's provision might be appropriate for their consideration.