It is a point I have made before but it is worth saying again – private companies are not immune from scrutiny under the federal securities laws. In a series of recent enforcement actions – most notably the SEC’s March 2018 enforcement action against Theranos and two of its executives – the SEC has made of point of emphasizing that its regulatory reach extends to private companies. Last week, the SEC announced the resolution of another enforcement action against private company executives. The latest action, involving a failed Silicon Valley start-up, underscores the SEC’s readiness to pursue securities law violations by private company executives.



On April 2, 2019, the SEC announced that it has settled an enforcement action the agency brought against the founder and chief executive of Jumio, Inc., a private mobile payments company. In its complaint against the former CEO, Daniel Mattes, the SEC alleged that Mattes “defrauded investors by providing them with materially misstated financial statements that purported to show that Jumio had earned significantly more revenue and profits than it actually did.”


The complaint alleges that Mattes sought to sell some of his personal holdings in Jumio stock on the secondary market in privately negotiated transactions. The complaint alleges that in order to facilitate these sales, Mattes provided investors with financial statements that, among other things, “overstated Jumio’s revenue by more than ten times through the inclusion of revenue that Jumio did not earn as well as revenue from a round-trip transaction that had no economic substance.” Mattes also allegedly made a number of misleading statements to investors, for example that he was not selling his shares because “there was lots of great stuff coming up” for Jumio and “he’d be stupid to sell at this point.”


The complaint also alleges that Mattes hid the stock sales from Jumio’s board of directors and made false statements to Jumio’s lawyers, who signed off on the sales. In making the sales, Mattes made personal profits of $14 million. Jumio restated its financial statements in 2015. In 2016, Jumio filed for bankruptcy and the investors who purchased the shares from Mattes lost their entire investment.


Without admitting or denying the allegations, Mattes agreed to be enjoined from future similar violations and barred from being an officer or director of a publicly traded company in the U.S., and will pay more than $16 million in disgorgement and prejudgment interest plus a $640,000 penalty.


The SEC also filed a separate proceeding against Jumio’s former CFO Chad Starkey for “failing to exercise reasonable care concerning Jumio’s financial statements” and signing stock transfer agreements that falsely implied that Jumio’s board had approved Mattes’ sales. Starkey entered a cooperation agreement with the SEC and also to pay approximately $420,000 in disgorgement (from Starkey’s own stock sales) and prejudgment interest.



The SEC’s actions against the two former Jumio executives serves as yet another reminder that the SEC will pursue company executives for securities law violations, even if the executives work for a private company. Indeed, in its press release announcing the negotiated resolution of the Jumio enforcement actions, the SEC included a statement from the regional director of the SEC’s San Francisco office as saying “Company executives must provide investors with accurate information irrespective of whether their companies are publicly or privately traded.”


In an April 11, 2019 memo about the SEC’s enforcement actions against the Jumio executives, the Proskauer law firm noted that the actions are “a reminder that privately negotiated securities transactions and private, VC-funded companies are not exempt from regulatory scrutiny.”


The SEC’s latest actions against the Jumio executives and its earlier enforcement actions involving other private companies clearly have important risk management implications for private companies. It is critically important that private companies and their executives recognize that they face potential liability exposure under the federal securities laws for alleged misrepresentations to prospective investors and others.


As I have emphasized before in commenting on SEC actions involving private companies, the potential federal securities law liability exposures for private company executives has important D&O insurance implications, as well. However these implications may not always be taken into account. The D&O community tends to divide the world between public and private companies and to proceed on the assumption that potential liability under the federal securities laws is strictly a concern for public companies. As this case highlights, this division between public and private companies when it comes to liabilities under the federal securities laws is not nearly as strict as the common presumption typically assumes.


A private company executive caught up in an SEC enforcement proceeding clearly would want to look to their company’s D&O insurance to provide their defense. However, whether or not the private company’s D&O insurance policy would respond will depend significantly on the policy’s actual wording, including, among other things, the wording of the policy’s securities exclusion. This exclusion is intended to preclude coverage under the private company policy for liabilities incurred in connection with taking the company public – the insurer did not undertake to insure a public company and so excludes public company liabilities under the policy.


The wordings of these exclusions vary widely, and in some versions the exclusion is written sufficiently broadly that the insurer might seek to rely on the exclusion to preclude coverage for the kinds of actions that were brought here against private company executives. Ideally, the exclusion would not even go into effect unless the insured company has completed a public offering; however, not all exclusions are so limited.


The bottom line is that it is important in connection with the placement even of private company D&O insurance for the possibility of an SEC enforcement action against the company or its executives is taken into account. In particular, it will be important for private company executives worried about the availability of policy coverage in the event of an SEC enforcement action to review their policy with their insurance advisor to ensure that the policy’s securities exclusion would not preclude coverage in the event of an SEC proceeding.


Tribute to a Friend: