The reach and scope of the federal securities laws is a concern most obviously relevant to publicly traded companies. However, as I have emphasized previously, private companies are not immune from scrutiny under the federal securities laws. The SEC has in fact an extensive history of pursuing enforcement actions against private companies for alleged federal securities laws violations; one needs to go back no further than the high-profile enforcement action brought against the supposed blood testing company Theranos for an example of this phenomenon in action.

A recent memo from Wiley law firm underscores these points about the exposures of private companies; as the memo’s authors put it, “private entities should be aware that an aggressive SEC can investigate and penalize them (and their executives), even if they are not directly involved in issuing securities.” The law firm’s September 23, 2023, memo, entitled “Think Because You Are a Private Company the SEC Is Not Your Problem? Think Again,” can be found here.

The Monolith Resources Enforcement Action

The law firm memo’s focus is a recent settled administrative enforcement action the SEC brought against Monolith Resources, LLC, a privately held company based in Nebraska. The action pertained to the provision in the Dodd-Frank whistleblower rules that, in order to encourage whistleblower reporting, makes it illegal for companies to put up “roadblocks” preventing or discouraging individuals from reporting possible securities law violations to the SEC. (The specific rule in question, SEC Rule 21F-17(a), can be found here.)

In its standard employee separation agreement, Monolith had included language stating, with respect to the employee’s participation in a whistleblower proceeding, that “You retain the right to participate in any such action, but not the right to recover money damages or other individual legal or equitable relief awarded by any such governmental agency.” The SEC charged that this provision in the separation agreement “raised impediments to participating in the Commission’s whistleblower program by having the employees forego the critically important financial incentives that are intended to encourage persons to communicate directly with the Commission’s staff about possible securities law violations.”

Even though, as the agency found, separation agreements with this language has only been used in relation to a small number of departing Monolith employees and no Monolith employee was prevented from contacting the SEC as a result of this language, the SEC fined Monolith $225, 000.

In their memo about the Monolith SEC administrative action, the memo’s authors draw two sets of conclusions, one with respect to the specific issue of the language companies use in separation agreements, and the other with respect to the larger issue of the susceptibility of private companies to SEC enforcement actions. 

With respect to the separation agreement language, the law firm memo noted that “public and private entities alike should proactively review their employment and separation agreements to help ensure the SEC does not interpret any reporting or disclosure provisions as impermissibly restrictive.”

With respect to the more general point about the scope of the SEC’s authority, the memo says that the Monolith Resources enforcement action is “a reminder to privately held entities that SEC scrutiny is not limited to publicly traded companies.” The SEC, the memo notes, “believes its investigative authority extends to virtually anything and anyone.” The memo makes one further observation that is particularly worth noting; that is, the SEC exercised its authority against Monolith Resources even though a securities transaction was not involved. As the memo’s authors note, the Monolith case “demonstrates that the SEC does not limit its enforcement activities to private entities directly engaged in purchasing or selling securities.”

The memo makes one further point private companies’ potential exposure to securities enforcement action in the context of the SEC’s pending climate change disclosure guidelines, which are likely to be released sometime this fall. As the memo notes, public companies will be making climate change-related disclosures — for example, with respect to the companies’ greenhouse gas emissions (GHG) – and will necessarily rely on disclosures from privately held partners up and down the supply chain. If privately held suppliers provide data that public companies incorporate into the climate change-related disclosures, “the accuracy of that information could place private companies squarely in the sights of a very aggressive SEC Enforcement Division looking to bring ESG-related data cases.”


The law firm’s memo is a good reminder that the federal securities laws may apply to privately held firms. The memo also makes the important point that the federal securities laws can apply to privately held firm even outside the context of the purchase or sale of company securities.

There has long been a belief amongst D&O insurance professionals that there is a sharp distinction between privately held and publicly traded companies for purposes of the federal securities laws. Under this view the liability exposures between the two kinds of companies were perceived to be distinct, with the risk of federal securities law liability exposures limited to publicly traded companies. The D&O insurance marketplace is built around a basic premise that private and public companies are fundamentally different. The D&O insurance for these two categories of companies are written in entirely different forms, in part based on the assumption that public companies have potential liability exposures under the securities laws, while private companies generally do not. As the law firm’s memo points out, the Monolith Resources enforcement action is a reminder that, as the memo puts it, “SEC scrutiny is not limited to publicly traded companies.” As the memo also notes, it will be important to keep this consideration mind when the SEC does finally get around to releasing its final climate change-related disclosure guidelines.

As long as we are on the topic of things that we need to keep in mind about potential private company exposures, it is probably worth inserting a reminder here that in fact private companies can also get hit with shareholder class action lawsuits and shareholder derivative lawsuits, as I noted in a January 2020 post (here) about the securities class action and shareholder derivative lawsuit filed against the e-cigarette company Juul and certain of its directors and officers. As I noted in my discussion of the Juul lawsuit, “the fact is that this lawsuit is a reminder that there is nothing that says that a company can’t be hit with a shareholder class action lawsuit just because it is a private company.”

Indeed, Theranos was also hit with investor litigation (as discussed here). WeWork, when a private company, was also hit with a shareholder class action, as discussed here, as was Uber when it was a private company (discussed here). To be sure, these three companies were all high-profile companies with huge valuations, which arguably makes them unrepresentative of the vast run of private companies. Nevertheless, the point stands that there is nothing inherent about private companies that immunizes them from investor lawsuits.

Special thanks to a loyal reader for sending along a link to the law firm’s memo.